Law Enforcement Freaks Out Over Apple & Google's Decision To Encrypt Phone Info By Defaultby Mike MasnickTechdirt Sep. 24, 2014 |
America Last: House Bill Provides $26B for Israel, $61B for Ukraine and Zero to Secure U.S. Border
Bari Weiss' Free Speech Martyr Uri Berliner Wants FBI and Police to Spy on Pro-Palestine Activists
Report: Blinken Sitting On Staff Recommendations to Sanction Israeli Military Units Linked to Killings or Rapes
Telegram Founder Changed Mind on Setting Up Shop in San Francisco After Being Robbed Leaving Twitter HQ
MSNBC's Joy Reid Celebrates Prosecution of Trump as Racial Revenge Against Whitey
Last week, we noted that it was good news to see both Apple and Google highlight plans to encrypt certain phone information by default on new versions of their mobile operating systems, making that information no longer obtainable by those companies and, by extension, governments and law enforcement showing up with warrants and court orders. Having giant tech companies competing on how well they protect your privacy? That's new... and awesome. Except, of course, if you're law enforcement. In those cases, these announcements are apparently cause for a general freakout about how we're all going to die. From the Wall Street Journal: One Justice Department official said that if the new systems work as advertised, they will make it harder, if not impossible, to solve some cases. Another said the companies have promised customers "the equivalent of a house that can't be searched, or a car trunk that could never be opened.''That Hosko guy apparently gets around. Here he is freaking out in the Washington Post as well: Ronald T. Hosko, the former head of the FBI's criminal investigative division, called the move by Apple "problematic," saying it will contribute to the steady decrease of law enforcement's ability to collect key evidence -- to solve crimes and prevent them. The agency long has publicly worried about the "going dark" problem, in which the rising use of encryption across a range of services has undermined government's ability to conduct surveillance, even when it is legally authorized.Think of the children! And the children killed by terrorists! And just be afraid! Of course, this is the usual refrain any time there's more privacy added to products, or when laws are changed to better protect privacy. And it's almost always bogus. I'm reminded of all the fretting and worries by law enforcement types about how "free WiFi" and Tor would mean that criminals could get away with all sorts of stuff. Except, as we've seen, good old fashioned police/detective work can still let them track down criminals. The information on the phone is not the only evidence, and criminals almost always leave other trails of information. No one has any proactive obligation to make life easier for law enforcement. Orin Kerr, who regularly writes on privacy, technology and "cybercrime" issues, announced that he was troubled by this move, though he later downgraded his concerns to "more information needed." His initial argument was that since the only thing these moves appeared to do was keep out law enforcement, he couldn't see how it was helpful: If I understand how it works, the only time the new design matters is when the government has a search warrant, signed by a judge, based on a finding of probable cause. Under the old operating system, Apple could execute a lawful warrant and give law enforcement the data on the phone. Under the new operating system, that warrant is a nullity. It's just a nice piece of paper with a judge's signature. Because Apple demands a warrant to decrypt a phone when it is capable of doing so, the only time Apple's inability to do that makes a difference is when the government has a valid warrant. The policy switch doesn't stop hackers, trespassers, or rogue agents. It only stops lawful investigations with lawful warrants.His "downgraded" concern comes after many people pointed out that by leaving backdoors in its technology, Apple (and others) are also leaving open security vulnerabilities for others to exploit. He says he was under the impression that the backdoors required physical access to the phones in question, but if there were remote capabilities, perhaps Apple's move is more reasonable. Perhaps the best response (which covers everything I was going to say before I spotted this) comes from Mark Draughn, who details "the dangerous thinking" by those like Kerr who are concerned about this. He covers the issue above about how any vulnerability left by Apple or Google is a vulnerability open to being exploited, but then makes a further (and more important) point: this isn't about them, it's about us and protecting our privacy: You know what? I don't give a damn what Apple thinks. Or their general counsel. The data stored on my phone isn't encrypted because Apple wants it encrypted. It's encrypted because I want it encrypted. I chose this phone, and I chose to use an operating system that encrypts my data. The reason Apple can't decrypt my data is because I installed an operating system that doesn't allow them to.Furthermore, he notes that nothing Apple and Google are doing now on phones is any different than tons of software for desktop/laptop computers: In short, he points out, the choice of encrypting our data is ours to make. Apple or Google offering us yet another set of tools to do that sort of encryption is them offering a service that many users value. And shouldn't that be the primary reason why they're doing stuff, rather than benefiting the desires of FUD-spewing law enforcement folks? |