Spy-Proofing Your Mobile Devices
James Comey is terribly concerned that he won’t be able to get Apple or Google to crack your phone’s password for him. The FBI Director is calling upon Congress for a “regulatory or legislative fix” that will preserve law enforcement’s ability to coerce the cooperation of tech companies in searching your computers, phones, and other personal effects.
Why Does the FBI Want the Keys to Your Phone?
First Apple, and now Google have taken some bold steps to keep government from snooping into your mobile devices. With the release of iOS 8 and Android 5.0 (Lollipop), encryption is enabled by default during the device activation process. A user must choose a password, which is known only to the user and stored only on the device. Because they will not have that password, neither the device maker nor the service provider can unlock data stored on the device -- even if they are served with a search warrant.
Perhaps you thought this was always the case, but alas, no. For those with Android smartphones or tablets, encryption has been available since the Android 3.0 (Honeycomb) release in 2011, but it wasn't turned on automatically. You had the option to encrypt your device, or leave the information stored there unencrypted. The difference with Android 5.0 is that encryption is enabled right out of the box.
For Apple users, it's a bit more complicated. Until the recent release of iOS 8, Apple maintained a back door in its operating system that allowed it to fulfill law enforcement “requests” for access to data on your device, even if it was encrypted. If your iPhone or iPad was seized, the cops did not have to spend time and money breaking its password. They would just get a court order and ship it to Apple along with your phone.
Requests from law enforcement for such assistance have been skyrocketing in recent years. It’s small wonder that tech makers are fed up and eager to get out of the search-and-seizure game. But FBI DIrector Comey doesn’t want to let them go because they are often the only hope of getting incriminating evidence.
Police need a valid search warrant to search and seize your personal effects, according to the Fourth Amendment to the U.S. Constitution. If the effects they seek are in a locked room, they may bring in a locksmith to open it but they cannot force you to produce the key, according to the Fifth Amendment. Apple and Google are getting out of the locksmith business.
Cry Me a River
That will leave law enforcement virtually powerless to solve crimes, according to Comey. He told Congress that unless tech companies are legally required to serve as government locksmiths, “homicide cases could be stalled, suspects could walk free, and child exploitation victims might not be identified or recovered.” “Justice may be denied because of a locked phone or an encrypted hard drive,” he said. But that’s not all Comey and all of law enforcement are concerned about.
T-mobile recently began upgrading the encryption of voice and data traffic carried by its legacy GSM network, making mass surveillance much harder because the equipment used to cast wide nets cannot decrypt what it spies. (Targeted surveillance of a specific phone number’s activity is done with different gear called an “IMSI catcher.”) AT&T has announced plans to make similar upgrades to its GSM network.
Note that T-mobile and AT&T are talking about their GSM networks – legacy 2G technology. Modern 3G and 4G networks already have enhanced encryption. Verizon and Sprint do not use GSM.
So, the doors are closing on government snoops. Their unwilling locksmiths are melting down their tools. It's hard for me to believe that Mr. Comey fails to see the irony here. If not for the government's own disregard for the law and personal privacy, none of this would be happening. Thanks to Edward Snowden, we know that the NSA and other government agencies have adopted an "everyone is a suspect" attitude, implementing draconian dragnet surveillance that spies on and collects data about everyone, whether or not they are suspected of a crime.
Warrants? They don't need no stinkin' warrants. The Feds just go to some secret court and get a blanket warrant that gives them permission to spy on EVERYONE. Or they just go ahead and do it without a warrant. And we're supposed to trust that they'll never use our phone records, emails, text messages, web browsing history and address books against us. That they'll never share any of that with the IRS, HHS, or any other agency with an axe to grind.
As the newly elected Congress convenes in 2015, we can expect several bills to be introduced that will seek to keep Apple, Google, T-mobile, et. al., at the mercy of law enforcement. Tech companies, cognizant of public relations as well as profits, will fight against such legislation vigorously. My fear is they’ll “compromise” on something that leaves the door open for government snooping just a tiny crack… you know, in case a child is in danger, or a terrorist is suspected, or some creep at the NSA wants to spy on his girlfriend.
I like the way the security expert Bruce Schneier refutes the "logic" of this compromise mentality: "You can't build a 'back door' that only the good guys can walk through. Encryption protects against cybercriminals, industrial competitors, the Chinese secret police and the FBI. You're either vulnerable to eavesdropping by any of them, or you're secure from eavesdropping from all of them."
It's clear we can no longer trust the government to keep its nose out of our business. If there is a back door, the temptation for even the "good guys" to burst through it is just too strong. And that's not even taking into account totalitarian governments and Evil Hackers. I encourage you to keep your eyes and ears open, so that when these issues are discussed by lawmakers, you can tell them to keep that door tightly shut.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 18 Nov 2014
|For Fun: Buy Bob a Snickers.|
HOWTO: Email Really Big Files
The Top Twenty
Geekly Update - 19 November 2014
There's more reader feedback... See all 23 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Spy-Proofing Your Mobile Devices (Posted: 18 Nov 2014)
Copyright © 2005 - Bob Rankin - All Rights Reserved