[captionpix imgsrc=”https://pvnn.org/wp-content/uploads/2015/06/brianencrypt.png” captiontext=”Photo Courtesy of DavidIke.com”]
In late 2014 the two largest smart phone and tablet operating systems and their developers, Apple’s iOS[ref]”A Message from Tim Cook about Apple’s Commitment To your Privacy,” Apple, accessed June 17, 2015. http://www.apple.com/privacy[/ref] and Google’s Android OS[ref]”A Sweet Lollipop, with a Kevlar Wrapping: New Security Features in Android 5.0.,” Official Android Blog, accessed June 17, 2015.[/ref] committed themselves to customer privacy and security. The two companies announced their decision to encrypt the smart phones and tablets sold by default. When a device is encrypted the contents within, such as text messages and photos, can only be read by an individual in possession of a special password or key to decrypt or unlock the device. Essentially, even if law enforcement were to procure a warrant, Apple nor Google would be able to unlock any passcode protected devices. In the same cases, the two companies would not even be able to provide wiretapping between communicating devices. This has placed law enforcement in a position of having to grapple with the clash between privacy and law enforcement.[ref]”As Encryption Spreads, U.S. Grapples with Clash between Privacy, Security,” Washington Post, accessed June 17, 2015, http://www.washingtonpost.com/world/national-security/as-encryption-spreads-us-worries-about-access-to-data-for-investigations/2015/04/10/7c1c7518-d401-11e4-a62f-ee745911a4ff_story.html.[/ref]
Privacy advocates and Apple have stressed the importance of protecting personal privacy. Indeed, it has been argued that enabling backdoor access that circumvents security measures, or requiring Apple and Google to hold onto the keys that unlocks and decrypts sensitive customer data, leaves the device vulnerable for seizure and exploitation by hackers. While at the same time, federal and local law enforcement argue that implementing such strong and defaulted encryption impedes investigations into crimes, allowing criminals to operate in secrecy. There in which lies the vendetta – in light of increasing cyber attacks and hacking from domestic and foreign entities, the level of encryption, within a device, can either protect citizens, or put their data at risk. Even though law enforcement’s desire to intercept and gather private files and communications potentially compromises the privacy and security of innocent Americans, the liberty and security of the many should not be sacrificed.
Apple and Google announced their plans to increase and strengthen customer security within hours of each other. Privacy advocates and journalists suggest that government documents leaked by Edward Snowden were an influence for the change. [ref]”Apple Will No Longer Unlock Most iPhones, iPads for Police, Even with Search Warrants,” Washington Post, accessed June 17, 2015.[/ref] And as Americans grow wary of increasing government surveillance programs, this could be seen as a smart public relations move for the two companies. Many of the privacy benefits promoted by Apple are framed as ways to differentiate themselves from competitors, who are amassing great sums of user data with intentions to sell that information to other companies. Encryption safeguards customers by safely storing credit cards, passwords, and sensitive financial and medical information, without the risk of unauthorized access by domestic or foreign entities. Apple, Google, and Facebook, have also implemented protections that work to prevent individuals or groups from intercepting communications. Text messages, as well as video and voice-calls between the company’s devices, are also locked down. Apple’s iMessage and FaceTime, Google’s Android messaging service, as well as Facebook’s Whatsapp, are fully encrypted, end-to-end, making it impossible to be intercepted.[ref]”Apple and Others Encrypt Phones, Fueling Government Standoff,” Wall Street Journal, accessed June 17, 2015, http://www.wsj.com/articles/apple-and-others-encrypt-phones-fueling-government-standoff-1416367801.[/ref] And since none of the companies store the keys to unlock their contents, they themselves cannot be compelled by court orders or warrants to release the information.
While none of the companies explicitly state a desire to prevent wiretapping or warranted search and seizure by law enforcement agencies, that is exactly the effect. By encrypting smartphones behind a customer created passcode, law enforcement agents are also prevented from unlocking the devices. The law also states that individuals are not to be compelled to disclose passwords or pass-codes to law enforcement. [ref]”Cell-Phone Fingerprint Ruling: 5 Things You Should Know,” FindLaw Blotter, accessed June 17, 2015, http://blogs.findlaw.com/blotter/2014/11/cell-phone-fingerprint-ruling-5-things-you-should-know.html.[/ref]
Law enforcement agents see this lock and key as a tool that will “allow people to place themselves beyond the law.”[ref]Nicholas Carlson, “The Director Of The FBI Is Worried Apple And Google Are Making Life Easier For Criminals,” Business Insider, September 25, 2014, accessed June 17, 2015, http://www.businessinsider.com/the-director-of-the-fbi-is-worried-apple-and-google-are-making-life-easier-for-criminals-2014-9[/ref] Chicago’s Chief of Detectives made statements to the Washington Post in light of the news that Apple’s iPhone would become “the phone of choice for the pedophile.”[ref]James Cook, “POLICE: ‘Apple Will Become The Phone Of Choice For The Pedophile,'” Business Insider, September 26, 2014, accessed June 17, 2015, http://www.businessinsider.com/police-apple-will-become-the-phone-of-choice-for-the-pedophile-2014-9.[/ref]Police are already equipped with specialized software that can work to crack iPhone and Android device passwords, as well as download and access information like contacts and photos stored in the cloud. That same piece of software was revealed to also have been used by hackers to steal and distribute the personal and private information stored in numerous celebrity iCloud accounts. [ref]”The Police Tool That Pervs Use to Steal Nude Pics From Apple’s ICloud,” Wired.com, accessed June 17, 2015, http://www.wired.com/2014/09/eppb-icloud[/ref]While the point of weakness in the celebrity hack was found to be in easily guessed security questions, the fact that forensic software intended for governmental use found public distribution.
During a roundtable with reporters, director of the FBI James Comey expressed his care for privacy, but pleaded that “we should also care passionately about protecting innocent people.” But what Comey fails to realize is that in the wake of events where up to 200,000 individuals’ tax records being lifted from the Internal Revenue Service’s systems,[ref]Sean Gallagher, “IRS System Mined for over 100,000 Taxpayer Records by Fraudsters [Updated],” accessed June 17, 2015.[/ref] or the hacking and seizing of millions of government personnel and security clearance information[ref]“Chinese Hack Compromised Security-clearance Database,” Washington Post, accessed June 17, 2015, http://www.washingtonpost.com/world/national-security/chinese-hack-of-government-network-compromises-security-clearance-files/2015/06/12/9f91f146-1135-11e5-9726-49d6fa26a8c6_story.html[/ref] – the answer isn’t less security; it’s more encryption. In a form of damage control, the U.S. government hired credit monitors and investing millions of dollars to protect those affected from identity theft. Something like this could be potentially avoided with stronger encryption and ensuring no backdoors exist. To lobbying for tech companies to build backdoor access to customer data is to lobby for insecurity and exploitation. The wrongs of a few should not impede the security and privacy of the many.
Take Action:
Check out the Electronic Privacy Information Center (EPIC) which provides an exhausted resource for various advocates for consumer privacy.
The Electronic Frontier Foundation also contains petitions and resources for contacting your local representatives to encourage them to champion consumer privacy through secure encryption.
