US Attorney General urges tech companies to leave back doors open on gadgets for police

US Attorney General urges tech companies to leave back doors open on gadgets for police

Mobile backdoor. Image courtesy of ShutterstockUS Attorney General Eric H. Holder Jr. on Tuesday urged tech companies not to lock police out of popular consumer gadgets, lest law enforcement’s efforts to nab kidnappers or child predators be stymied.

Holder spoke at a conference on child sexual abuse in Washington.

From his prepared remarks:

It is fully possible to permit law enforcement to do its job while still adequately protecting personal privacy.

When a child is in danger, law enforcement needs to be able to take every legally available step to quickly find and protect the child and to stop those that abuse children.

“It is worrisome,” he said, “to see companies thwarting our ability to do so.”

He didn’t mention Apple or Google by name, but that’s certainly the context, given that both companies in September announced new mobile phone encryption policies that sparked a number of protests from government officials.

With the latest iteration of its mobile operating system, iOS 8, Apple said it was no longer holding encryption keys and wouldn’t be able to turn iPhone or iPad data over to cops anymore.

Likewise, the next generation of Google’s Android operating system, due for release this month, will for the first time encrypt data by default, thus putting up yet another roadblock to stop police from getting at the troves of personal data we all keep on our mobile gadgets.

Normal people who are sick and tired of surveillance were cheered by these moves.

Police were not, and Holder’s not the first one to get vocal about it.

Ronald T. Hosko, former Assistant Director of the FBI Criminal Investigative Division, published an opinion piece in The Washington Post last week about how Apple’s move will hamstring the law.

Hosko said that while Apple’s move didn’t make it any harder to tap or legally intercept calls with a warrant, it does “limit law enforcement’s access to… data, contacts, photos and email stored on the phone itself.”

Well, yes, it does make it harder, but it by no means makes it impossible.

iOS forensics expert Jonathan Zdziarski, who’s actually trained police on how to get data off of iPhones, a few weeks ago put up a post outlining how not-hard it is, given how very not-infallible iOS 8 is to intruders – particularly government-funded ones.

Following Apple’s new privacy policy around iOS 8, Zdziarski’s forensics software showed he was still able to pull from a device running iOS 8 practically all of its third-party application data, including content from Twitter, Facebook, Instagram, web browsers, and more, as well as photos and video.

And he didn’t rely on magic pixie dust to do it, Zdziarski told Wired:

I can do it. I'm sure the guys in suits in the governments can do it. And I'm sure that there are at least three or four commercial tools that can still do this, too.

All that’s needed, he said, is a powered-on phone and access to a computer previously used to move data onto and off of it.

But it’s not just encryption that’s frustrating policing efforts, Holder said:

Recent technological advances have the potential to greatly embolden online criminals, providing new methods for abusers to avoid detection.

In some cases, perpetrators are using cloud storage to cheaply and easily store tens of thousands of images and videos outside of any home or business – and to access those files from anywhere in the world.

Many take advantage of encryption and anonymizing technology to conceal contraband materials and disguise their locations.

The Feds have long wanted to peel those anonymizing technologies apart.

Most recently, the Justice Department has proposed a power grab that would make it easier for domestic law enforcement to break into computers of people trying to protect their anonymity via Tor or other anonymizing technologies.

Holder called on companies “to work with us to ensure that law enforcement retains the ability, with court-authorization, to lawfully obtain information in the course of an investigation, such as catching kidnappers and sexual predators.”

But since when have companies not, by and large, worked with the law when they come bearing warrants?

None of the encryption efforts put forward by Google or Apple will stop a warrant.

So, Mr. Holder, what, exactly, is the problem?

Image of mobile backdoor courtesy of Shutterstock.