Are Apple and Google’s New Encryption Measures a Boon for Criminals?

Source: Thinkstock

Source: Thinkstock

Recent moves by Apple and Google to implement better security on smartphones has drawn fierce criticism from several prominent law enforcement officials who claim the changes will hinder their ability to prevent and/or solve serious crimes. Earlier this month, Apple announced that its latest mobile operating system — iOS 8 — will include a new default encryption feature that prevents anyone but the device’s owner from gaining access to the data stored on the device. Not to be outdone, Apple’s announcement was quickly followed by a similar announcement from Google, which promised that its next-generation Android release would also include a default encryption feature. With the increasing amount of private data that is routinely stored on smartphones and the ongoing epidemic of smartphone thefts, Apple and Google’s new encryption measures seem like prudent security steps. However, FBI Director James Comey sees it differently.

“I am a huge believer in the rule of law, but I am also a believer that no one in this country is beyond the law,” said Comey said at FBI headquarters, according to Huffington Post. “What concerns me about this is companies marketing something expressly to allow people to place themselves above the law.” Comey appeared to be referring to statements made by Apple and Google that highlighted the companies’ inability to provide law enforcement with access to a user’s device. In a statement on its website, Apple noted that it “cannot bypass your passcode and therefore cannot access this data. So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.” Google spokesperson Niki Christoff offered a similar explanation of the Android encryption feature to The Washington Post, noting that “keys are not stored off of the device, so they cannot be shared with law enforcement.”

“The notion that someone would market a closet that could never be opened — even if it involves a case involving a child kidnapper and a court order — to me does not make any sense,” said Comey via Huffington Post. “Google is marketing their Android the same way: Buy our phone and law-enforcement, even with legal process, can never get access to it. There will come a day — well it comes every day in this business — when it will matter a great, great deal to the lives of people of all kinds that we be able to with judicial authorization gain access to a kidnapper’s or a terrorist or a criminal’s device. I just want to make sure we have a good conversation in this country before that day comes. I’d hate to have people look at me and say, ‘Well how come you can’t save this kid,’ ‘how come you can’t do this thing.’”

Comey’s statements about hypothetical child kidnappers and terrorists echoed previous concerns expressed by Ronald T. Hosko, the former Assistant Director of the FBI Criminal Investigative Division. In an editorial written for The Washington Post, Hosko claimed that Apple and Google’s new default encryption feature would have prevented him from rescuing the victim of a violent kidnapping. Except that it turned out this wasn’t true. As a recent editor’s note at the bottom of the article now states, “This story incorrectly stated that Apple and Google’s new encryption rules would have hindered law enforcement’s ability to rescue the kidnap victim in Wake Forest, N.C. This is not the case. The piece has been corrected.”

As noted by the Associated Press, the kidnapping victim that Hosko referred to was actually tracked down by lawfully intercepting phone calls and text messages via a traditional method that is still available to law enforcement. Apple and Google’s new encryption only prevents unauthorized users from accessing stored content on the physical device. Even then, as Apple’s recent iCloud hacking scandal revealed, the data stored on a device is often still backed up on a cloud computer.

In other words, it appears that law enforcement’s hyperventilating over stronger password protection for smartphones is much ado about nothing. While it’s always possible to dream up certain hypothetical situations in which having instant, unfettered access to the contents of a smartphone might help an investigation, Apple and Google’s implementation of default encryption will not fundamentally change law enforcement’s ability to lawfully wiretap a suspect’s phone calls or monitor their email communications. It should also be noted that Apple and Google are simply implementing default encryption for their customers. Encryption has long been widely available either through third-party companies or as an opt-in feature on many smartphones. Presumably criminals that wanted to hide incriminating content on their smartphones were already using available encryption tools.

Finally, as pointed out by The Verge, any backdoor that enables law enforcement to circumvent a device’s password would also naturally provide an entry point for criminals. As sarcastically noted by Techdirt, law enforcement could use the same argument being used against smartphone encryption to slam the existence of walls in houses. While there will always be crimes that are hidden behind walls, this doesn’t mean that ordinary citizens should have live without privacy or security. Instead of viewing default encryption as a boon for hypothetical criminals, law enforcement should encourage its use as way for citizens to protect their financial information and other sensitive data that is often stored on today’s smartphones.

More from Tech Cheat Sheet:

Follow Nathanael on Twitter (@ArnoldEtan_WSCS)