FBI Director James Comey on Thursday strongly criticized Apple and Google for hardening information stored in smartphones by encrypting data, making it inaccessible to law enforcement even with a court order.
The FBI has had conversations with both Apple and Google over the encryption features, Comey told reporters at a media session in Washington, D.C., although he personally was not involved in those talks. The talks are ongoing, with the FBI aiming to get a better understanding of the companies’ points of view.
Comey plans to gather more information about the issue and comment on the results at a later date.
FBI spokesperson Christopher Allen declined to provide further details.
“The conversation is skewed. It’s not about blaming Apple or Google, but rather a realization that technology innovation cannot be halted. This is Apple and Google’s attempt at cracking the code of secure mobility,” Trent Telford, CEO of Covata, told TechNewsWorld.
Privacy vs. Public Good
Comey accused Apple and Google of marketing products that would let people put themselves beyond the law’s reach. He referred to child-kidnapping and terrorism cases as examples of why authorities need access to information on cellphones.
Comey feared that not having a way to access smartphone data in certain situations could cost lives.
“Nevertheless, the discussion around policy is an important one for government and technology vendors to have. It’s not a viable option for government to restrict technology innovation until the world is completely secure,” said Telford.
A Fight Brewing
This is a fight government officials are going to have to take on themselves in order to get the information, according to Charles Tendell, founder of Azorian Cyber Security.
“I am very much in favor of Google and Apple saying, “if you want to get our information, you should be going through the appropriate channels. This is dealing with the person you have the warrant for. You should not be allowed to come to us and be sort of your backdoor to the access,'” Tendell told TechNewsWorld.
Developing stepped-up encryption technology for their mobile operating systems is a very bold move for Apple and Google, he said. The two companies essentially are saying that they are not going to let the government agencies compel them to turn over data from customers’ devices.
“I understand there will be accusations about hindering investigations and so forth. But Apple and Google will not have the technical capabilities to turn over that data. They do have access to whatever is in the cloud,” he said.
Access Stays With Owner
Apple and Google are stepping out of the way. They can not give access to what they themselves do not have, noted Tendell.
That information belongs to the phone owners, and they have paid for it. Apple and Google can not invade their privacy just to give the FBI access to that device, he said.
“The encryption on these phones is strong enough now that by the time the FBI breaks it, it will be completely irrelevant. Some PIN codes will actually take more than a year to break,” Tendell said. “I think it is a good check and balance. I am a hare core advocate for consumer rights and privacy.”
So far, both Apple and Google have been slow to respond to Comey’s accusations. Neither company responded to our requests for comment by press time on Friday.
Both Apple’s newly released iOS 8 and Google’s upcoming Android L are encrypted, or rendered in code, by default. Law enforcement officials can still intercept conversations, but they might not be able to access call data, contacts, photos and email stored on the phone.
Personal data is password-protected on devices running iOS 8. Such data includes photos, messages and attachments, email, contacts, call history, iTunes content, notes and reminders.
Apple cannot bypass user passcodes to access their data. That makes responding to government warrants for the extraction of user data technically not possible.
Phones running Android have had encryption as an option for three years, but it will be turned on by default in Android L, the next release of Google’s operating system.May Cloud BlockageEnterprises with comprehensive IT security policies will encrypt data before its put in the cloud — so cloud access to user data may not be a given for law enforcement.
“In this case, both the data on the phone and in the cloud will have been encrypted,” Garry L. McCracken, vice president for technology partnerships at WinMagic Data Security, told TechNewsWorld.
Another issue that’s cloudy is what circumstances might justify government demands to access data stored off site, he said. If an enterprise stores information in the cloud, it typically would control who gets to see the data. This is especially true in cases when data is encrypted by the enterprise before it goes to the cloud.
“If the government has a legitimate reason to want to access this data, they would have to go to the enterprise to unlock the keys. We as an industry can enforce this rule by having the enterprise protect its information before going into the cloud, with enterprise-controlled encryption management,” McCracken said.
“We are essentially taking the responsibility of managing the keys out of Apple/Google/other cloud providers hands. If Apple is no longer keeping a copy of the encryption key,” he explained, “then it is true that the data on the device cannot be accessed.”