What began as a software tweak by Apple to increase security on devices running iOS 8 has spilled into a heated debate between the U.S. Federal Bureau of Investigation and high-tech corporations over how much personal information law enforcement agencies can demand to see.
That debate that continued to play out Thursday at a forum in Washington at the Brookings Institute attended by FBI director James Comey.
Apple says its new encryption standards protect users from search and seizure of their iPhones. The FBI says the policy will hurt law enforcement by putting important evidence off-limits to federal investigators.
But one encryption security executive says neither is true – that Apple’s new encryption standard is little more than a public relations move to reassure its international market, and that the FBI already can get access to just about any information it wants already through the USA Patriot Act.
When it released its latest mobile operating system for iPhones and iPads this September, Apple included a security change that it said would make it nearly impossible for police agencies to unlock the devices without the owner’s consent. Previously, the operating system allowed Apple to unlock devices if police or the FBI provided a search warrant.
“Security and privacy are fundamental to the design of all our hardware, software, and services,” the company said on its website. “It’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.”
Google, which controls the Android operating system popular on many mobile devices, quickly followed suit.
That means that even if law enforcement officers believe a suspect’s iPad or Android phone contains incriminating evidence and present a valid warrant, they still will not be able to access that data without the suspect’s direct cooperation.
The change came just months after a pair of rulings by the U.S. Supreme Court that declared mobile phones to be “…a digital record of nearly every aspect…” of users’ lives, and by and large put them off limits to police except in only the most specific circumstances.
Privacy and civil rights activists, such as the ACLU, hailed the enhanced encryption standards.
“Apple seems to understand that consumers want companies to put their privacy first,” the ACLU’s Christopher Soghoian told the Washington Post, adding “I suspect there are going to be a lot of unhappy law enforcement officials.”
Count among the unhappy Comey, director of the FBI. Soon after the new standards were announced, Comey began criticizing the move as “harmful” to law enforcement.
“The law has not kept pace with technology,” he warned in his Brookings appearance on Thursday. “There will come a day—and it comes every day in this business—where it will matter a great deal to innocent people that we in law enforcement can’t access certain types of data or information, even with legal authorization.”
Comey said law enforcement agencies are increasingly vexed by “bad guys” using encrypted data storage and keeping nearly all their information – some of which might be evidence of illegal activity – on encrypted phones, outside the traditional access of wiretaps or database searches. Comey calls this “going dark,” saying that criminals must not be allowed to turn phones into an unbreakable storehouse of data.
“If the challenges of real-time interception threaten to leave us in the dark, encryption threatens to lead all of us to a very dark place,” he said. (Comey’s full remarks can be read here.)
Many on social media were skeptical. This tweet from Twitter user Mike Spinney was typical: “When Comey warns we're headed to a dark place, that's exactly the point. Dark enough that the FBI can't see.”
But Alain Ghiai, CEO of the Switzerland-based secure data service DigitalSafe, said the debate between law enforcement leaders like Comey and high-tech firms like Apple is, in all practical purposes, largely meaningless.
“It just makes people comfortable, but it doesn’t protect them whatsoever,” Ghiai said, speaking about the new encryption policies. And the reason for that, he said, is the USA Patriot Act, passed in 2001 and extended in 2011.
“Very few people think about the USA Patriot Act,” he told VOA. “What it basically means, in a nutshell, is that not just the government but a lawyer with a rubber stamp approval can subpoena your data by going through your Internet service provider, telecomm provider or anybody else, without your knowledge…and basically download all your information.”
Ghiai said that while the new Apple and Google encryption policies make it difficult for police to break open a suspect’s phone, nearly everything on that phone will have, at some point, been transmitted via ISP or mobile provider or another service, and the Patriot Act he says gives federal law enforcement nearly unlimited access to those data sets – all under the cloak of secrecy.
Comey acknowledged that revelations of U.S. surveillance over the past few years – “post-Snowden” he called it – have made many worry about the security and privacy of their information.
“Some believe that the FBI has these phenomenal capabilities to access any information at any time—that we can get what we want, when we want it, by flipping some sort of switch,” he told the Brookings audience. “It may be true in the movies or on TV. It is simply not the case in real life.”
But because technology is evolving far faster than the laws governing surveillance, the new encryption standards he said run the risk of letting criminals go free.
“Justice may be denied, because of a locked phone, or an encrypted hard drive,” Comey said.
Ghiai agrees that the federal government should have some ability to access encrypted information on mobile devices, depending on the seriousness of the situation.
“What about if you really have bad people storing things and communicating and blowing up something?” he asked. “I think the federal government should have certain rights.”
But Ghiai said that’s mostly a theoretical point, given that measures like the Patriot Act already give the federal government access to any data that has ever been stored, shared or otherwise transmitted.
VOA requested comment from Apple by phone and email for this story but received no response.