US law enforcement’s top officials are not happy about Apple and Google updating their mobile devices to have encryption turned on by default.
FBI Director James Comey reproached the two companies in a speech before the Brookings Institution in Washington, D.C. on Thursday, 16 October.
Earlier this month, US Attorney General Eric Holder said that it’s “worrisome” for Google and Apple to “thwart” law enforcement’s ability to pursue investigations.
Encryption is enabled by default with a passcode on Apple’s iOS 8, which was released in September ahead of the iPhone 6, and Google’s next-generation Android 5.0, called Lollipop.
By storing the encryption keys on the device, no one without the passcode – not hackers, not law enforcement, not even Google or Apple – can break the encryption.
Comey said law enforcement is “struggling to keep up” with criminals who use the technology.
Citing several cases in which suspects were successfully prosecuted due to accessing data such as text messages and GPS on smartphones, Comey warned that we could be headed to a “dark place” without access to that information.
... [W]e're seeing more and more cases where we believe significant evidence is on that phone or a laptop, but we can't crack the password.
If this becomes the norm, I would suggest to you that homicide cases could be stalled, suspects could walk free, and child exploitation might not be discovered or prosecuted. Justice may be denied, because of a locked phone or an encrypted hard drive.
Apple and Google score privacy points
Backdoors and forensics software can get access to data on pre-iOS 8 iPhones, for example by exploiting trusted pairing between a computer and an iPhone.
But the newer encrypted devices are impossible to decrypt, and it’s not practical to “brute force” entry by breaking passcodes.
However, data on those devices can still be accessed from synced iCloud accounts and law enforcement can obtain metadata from the cellular providers.
Locking down your iCloud with 2SV (two-step verification) and a complex passcode and data encryption on your device can keep the FBI – and anyone else – from getting in.
Apple and Google have good reason to want to put extra protections for data privacy into their products.
The theft of private photos from celebrities’ iCloud accounts damaged Apple’s brand around security and privacy concerns in light of the scandal, and Apple CEO Tim Cook offered personal assurances that the company values user privacy.
Consumer backlash against Facebook and Google over data mining for the purpose of targeting ads at their users has led to class action lawsuits and the emergence of privacy-focused alternatives – such as the social network Ello and the search engine DuckDuckGo.
It’s not just consumers who are worried about data security: businesses are rightly concerned about it too.
Businesses in the healthcare, financial, retail and other regulated industries that store sensitive customer data are under an obligation – a legal one – to protect that data no matter where it is stored, including on employee mobile devices.
Comey says he wants “people to understand that law enforcement needs to be able to access communications and information to bring people to justice.”
According to Comey, the mistrust of government in response to the NSA leaks by Edward Snowden “has gone too far.”
We should ask, does the FBI have a legal right to backdoor access to our data?
Encryption doesn’t just stop the cops from getting our data – it stops crooks from grabbing it too.
Image of phone hacking courtesy of Shutterstock.
19 comments on “FBI Director James Comey says Apple and Google go “too far” with default encryption”
This is just a case where the government wants to be able to have unfettered capability to spy on everyone. If they needed access, they could get a warrant plain and simple. The problem with the government, and law enforcement is, they don’t always want to go through “lawful” channels to get access.
No, they can’t. That’s the point: The devices cannot be looked into without the passcode. All a warrant does is demand that the person unlock it. Failing to abide by the warrant’s request is grounds for contempt of court or obstructing justice charges, but the law still can’t get at the data.
Demand to unlock it? “Sorry, I hit my head and now I can’t remember the passcode.” (Hillary Clinton used a similar excuse at a Congressional hearing). You can’t get contempt of court for forgetting your passcode.
Impossible to prove that if you are intentionally forgetting it or not.
Looks like police and the FBI will just have to revert to good ole fashion detective work and not get a free pass into every person’s private life.
Yeah, but criminals are usually the brightest minds on the planet. It’s frequently easy to prove they DO still know the password from data subpoenaed from the carrier.
But, you make a good point. “Forgetting” ones password often works as a defense even if you still remember it. But, you have to be pretty smart about it, AND not have left any tracks since you “forgot”.
“You can’t get contempt of court for forgetting your passcode.”
You’re going to want to Google that, because it’s the opposite of the growing precedent.
Unless the DOJ starts losing consistently at Appellate courts, it’s not even going to be contentious enough to appeal to the Supreme Court. It’s all but a closed matter in the UK, and both of those will ripple out to other common law states. You might be able to get away with that defense in some parts of the EU, but I rather doubt it.
Often the owner is dead and that hampers their ability to solve their own murder.
Can’t wait to get Lollipop simply to thumb my nose at those who Snoopers on ordinary folk.
You dont think the Google owned Android system will be snooping on you?
Class. I have a question. What company is the leader in snooping and collection of peoples private information. Google? Yes!!! Good job class!
Now. Who want a lesson in ‘A False Sense of Privacy “?
I don’t agree people are entitled to their privacy, Google and Apple should make it even harder.
Geez, even if the mistrust has gone too far, whose fault is that? Months after the Snowden revelations they still forbade companies to even publish the numbers of enquiries. And now they expect us to trust them?
