October 9, 2014

Your iPhone Is Now Encrypted. The FBI Says It'll Help Kidnappers. Who Do You Believe?

Much of the world has been enthralled by the new iPhone 6, but civil liberties advocates have been cheering, too: Along with iOS 8, Apple made some landmark privacy improvements to your devices, which Google matched with its Android platform only hours later. Your smartphone will soon be encrypted by default, and Apple or Google claim they will not be able open it for anyone – law enforcement, the FBI and possibly the NSA – even if they wanted to.

Predictably, the US government and police officials are in the midst of a misleading PR offensive to try to scare Americans into believing encrypted cellphones are somehow a bad thing, rather than a huge victory for everyone’s privacy and security in a post-Snowden era. Leading the charge is FBI director James Comey, who spoke to reporters late last week about the supposed “dangers” of giving iPhone and Android users more control over their phones. But as usual, it’s sometimes difficult to find the truth inside government statements unless you parse their language extremely carefully. So let’s look at Comey’s statements, line-by-line.
Comey began:
I am a huge believer in the rule of law, but I also believe that no one in this country is beyond the law. … What concerns me about this is companies marketing something expressly to allow people to place themselves beyond the law.
First of all, despite the FBI director’s implication, what Apple and Google have done is perfectly legal, and they are under no obligation under the “the rule of law” to decrypt users’ data if the company itself cannot access your stuff. From 47 U.S. Code § 1002 (emphasis mine):
A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.
Comey continued:
I like and believe very much that we should have to obtain a warrant from an independent judge to be able to take the content of anyone’s closet or their smart phone.
That’s funny, because literally four months ago, the United States government was saying the exact opposite before the US supreme court, arguing that, in fact, the feds shouldn’t need to get a warrant to get inside anyone’s smartphone after you’re arrested. In its landmark June ruling in the case, Riley v California, the court disagreed. So it’s great to see that Jim Comey, too, has come around to the common sense conclusion that cops need a warrant to search your cellphone data, but it would’ve been nice for him to express those sentiments when they actually mattered.
On Thursday, Comey went on to argue:
The notion that someone would market a closet that could never be opened – even if it involves a case involving a child kidnapper and a court order – to me does not make any sense.
This idea – that the police won’t be able to get a hold of anyone’s cellphone data and will soon be facing some unstoppable crimewave of body-snatching proportions – borders on absurd. As the Intercept’s Micah Lee has documented, the feds still have myriad ways to access everyone’s data. They can still get a warrant for iPhone users iCloud accounts, which hundreds of millions of people use to back up their phones and was central to a celebrity hacking scandal that’s been in the headlines for weeks. The feds can still go to the phone carriers to track anyone’s location 24/7, get all the metadata they want from text messages, and wiretap your phone calls. And even if none of these techniques work, depending on the strength of the person’s password, the cops may be able to crack a phone’s encryption passcode within minutes.
Comey concluded:
I get that the post-Snowden world has started an understandable pendulum swing. … What I’m worried about is, this is an indication to us as a country and as a people that, boy, maybe that pendulum swung too far.
This might be a good time to point out that Congress has not changed surveillance law at all in the the nearly 16 months since Edward Snowden’s disclosures began, mostly because of the vociferous opposition from intelligence agencies and cops. The pendulum is still permanently lodged squarely on law enforcement’s side. If it has swung at all, it’s because of the aforementioned ruling by the supreme court of the United States, along with tech companies implementing more privacy protections unilaterally because US tech companies are losing billions of dollars because of the government’s spying scandals. If the government is upset about that, they only have themselves to blame for the NSA’s “collect it all” approach, which was conducted for years, completely in secret, without any input from law-abiding American citizens.

By the way, if Comey really believes that such a swing is “understandable”, maybe he can direct his agency to release information on the Stingray mass surveillance devices the FBI and local cops have been using to vacuum up cellphone data on entire neighborhoods, while hiding it from journalists, the public and sometimes even judges.
These privacy upgrades from Apple and Google were implemented not to keep cops from accessing the data of criminals, but to better protect everyone’s security. It’s widely known in the security community that a backdoor for the good guys inevitably gives the bad guys an easier way in. (Don’t forget, even Google’s “lawful intercept” data was hacked and stolen by China not too long ago.)

Given the government’s obsession with passing cybersecurity legislation, you would think they’d be happy that Apple and Google are making it harder for foreign governments and criminals to break into people’s phones or company servers to steal your data. But you’d be forgetting that the head of the FBI and his fellow fear-mongerers are still much more concerned with making sure they retain control over your privacy, rather than protecting everyone’s cybersecurity.

0 comments:

Post a Comment