How Upcoming Smartphone Encryption has Law Enforcement Ruffled
There’s a downside to Android and iOS’s privacy-enhancing encryption—it’s going to get much harder to catch criminals, police say.
Facebook, Google and Yahoo have all ramped up the encryption of computer traffic since revelations by whistleblower Edward Snowden indicated that mass surveillance was rampant by governments.
And not only rampant, but legal too, according to security services regulators. The Financial Times newspaper has recently reported on a UK ruling, by a secret tribunal, called the Investigatory Powers Tribunal that says Amnesty, Liberty and Privacy International’s claims that methods used compromise human rights, aren’t valid.
So, reckon on a future-struggle getting governments to back off on mass surveillance metadata eavesdropping. Metadata is the often-incriminating wrapper around a message, rather than the actual message content.
Which leaves us, the public, just a couple of options, either go along with it—and there are many of us who think that it’s not such a bad thing if the end result is a reduction in terrorism—or take matters into our own hands and seek out privacy tools.
Conveniently, the two biggest smartphone operating system makers, Apple and Google’s Android already include some elements of encryption, by default.
Third-party apps and encrypted Internet circuits like TOR are available too. I’ve written about an entirely encryption-oriented VoIP smartphone eco-system this week (link here).
Law and order
But it’s that mobile device-maker encryption, because of its widespread adoption, that has pro-law-and-order officials peeved.
One of the problems law enforcement is encountering is that public perception of legal data collection is that it’s snooping by government or police, rather than simply collecting metadata—the pattern-providing phone number, not the transcript of the call. The public aren’t concerned about semantics—it’s snooping to them.
This new-found public awareness of spying, delivered by Snowden, affects policing efforts just as much as it relates to international government-led spying to nab home-grown and foreign terrorists.
Phone makers, this being a consumer society, are happy to oblige the knee-jerking customer, thus encryption in phone operating systems is the latest trend—come and get it.
How law enforcement sees it
FBI Director James B. Comey, in an October 2014 speech, says that he’s increasingly concerned about encryption. He reckons it adversely affects public safety, and creates an environment which he and his FBI cohorts call “Going Dark.”
He says that, through court orders, the FBI has the legal authority to intercept communications “but we often lack the technical ability to do so,” he says.
One of the problems going after baddies is logistical. You’ve got to seamlessly monitor disparate devices, like phone and tablet, and multiple types of networks like mobile wireless, Wi-Fi and so on. Encryption makes this monitoring even harder.
So, he is opposed to Apple and Google’s default encryption implementation in their mobile operating systems. Google’s “L”, its latest Android OS version, which is rolling out to existing devices now, includes encryption. Apple has had parts of its OS encrypted for some time.
Attorney General Eric H. Holder Jr. agrees with Comey, and cites kidnappers and sexual predators as targets that will be harder to catch.
He doesn’t mention spying, despite mobile device-maker encryption clearly being “a reaction to the public outrage” over revelations by Snowden about the NSA’s secret collection of phone data, according to Timothy M. Phelps, of the Los Angeles Times, writing about Holder’s comments.
The Kill switch
NYPD Police Commissioner Bill Bratton says the new, encrypted mobile operating systems are “a terrible disservice to the public” and that they impede police investigation of crimes.
Bratton wants to see some kind of equivalent of a kill switch. Kill switches are a tool that can be used to switch phones off when they get stolen. Law enforcement has been a proponent of kill switches getting adopted, and could conceivably lobby for encryption turn-off switches—although Bratton doesn’t say how he sees it working.
The irony over this whole saga is that there is, in fact, a law that requires telecom companies, Internet service providers, and even modern business VoIP providers to build “interception capabilities” into networks for court-ordered surveillance. But it doesn’t cover “new means of communication,” Comey says.
Most new communications tools are “not required by statute to provide lawful intercept capabilities to law enforcement,” he says.
Comey, Bratton, and others, are going to have their work cut out for them persuading the public that they shouldn’t be encrypting their communications. They should have thought of this earlier though. Snowden snowballs.