Grow up, Comey. You have your friends at NSA to blame for this situation, not the companies who simply try to stay in business.
“…does the FBI have a legal right to backdoor access to our data?”
Sure — with a proper warrant. Otherwise, they can p1$$ off. The “Big Data Slurp” that the NSA has done/is doing has poisoned the well of public acceptance.
When the communications bill came up granting the Tellco’s retroactive immunity, I wrote all my representatives asking them to not grant it. They did anyway. My in-laws live in Japan, so I assume my phone’s been tapped as both spouse and myself make international calls often. Since all my reps voted in favor, I favor encryption.
Tech companies like Google and Apple may want to consider the legal ramifications of what they’re doing. It’s true that there is no criminal statute (at present) forcing them to be able to unlock devices.
However, they definitely could be held liable for civil damages that could occur by locking the devices too solidly. Picture a situation where a gang boss orders a hit while the police have him/her under surveillance. But, they can’t prove it without the data on the phone, and the murder occurs.
Later, they subpoena the records from the phone companies, and discover the data, and realize they could have prevented the murder if they had had access to the data.
The company (or person, if it were jail-broken) that prevented access by encrypting the device “too well” would get trashed in civil court in such a situation. Wrongful death suits generally don’t have upper limits on punitive damage, so a jury could decide to “send a message” with a very large $ figure.
Do we have the right to protect ourselves from criminals and those who wish us harm? Yes. Do some of the protections people take against criminals end up making it harder for the police to legitimately do their job? Yes. Does the prosecution of criminals take precedence over preventing crime in the first place? No.
Comey is asking us to allow rampant criminal behavior to continue in the name of fighting crime. That’s absurd. Yes, some seriously bad people may take longer to catch and that’s too bad. But worse harm will be done to society as a whole by allowing rampant petty crime to flourish. Comey may as well ask us to please not lock our doors because the police find it inconvenient.
And none of these agencies will address who’s watching them; who’s making sure they aren’t abusing all these powers they’ve been given. What right to that information are the accused being given to prove their innocence. Let us not allow Kafka’s “The Trial” to be our law enforcements manual.
If every law enforcement officer could be trusted blindly to only do his or her job he’d have a point. Unfortunately we don’t live in such a society.
Burn me once, shame on you. Burn me twice, shame on me.
“According to Comey, the mistrust of government in response to the NSA leaks by Edward Snowden “has gone too far.”” is a laughable statement. I’m all for making life harder for any criminal organization including the “government”.
First, I just want to state that this is not limited to only Apple or Google. They aren’t REFUSING to decrypt the devices; there is no ability to decrypt them as is the case of anything using a Private Key & Public Key encryption method. Without the Private Key you cannot decrypt the encrypted data.
Second, in response to the rhetorical question of whether government agencies should or should not have access to be able to bypass device security, I say the better question is even if they were given access, how would anyone know that they were only using it for criminal prosecution or for truly legal matters and not just for “spying” purposes?
I programmed for a large bank in the early 1990’s and we were told that we couldn’t use certain encryption algorithms because they could not ‘decrypt’ them in a reasonable period. I don’t know how the legal aspect of this was, but we ended up with less than desirable encryption methods.
Also, being retire Law Enforcement, I often question how many people must suffer intrusion into their private affairs to catch maybe less than a partial percent of criminal(s)? Now that we have powerful computers on our phones, it’s a personal computer and security needs to be good or people you don’t want (besides government) will have access to it.
Law enforcement has had many things in the past stop them from their job, as an overstep of authority on the public. They will see more as technology gets better. Even though a court order cannot produce what they want they may have to live with out it and find other ways to prove what they want.
They need to realize now that their access to electronic devices will be wrestled out of their grips and they need to use investigative methods that will allow the information they need via other approaches. With open sourced OS’s being around, they may be changed to make it impossible for access via any approach and may not even have a chance to look at the source code. They cannot rely on this type of information.
Add to this they typically will not tell us what kind of numbers they have to investigate to get any kind of useful information. Whey they read billions of texts to maybe not get one, that’s too many. They need to stop now.
Also, there has never been, that I know of, a situation where they have stopped a murder or other crime because of an investigation. Our legal system works on what has been done, not what may happen. That opens lots of can’s of worms!
PLEASE DON NOT BLOCK SOME NETWORKS OR WEBSITES PLEASE
So Google, a corporation whos goal is to capture and store as much personal information about people as possible, is concerned with privacy? That alone makes this story laughable. Unless of course you’re clueless to how much Google actually does. The difference is that with Google, we voluntarily (for the most part), give our information to a private corporation Shame on us
But even more laughable is the idea that companies like Apple and Google dont cooperate and work with government agencies like the FBI and NSA. This story attempts to paint the ones that are collecting and recording almost every aspect of your personal life as the good guys, while at the same time, suggesting that your privacy is an important issue.
Government officials say things like this to make it seem as of your privacy and rights are being protected. And in this case, makes it seem as if the kings of privacy invasion and collection, are the ones fighting to protect you.
There is no fight between the government and companies like these. There is only damage control.
But hey. If you dont want to believe me then go ahead. Give your trust and a front door key to the ones monitoring and recording every aspect of your life.
It’s not like the government is counting on you doing that…. are they?