F.B.I. Director Hints At Regulatory Action Against Apple, Google Over Encyrption
Law enforcement remains unhappy about the recent changes that will make it harder to break into a locked smartphone.
Yesterday, the director of the F.B.I. hinted that the Obama Administration will attempt to take regulatory action against Google and Apple over their decision to make changes to their mobile operating systems that will make it more difficult for law enforcement to search the contents of a smartphone or tablet without the consent of the owner:
WASHINGTON — The director of the F.B.I., James B. Comey, said on Thursday that the “post-Snowden pendulum” that has driven Apple and Google to offer fully encrypted cellphones had “gone too far.” He hinted that as a result, the administration might seek regulations and laws forcing companies to create a way for the government to unlock the photos, emails and contacts stored on the phones.
But Mr. Comey appeared to have few answers for critics who have argued that any portal created for the F.B.I. and the police could be exploited by the National Security Agency, or even Russian and Chinese intelligence agencies or criminals. And his position seemed to put him at odds with a White House advisory committee that recommended against any effort to weaken commercial encryption.
Apple and Google have announced new software that would automatically encrypt the contents of cellphones, using codes that even the companies could not crack. Their announcement followed a year of disclosures from Edward J. Snowden, the former government contractor who revealed many government programs that collect electronic data, including information on Americans.
The new encryption would hinder investigations involving phones taken from suspects, recovered at crime scenes or discovered on battlefields. But it would not affect information obtained by real-time wiretaps, such as phone conversations, emails or text messages. And the government could still get information that is stored elsewhere, including emails, call logs and, in some cases, old text messages.
But F.B.I. agents see the encryption as a beachhead they cannot afford to lose. With the latest software, the new phones will be the first widely used consumer products to encrypt data by default. If that is allowed to stand, investigators fear other technology companies will follow suit. If all desktop computers and laptops were encrypted, it would stymie all kinds of criminal investigations, they say.
Mr. Comey’s position has set up a potentially difficult struggle between law enforcement agencies and the nation’s high-technology manufacturers, who have rebuffed the government’s demands for a way to decode data.
It has also touched off a debate inside the government that highlights the difference between cybersecurity and traditional crime fighting. Any technology that allows the United States government to bypass encryption in the name of solving crimes could also allow hackers and foreign governments to bypass encryption in the name of stealing secrets.
All of this is rooted, of course, in the announcement that Apple made last month that it had made changes in iOS that would make it impossible for the company to unlock an iPhone or iPad that had been locked and encrypted by its owner. Days later, Google announced that it would be beefing up the same feature for its Android operating system, and making it much easier than it presently is for users to protect their phones from prying eyes. The practical effect of both of these decisions is that it would make it impossible for either company to comply with either a request for cooperation or a search warrant from law enforcement seeking help in unlocking a phone because, with the changes, it would be technologically impossible for either company to remotely unlock our decyrpt any device owned by someone who has activated these particular features of the operating system. Not unexpectedly, law enforcement quickly responded to the changes with arguments that both companies were making it more difficult for them to do their jobs with both Comey and Manhattan District Attorney Cyrus Vance Jr. arguing in the typically overwrought rhetoric you see from law enforcement that the two technology giants would be aiding terrorists, organized crime, and pedophiles if they allowed the changes to go forward.
As I said at the time, the fears raised by law enforcement are largely overblown, and yet another sign of the extent to which, once the surveillance state is given an inch it will fight tooth and nail if action is taken, either by the state itself or by private industry to fight back. Even with these changes, law enforcement will still be able access data stored in the cloud and in other forms of third party storage not under the direct control of the subject of their investigation. They will still be able to obtain court orders to compel the subject to an investigation to unlock a phone providing that they can show probable cause that there may be relevant evidence contained on the device and, they can attempt to crack the device themselves. More importantly, though, the complaints that we are hearing now are just a continuation of a battle that law enforcement has been waging for years to get greater access to personal communications in the digital age, a battle that was dealt a significant setback thanks to the revelations about N.S.A. data collection from Edward Snowden:
Mr. Comey’s complaint is that technology is vastly outpacing the ability to assure that authorities can track suspects however they communicate — by cellphone, text message or over a smartphone app. Four years ago the F.B.I. pressed to update a 20-year-old law that required traditional communication providers — like AT & T or Verizon — to build into their systems an ability to immediately comply with wiretap orders.
But many different companies, including small start-ups and foreign firms, now transmit communications. The F.B.I.’s effort to require many kinds of companies to provide unencrypted, plain-text information to the government if served with a court order failed. Last year the F.B.I. called back its proposal so that companies would still be permitted to offer messaging that would be entirely encrypted between users.
The Snowden disclosures about the surveillance carried out by the National Security Agency killed all those proposals. Now Mr. Comey appears to be going even further, seeking a way into data stored on phones even if it is never transmitted. And he wants to make sure that Apple, or other phone manufacturers, do not “throw away the key” that allows that information to be unencrypted. The companies, meanwhile, are going the other way: They want to convince customers that their data will be private, even from the phone’s maker.
“Just as people won’t put their money in a bank they won’t trust, people won’t use an Internet they won’t trust,” Brad Smith, the general counsel for Microsoft, said recently.
That’s really the key to this situation. Apple and Google are not taking these steps because they hate law enforcement, or, to respond to the ridiculous hyperbole of Comey and Vance, because they want to make it harder to go after terrorists, organized crime, or pedophiles. They are doing it in response to increased demand from tech savvy consumers for more protection for their data and their personal electronic devices. This demand has been stimulated, in large part, because of what we’ve learned about how our government is monitoring people on a large scale thanks to the Snowden revelations. It’s been because of those revelations that we have had a debate over the past year in this country over issues related to privacy and surveillance in the digital age and the question of the extent to which the law’s broad exemptions to the ”reasonable expectation of privacy” protected by the Fourth Amendment needs to be reexamined in an era where data is stored electronically rather than on pieces of paper in a filing cabinet. It’s a debate worth having, and it has led to things such as the Supreme Court’s decision in the cell phone search cases at the end of its last term, a decision that has the potential to go a long way toward scaling back the ability of law enforcement to conduct searches without court supervision. That’s a good thing, as are the changes that Apple and Google have announced. If Comey wants to find anyone to blame for all of this, he shouldn’t look at Apple and Google, he should look in the mirror and at his colleagues over at the National Security Agency, because those are the forces largely responsible for turning the tide on this issue.