F.B.I. Director Hints At Regulatory Action Against Apple, Google Over Encyrption

Law enforcement remains unhappy about the recent changes that will make it harder to break into a locked smartphone.

FBI Badge and Gun

Yesterday, the director of the F.B.I. hinted that the Obama Administration will attempt to take regulatory action against Google and Apple over their decision to make changes to their mobile operating systems that will make it more difficult for law enforcement to search the contents of a smartphone or tablet without the consent of the owner:

WASHINGTON — The director of the F.B.I., James B. Comey, said on Thursday that the “post-Snowden pendulum” that has driven Apple and Google to offer fully encrypted cellphones had “gone too far.” He hinted that as a result, the administration might seek regulations and laws forcing companies to create a way for the government to unlock the photos, emails and contacts stored on the phones.

But Mr. Comey appeared to have few answers for critics who have argued that any portal created for the F.B.I. and the police could be exploited by the National Security Agency, or even Russian and Chinese intelligence agencies or criminals. And his position seemed to put him at odds with a White House advisory committee that recommended against any effort to weaken commercial encryption.

Apple and Google have announced new software that would automatically encrypt the contents of cellphones, using codes that even the companies could not crack. Their announcement followed a year of disclosures from Edward J. Snowden, the former government contractor who revealed many government programs that collect electronic data, including information on Americans.

The new encryption would hinder investigations involving phones taken from suspects, recovered at crime scenes or discovered on battlefields. But it would not affect information obtained by real-time wiretaps, such as phone conversations, emails or text messages. And the government could still get information that is stored elsewhere, including emails, call logs and, in some cases, old text messages.

But F.B.I. agents see the encryption as a beachhead they cannot afford to lose. With the latest software, the new phones will be the first widely used consumer products to encrypt data by default. If that is allowed to stand, investigators fear other technology companies will follow suit. If all desktop computers and laptops were encrypted, it would stymie all kinds of criminal investigations, they say.

Mr. Comey’s position has set up a potentially difficult struggle between law enforcement agencies and the nation’s high-technology manufacturers, who have rebuffed the government’s demands for a way to decode data.

It has also touched off a debate inside the government that highlights the difference between cybersecurity and traditional crime fighting. Any technology that allows the United States government to bypass encryption in the name of solving crimes could also allow hackers and foreign governments to bypass encryption in the name of stealing secrets.

All of this is rooted, of course, in the announcement that Apple made last month that it had made changes in iOS that would make it impossible for the company to unlock an iPhone or iPad that had been locked and encrypted by its owner. Days later, Google announced that it would be beefing up the same feature for its Android operating system, and making it much easier than it presently is for users to protect their phones from prying eyes. The practical effect of both of these decisions is that it would make it impossible for either company to comply with either a request for cooperation or a search warrant from law enforcement seeking help in unlocking a phone because, with the changes, it would be technologically impossible for either company to remotely unlock our decyrpt any device owned by someone who has activated these particular features of the operating system. Not unexpectedly, law enforcement quickly responded to the changes with arguments that both companies were making it more difficult for them to do their jobs with both Comey and Manhattan District Attorney Cyrus Vance Jr. arguing in the typically overwrought rhetoric you see from law enforcement that the two technology giants would be aiding terrorists, organized crime, and pedophiles if they allowed the changes to go forward.

As I said at the time, the fears raised by law enforcement are largely overblown, and yet another sign of the extent to which, once the surveillance state is given an inch it will fight tooth and nail if action is taken, either by the state itself or by private industry to fight back. Even with these changes, law enforcement will still be able access data stored in the cloud and in other forms of third party storage not under the direct control of the subject of their investigation. They will still be able to obtain court orders to compel the subject to an investigation to unlock a phone providing that they can show probable cause that there may be relevant evidence contained on the device and, they can attempt to crack the device themselves. More importantly, though, the complaints that we are hearing now are just a continuation of a battle that law enforcement has been waging for years to get greater access to personal communications in the digital age, a battle that was dealt a significant setback thanks to the revelations about N.S.A. data collection from Edward Snowden:

Mr. Comey’s complaint is that technology is vastly outpacing the ability to assure that authorities can track suspects however they communicate — by cellphone, text message or over a smartphone app. Four years ago the F.B.I. pressed to update a 20-year-old law that required traditional communication providers — like AT & T or Verizon — to build into their systems an ability to immediately comply with wiretap orders.

