The law enforcement community has been warning technology companies that encryption in their products could let criminals and terrorists off the hook, with little evidence to support that claim.
As the New York Times reported this week, Apple recently told a US court that it couldn’t comply with a wiretap order to turn over messages sent via Apple’s iMessage system, because they were encrypted.
This wasn’t the first case where government requests for messages sent by suspects in a criminal investigation have been denied due to encryption, the Times reports, citing several current and former law enforcement officials.
Some senior FBI and Department of Justice officials wanted to take Apple to court to force it to comply, according to the Times, but that plan was dropped – perhaps because Apple couldn’t decrypt the messages even if it wanted to.
The iMessage platform uses end-to-end encryption – so called because the messages are encrypted on the sender’s device and are only decrypted when they reach the intended recipient.
Texts and photos sent via iMessage (and videos sent via FaceTime) aren’t decrypted in transit, and can’t be accessed at either end without the user’s passcode.
As Apple says, not even Apple can decrypt the messages:
Apple has no way to decrypt iMessage and FaceTime data when it's in transit between devices. So unlike other companies' messaging services, Apple doesn't scan your communications, and we wouldn't be able to comply with a wiretap order even if we wanted to.
However, according to the Times, Apple did partly comply with the recent US court order and turned over some messages that were backed up to iCloud and stored (unencrypted) on Apple’s servers.
Without the encryption key, or a user’s passcode, law enforcement can’t read encrypted messages – nor is it realistic to break the encryption or brute force passcodes.
This has left agencies like the FBI and NSA in a bind, and they have been pressing companies including Apple and Google to provide law enforcement with backdoor access.
In the UK, Prime Minister David Cameron has proposed banning encrypted messaging apps like iMessage and WhatsApp.
That hasn’t entered the conversation in the US, but the Obama administration has been seeking a technical solution such as a shared master encryption key that would give law enforcement “front door” access to encrypted data.
So far, the technology companies aren’t playing along.
Since the bombshell revelations of NSA spying by leaker Edward Snowden, US companies have taken great pains to prove to consumers that they support strong privacy protections.
Apple CEO Tim Cook, in a letter to consumers upon the release of iOS 8 (which includes encryption by default), pledged that the company has never worked with any government agency to create a backdoor.
Cook’s letter also included the pledge that Apple never allows access to its servers – and “never will” – but that promise appears to have been broken if the Times report about Apple turning over messages stored in iCloud is accurate.
Nonetheless, Apple’s refusal to provide an encryption backdoor to the government has been hailed by pro-privacy group the Electronic Frontier Foundation.
Even US government officials have said that shared encryption keys probably wouldn’t work without introducing vulnerabilities that could be exploited by criminals or other nation states.
Last week, Terrell McSweeny, one of four appointed commissioners at the US Federal Trade Commission, wrote a column for the Huffington Post urging consumers and technology companies to use end-to-end encryption.
At this point, the pro-encryption forces seem to be winning the “crypto wars” – a policy dispute which goes back to the 1990s, when the US government required a weaker form of encryption (“export grade“) for products sold overseas.
It doesn’t look like this war will be ending any time soon.