FBI Director James Comey says Apple and Google go “too far” with default encryption

FBI Director James Comey says Apple and Google go "too far" with default encryption

Android L to be encrypted by default

US law enforcement’s top officials are not happy about Apple and Google updating their mobile devices to have encryption turned on by default.

FBI Director James Comey reproached the two companies in a speech before the Brookings Institution in Washington, D.C. on Thursday, 16 October.

Earlier this month, US Attorney General Eric Holder said that it’s “worrisome” for Google and Apple to “thwart” law enforcement’s ability to pursue investigations.

Encryption is enabled by default with a passcode on Apple’s iOS 8, which was released in September ahead of the iPhone 6, and Google’s next-generation Android 5.0, called Lollipop.

By storing the encryption keys on the device, no one without the passcode – not hackers, not law enforcement, not even Google or Apple – can break the encryption.

Comey said law enforcement is “struggling to keep up” with criminals who use the technology.

Citing several cases in which suspects were successfully prosecuted due to accessing data such as text messages and GPS on smartphones, Comey warned that we could be headed to a “dark place” without access to that information.

... [W]e're seeing more and more cases where we believe significant evidence is on that phone or a laptop, but we can't crack the password.

If this becomes the norm, I would suggest to you that homicide cases could be stalled, suspects could walk free, and child exploitation might not be discovered or prosecuted. Justice may be denied, because of a locked phone or an encrypted hard drive.

Apple and Google score privacy points

Backdoors and forensics software can get access to data on pre-iOS 8 iPhones, for example by exploiting trusted pairing between a computer and an iPhone.

But the newer encrypted devices are impossible to decrypt, and it’s not practical to “brute force” entry by breaking passcodes.

However, data on those devices can still be accessed from synced iCloud accounts and law enforcement can obtain metadata from the cellular providers.

Locking down your iCloud with 2SV (two-step verification) and a complex passcode and data encryption on your device can keep the FBI – and anyone else – from getting in.

Apple and Google have good reason to want to put extra protections for data privacy into their products.

The theft of private photos from celebrities’ iCloud accounts damaged Apple’s brand around security and privacy concerns in light of the scandal, and Apple CEO Tim Cook offered personal assurances that the company values user privacy.

Consumer backlash against Facebook and Google over data mining for the purpose of targeting ads at their users has led to class action lawsuits and the emergence of privacy-focused alternatives – such as the social network Ello and the search engine DuckDuckGo.

It’s not just consumers who are worried about data security: businesses are rightly concerned about it too.

Businesses in the healthcare, financial, retail and other regulated industries that store sensitive customer data are under an obligation – a legal one – to protect that data no matter where it is stored, including on employee mobile devices.

Comey says he wants “people to understand that law enforcement needs to be able to access communications and information to bring people to justice.”

According to Comey, the mistrust of government in response to the NSA leaks by Edward Snowden “has gone too far.”

We should ask, does the FBI have a legal right to backdoor access to our data?

Encryption doesn’t just stop the cops from getting our data – it stops crooks from grabbing it too.

Image of phone hacking courtesy of Shutterstock.