But many different companies, including small start-ups and foreign firms, now transmit communications. The F.B.I.’s effort to require many kinds of companies to provide unencrypted, plain-text information to the government if served with a court order failed. Last year the F.B.I. called back its proposal so that companies would still be permitted to offer messaging that would be entirely encrypted between users.

The Snowden disclosures about the surveillance carried out by the National Security Agency killed all those proposals. Now Mr. Comey appears to be going even further, seeking a way into data stored on phones even if it is never transmitted. And he wants to make sure that Apple, or other phone manufacturers, do not “throw away the key” that allows that information to be unencrypted. The companies, meanwhile, are going the other way: They want to convince customers that their data will be private, even from the phone’s maker.

“Just as people won’t put their money in a bank they won’t trust, people won’t use an Internet they won’t trust,” Brad Smith, the general counsel for Microsoft, said recently.

That’s really the key to this situation. Apple and Google are not taking these steps because they hate law enforcement, or, to respond to the ridiculous hyperbole of Comey and Vance, because they want to make it harder to go after terrorists, organized crime, or pedophiles. They are doing it in response to increased demand from tech savvy consumers for more protection for their data and their personal electronic devices. This demand has been stimulated, in large part, because of what we’ve learned about how our government is monitoring people on a large scale thanks to the Snowden revelations. It’s been because of those revelations that we have had a debate over the past year in this country over issues related to privacy and surveillance in the digital age and the question of the extent to which the law’s broad exemptions to the ”reasonable expectation of privacy” protected by the Fourth Amendment needs to be reexamined in an era where data is stored electronically rather than on pieces of paper in a filing cabinet. It’s a debate worth having, and it has led to things such as the Supreme Court’s decision in the cell phone search cases at the end of its last term, a decision that has the potential to go a long way toward scaling back the ability of law enforcement to conduct searches without court supervision. That’s a good thing, as are the changes that Apple and Google have announced. If Comey wants to find anyone to blame for all of this, he shouldn’t look at Apple and Google, he should look in the mirror and at his colleagues over at the National Security Agency, because those are the forces largely responsible for turning the tide on this issue.

 

FILED UNDER: Crime, Law and the Courts, National Security, Science & Technology, US Politics
Doug Mataconis
About Doug Mataconis
Doug holds a B.A. in Political Science from Rutgers University and J.D. from George Mason University School of Law. He joined the staff of OTB in May 2010 and contributed a staggering 16,483 posts before his retirement in January 2020.

Comments

  1. michael reynolds says:

    Let’s say my daughter turns up missing, but I have her phone. I can’t use that potential life-saving data because a bunch of neck-beards with fantastically exaggerated senses of their own importance are paranoid that the NSA will know they like My Little Pony porn.

    I’m with the FBI on this. (Words I never thought I’d write.)

  2. Mu says:

    I’m sure Alito and Scalia will redefine probable cause to mean “he’s encrypted his data, he’s got to be hiding something”.

  3. Mu says:

    @michael reynolds: Sorry Michael, your daughter is brighter than you and downloaded the “encrypt my phone” app, knowing her father would try to snoop on her.

  4. @Mu:

    Alito and Scalia were part of the unanimous majority voiding the warrantless searches in the cell phone searches cases, just in case you didn’t know.

  5. Paul Hooson says:

    Protecting user data from hacker attempts is a worthy goal, and any obstruction of police, unintended here…

  6. michael reynolds says:

    @Paul Hooson:

    Hackers aren’t getting data from phones, they’re getting truck-loads of it directly from corporations too cheap and lazy to put up reasonable defenses. The individual phone is beside the point, and obstructing the police sounds like lots of fun until you need the police. This is a bad idea and the FBI is right. This is Apple and Google enabling child pornographers and various other criminals in order to pander to the inflated egos of the eternally paranoid.

    And while we’re at it, let me just add that I’m taking my iPhone 6 back and trading it for a 5S.

  7. Mikey says:

    @michael reynolds:

    a bunch of neck-beards with fantastically exaggerated senses of their own importance are paranoid

    Win.

  8. grumpy realist says:

    Eh. I think the benefits obtained by having my stuff encrypted are worth the frustration to the FBI. They’re going to have to go back to standard detective work, rather than pushing a button and having everything downloaded into their laps.

    Plus, if they’re REALLY worried, the government would take some of that military money and dump more of it into quantum computers.

  9. Eric Florack says:

    , look, these guys are like lawyers who always ask for more than they’re entitled to. No concern, right? I mean, wasn’t that what we were told yesterday in the “sermons” thread?

    Also, where is Obama on this?
    Does anyone here suppose we can expect his intervention?

    I didn’t think so.

  10. James Pearce says:

    “Just as people won’t put their money in a bank they won’t trust, people won’t use an Internet they won’t trust,” Brad Smith, the general counsel for Microsoft, said recently.sually when these things are decided, other factors

    I think this is somewhat false. I think many people use the internet suspiciously. They cloud their identity in anonymity. They’re careful not to give out too much personal information. Indeed, this suspicion runs so deep that entire industries needed to be invented to make internet commerce work. Who needs Paypal, spam blockers, or virus scanners in a trust environment?

    The problem is that people tend to trust things they shouldn’t. Previously, they trusted Apple and Google to safeguard their data. Now they don’t. This encryption effort then is not about reinforcing or reintroducing trust, but doing away with it completely. These companies would like to monetize your data, but leave all security measures to you. In other words, it’s about taking the money but none of the responsibility.

    Truth is, law enforcement wants the back door because the back door is incredibly useful to their mission. As with anything that is useful but tends to be also abused, the wise course of action is not to avoid using it, but to avoid abusing it. In that context, a regulatory framework is helpful, not just in outlining what they can do, but what they can’t do, as well as how and to whom.

    In other words, the neckbeards should join Comey in his call for regulatory action rather than high-fiving the self-serving encryption policies of their favorite datasnooping company.

  11. humanoid.panda says:

    @grumpy realist: Yeah, but what if the “something” on those encrypted phones is the element of the crime, say child pornography? There has to be a way for police officers to obtain a search warrant for this stuff, no?

    (In theory, they could obtain a court order ordering the owner to unlock his phone, in a similar way courts can mandate DNA swabs, but I think its much easier to coerce someone to give up DNA than a secret password..)

  12. humanoid.panda says:

    @Eric Florack: @James Pearce:

    Truth is, law enforcement wants the back door because the back door is incredibly useful to their mission. As with anything that is useful but tends to be also abused, the wise course of action is not to avoid using it, but to avoid abusing it. In that context, a regulatory framework is helpful, not just in outlining what they can do, but what they can’t do, as well as how and to whom.

    This I think nails the spot. The problem in the entire encryption/secrecy debate is that we are conflating capacity with regulation/legislation. In other words, its good for law enforcement to have access to trap doors, but only if the the legislative framework making sure that access is stricly controlled is in place. Where the NSA really f*d up it seems is that no less that the neckbeards, it seems to think that technology should come first, legality second.

  13. humanoid.panda says:

    @Eric Florack: There is a wonderful German word that is now out of use that perfectly describes people like you: Teppichbeißer.

  14. DrDaveT says:

    @michael reynolds:

    Let’s say my daughter turns up missing, but I have her phone

    Your daughter, as a minor, has no privacy rights. You, as an intelligent parent, configured the phone you gave her with a Nanny App that gives you a password-protected back door to unlock whatever she put on it. When to use that back door, under what circumstances, is between you and her.

  15. Eric Florack says:

    @humanoid.panda: No argument.
    Does seem odd, though to see the usual suspects who bitched up a blue streak about this when Bush was in charge, now being very kitten-like.

  16. michael reynolds says:

    @DrDaveT:

    And if I’ve forgotten her password? Or she’s found a work-around? Or if it’s the suspect perp’s phone we’re talking about?

    We are doing real damage to genuinely necessary police capabilities because we’re afraid of SkyNet. As a professional purveyor of paranoid dystopian fantasies (BZRK) I really wish readers were capable of differentiating between the paranoid fantasies promulgated by people like me as entertainment, and the real world. If you people out there can’t tell the difference between reality and fantasy it kind of puts a crimp in the whole writing thing for me.

  17. Eric Florack says:

    @James Pearce: Well, theres the real issue… trust.
    Or, rather the lack of it.

    On what basis, then, given the laundry list of things Obama and his administration have been caught flat out lying about, on what basis do we trust them here?

  18. wr says:

    @michael reynolds: Yes, Michael, let’s give the feds vast, sweeping power over our technology because you might forget to write down a password.

    They say hard cases make bad law…

  19. wr says:

    @michael reynolds: “Let’s say my daughter turns up missing, but I have her phone. I can’t use that potential life-saving data because a bunch of neck-beards with fantastically exaggerated senses of their own importance are paranoid that the NSA will know they like My Little Pony porn.”

    Let’s say your daughter is missing and the police have a suspect in custody, but he won’t talk. Shouldn’t they be allowed to torture him? After all, there is a young girl’s life at stake. Surely that’s more important than a bunch of “rules” that have been enacted to protect our “rights.”

    Right?

  20. michael reynolds says:

    @wr:

    Right, so the alternative to a completely harmless back-door to a phone must be torture.

    “Vast, sweeping powers?” Like I said: SkyNet. Fantasy is not reality. 1984 never happened. Orwell was a lousy prophet. There are no Terminators. There is no Matrix. That’s all made up. Out here in the real world none of that ever happened.

  21. wr says:

    @michael reynolds: The assumption that the FBI is making is that they have the right to all our data, and in some cases we can take them to court to refuse it. To me, that directly contradicts the spirit and letter of the Constitution. We are not servants of the state, and we are not all subject to constant search and surveillance because there are some bad people out there.

  22. grumpy realist says:

    @Eric Florack: The chances of the FBI getting what they ask from government is I think higher than one of the interested parties on one side in an adversarial system of litigation…..

    Do you regularly argue in such bad faith, or do you honestly not see the difference?

  23. James in Silverdale, WA says:

    Too late. Government went way too far with the NSA and FISA, and the demand for end-to-end encryption has gone through the roof. Google and others are launching armadas of equipment from satellites to high altitude balloons to even swarms of cubesats, creating hyper redundant meshnets that require no ISP, which is where all the censoring and illegal data mining occurs. And the communications between them all are highly encrypted using decentralized block chains to manage their authenticity.

    There will be no regulations from Congress or the courts that will prevent this. First, you have to explain it all to people who were raised in the quaint age of movable type and carbon paper, which is most elected pols. This means you can’t get to “second” in any rational fashion.

    The FBI, CIA, NSA, and any number of other government alphabet soups will be left wanting. They brought it on themselves. All they had to do was ask for a bloody warrant, in public. The FISA court is an abomination and must be dismantled. And even that will not prevent the rise of highly encrypted hyper redundant meshnets.

    http://blogs.wsj.com/accelerators/2014/10/10/weekend-read-the-imminent-decentralized-computing-revolution/

  24. Duracomm says:

    The person was kidnapped after an internet stalker exploited a fault in the government mandated encryption backdoor to find their location using the phones GPS system.

    Breaking encryption / security for the FBI means breaking encryption / security for everyone else.

    Which is why it is very bad for phone users safety and security for the federal government to require the installation of a software defect (“backdoor” ) on the phones.

  25. Argon says:

    @James in Silverdale, WA: “Too late. Government went way too far with the NSA and FISA…”

    Bingo. The claim that regulatory edicts work to prevent abuse by agencies has already been proven to be massively wrong. Second, backdoors and mandatory secondary keys open devices to many more groups than just the government.

  26. wr says:

    @grumpy realist: “Do you regularly argue in such bad faith, or do you honestly not see the difference?”

    What about “all of the above”?

  27. Look, Michael’s made it clear that since he’s rich and influential, he doesn’t care how many of the “little people” get ground up in the gears as long as his bubble of privelege never gets impacted. Be it firing missiles at suspicious looking brown people or gutting the fourth ammendment, wherever other people are suffering for his benefit, it’s a sacrifice he’s will to have them make.

  28. Grewgills says:

    @michael reynolds:

    And if I’ve forgotten her password?

    If it’s that important store the password on your encrypted phone.

  29. Hal_10000 says:

    So we’re debating the hypothetical situation where unlocking a missing person’s phone could save their life and the hypothetical situation where a backdoor into cell phones could allow the Federal government access to data.

    One of those is not very hypothetical. The powers granted under the Patriot Act, for example, have been used almost exclusively to fight the War on Drugs and to find evidence of other crimes, not to stop terrorists. They tried to claim an open ability to search cell phones after an arrest for any incriminating information. They have been granted the ability by SCOTUS to take someone’s DNA on arrest to search databased for matches. The willingness and ability of law enforcement to use and abuse any tool placed at their disposal is a far less hypothetical situation than the Very Special Episode of Law and Order: SVU you describe.

  30. Hal_10000 says:

    Also, keep in mind that our government’s record on this kind of thing is not exactly 100%. Twenty years ago, they tried to force the clipper chip on us. It was a fiasco.

  31. the Q says:

    “……1984 never happened. Orwell was a lousy prophet….’ I guess Mr. Reynolds has not read all the Snowden leaked memos.

    The only reason Orwell and 1984 hasn’t happened is because the majority, unlike Mr. Reynolds, has not fully capitulated to Big Brother and its necessity to wipe out 4th Amendment. protections in the name of _______ (fill in the blank…terrorism….crime…..national security….imminent danger). When Mr. Reynold’s myopic vision becomes common place, boom, 1984 will happen.

    Its like the wingnuts who whine, “if you have nothing to hide, you have notihing to fear from an illegal search.” Ergo, warrantless searches, blanket snooping, rubber stamped FISA rulings, erosion of civil liberties and soon…..1984!

  32. @michael reynolds:

    Even in the highly unlikely event your “nuclear bomb” scenario happens, this technology probably won’t block you from accessing your daughter’s phone: high strength end to end encryption necessarily requires the use of an unencrypted keyring at each end that protects the lengthy user keys used in high end encryption with a much less secure, yet humanly rememberable, password.

    This is why, despite the FBI’s huffing, even military grade encryption rarely blocks actual investigations: once you have physical custody of one of the endpoints, brute forcing the keyring is relatively simple.

    All this technology prevents the FBI from doing is hoovering up the encrypted data in the middle without either endpoint noticing.

  33. Argon says:

    Interesting related news: Apparently a woman gave DEA agents permission to examine her phone. Later, she found that the agency took information from her phone and set up a fake Facebook account in her name. They also added pictures harvested from her phone including those of her clothed only in her underwear. But hey, she gave them ‘permission’ to aid an ongoing investigation.

    Marcy Wheeler also wrote an earlier article in Salon about the “help us find perverts” line of BS from the FBI.

  34. Matt says:

    This won’t last because even if the FBI manages to force google and apple to reverse this there will still be third parties out there that will be willing to fill the void. You can already encrypt your computer so hard that it’s almost impossible for the NSA to crack and it’s free stuff.

    Of course criminals don’t care either way. Heavy encryption for phones has existed for some time.

    Micheal is sounding like conservatives talking about torture. Same argument same fallacies…

  35. @wr:

    “Let’s say my daughter turns up missing, but I have her phone. I can’t use that potential life-saving data because a bunch of neck-beards with fantastically exaggerated senses of their own importance are paranoid that the NSA will know they like My Little Pony porn.”

    Let’s say your daughter is missing and the police have a suspect in custody, but he won’t talk. Shouldn’t they be allowed to torture him? After all, there is a young girl’s life at stake. Surely that’s more important than a bunch of “rules” that have been enacted to protect our “rights.”

    Right?

    Uh…are you high? You’re really think accessing someone’s cellphone, after obtaining a warrant (see Riley v. California, 573 U.S. ___ (2014)), is fraking comparable to torturing somebody?

  36. Matt says:

    @Timothy Watson: Well Michael pulled out the same tired old ticking timebomb scenario which is also used by conservatives to support torture. WR is just taking Micheal’s thoughts to their logical conclusion.

  37. T says:

    @Timothy Watson:

    Uh…are you high?

    You’re really think accessing

    You’re really think

    try to be a smartass.

    cant type coherently.

    o i am laffin.

  38. Mikey says:

    To anyone still reading this thread, here’s a link to a MOOC I’ve just started taking on Coursera, titled “Surveillance Law.” Pretty interesting so far.

    https://www.coursera.org/course/surveillance

    Here’s the Wiki on the instructor:

    http://en.wikipedia.org/wiki/Jonathan_Mayer