BY KEVIN POULSEN
It took the upheaval of the Edward Snowden revelations to make clear to everyone that we need protection from snooping, governmental and otherwise. Snowden illustrated the capabilities of determined spies, and said what security experts have preached for years: Strong encryption of our data is a basic necessity, not a luxury.
And now Apple, that quintessential mass-market supplier of technology, seems to have gotten the message. With an eye to market demand, the company has taken a bold step to the side of privacy, making strong crypto the default for the wealth of personal information stored on the iPhone. And the backlash has been as swift and fevered as it is wrongheaded.
At issue is the improved iPhone encryption built into iOS 8. For the first time, all the important data on your phone—photos, messages, contacts, reminders, call history—are encrypted by default. Nobody but you can access the iPhone’s contents, unless your passcode is compromised, something you can make nearly impossible by changing your settings to replace your four-digit PIN with an alphanumeric password.
Rather than welcome this sea change, which makes consumers more secure, top law enforcement officials, including US Attorney General Eric Holder and FBI director James Comey, are leading a charge to maintain the insecure status quo. They warn that without the ability to crack the security on seized smartphones, police will be hamstrung in critical investigations. John Escalante, chief of detectives for Chicago’s police department, predicts the iPhone will become “the phone of choice for the pedophile.”
The issue for law enforcement is that, as with all strong crypto, the encryption on the iPhone is secure even from the maker of the device. Apple itself can’t access your files, which means, unlike in the past, the company can’t help law enforcement officials access your files, even if presented with a valid search warrant.
That has lead to a revival of a debate many of us thought resolved long ago, in the crypto wars of the 1990s. Back then, the Clinton administration fought hard to include trapdoor keys in consumer encryption products, so law enforcement and intelligence officials—NSA being a chief proponent—could access your data with proper legal authority. Critics argued such backdoors are inherently insecure. Trapdoor keys would be an irresistible target for corrupt insiders or third-party hackers, and would thus make Americans more vulnerable to criminals, foreign intelligence services, corrupt government officials, and other threats. Additionally, foreign technology companies would gain a competitive advantage over the US, since they’d have no obligation to weaken their crypto.
The feds lost the crypto wars, but without serious consumer demand, strong encryption has crept onto our gadgets only for narrow purposes, like protecting Internet transactions. The iPhone encrypted email and calendar entries, but little else. Now that Snowden’s revelations have reinforced just how vulnerable our data is, companies like Apple and Google, who were painted as NSA collaborators in the earliest Snowden leaks, are newly motivated to demonstrate their independence and to compete with each other on privacy.
However it got there, Apple has come to the right place. It’s a basic axiom of information security that “data at rest” should be encrypted. Apple should be lauded for reaching that state with the iPhone. Google should be praised for announcing it will follow suit in a future Android release.
And yet, the argument for encryption backdoors has risen like the undead. In amuch-discussed editorial that ran Friday, The Washington Post sided with law enforcement. Bizarrely, the Post acknowledges backdoors are a bad idea—“a back door can and will be exploited by bad guys, too”—and then proposes one in the very next sentence: Apple and Google, the paper says, should invent a “secure golden key” that would let police decrypt a smartphone with a warrant.
The paper doesn’t explain why this “golden key” would be less vulnerable to abuse than any other backdoor. Maybe it’s the name, which seems a product of the same branding workshop that led the Chinese government to name its Internet censorship system the “golden shield.” What’s not to like? Everyone loves gold!
Implicit in the Post’s argument is the notion that the existence of the search warrant as a legal instrument obliges Americans to make their data accessible: that weakening your crypto is a civic responsibility akin to jury duty or paying taxes. “Smartphone users must accept that they cannot be above the law if there is a valid search warrant,” writes the Post.
This talking point, adapted from Comey’s press conference, is an insult to anyone savvy enough to use encryption. Both Windows and OS X already support strong full-disk crypto, and using it is a de facto regulatory requirement for anyone handling sensitive consumer or medical data. For the rest of us, it’s common sense, not an unpatriotic slap to the face of law and order.
This argument also misunderstands the role of the search warrant. A search warrant allows police, with a judge’s approval, to do something they’re not normally allowed to do. It’s an instrument of permission, not compulsion. If the cops get a warrant to search your house, you’re obliged to do nothing except stay out of their way. You’re not compelled to dump your underwear drawers onto your dining room table and slash open your mattress for them. And you’re not placing yourself “above the law” if you have a steel-reinforced door that doesn’t yield to a battering ram.
You have to feel for Apple. The company’s slovenly security on iCloud made it the butt of jokes for weeks after the leak of celebrity nude photos. Before that, the Goto Fail bug drew guffaws from computer security experts and inspired mocking tee shirt designs. With the release of iOS 8, Apple made a privacy improvement so dramatic that it should rightly wipe out the taint of these security failures. Instead, the company is bashed by the nation’s top law enforcement official and the editorial board of one of the country’s most prestigious newspapers.
Yes, some investigations will be frustrated by strong crypto on the iPhone and Android. Some criminals who otherwise would be convicted will get away. But cops will still seize plenty of phones in an unlocked state. Of the others, many crooks will choose insecure passcodes, or write their code on a Post-It. Still more will hand over their passcodes or unlock their phones voluntarily in the hope of buying leniency; experienced cops are adept at convincing suspects to cooperate against their best interests.
There’s even a growing body of case law saying suspects can be compelled by the court to surrender their crypto keys under certain circumstances, despite the protections of the Fifth Amendment. That has its own issues, but at least the suspect gets a chance to be heard in court before a search is conducted, instead of after, as with the current search warrant regime.
On balance, smartphones have been a gold mine to police, and the mild correction imposed by serious crypto will still leave the cops leaps and bounds ahead of where they were seven years ago, while making everyone more secure from the overreach of the authorities and the depredations of criminal hackers. The law enforcement officials criticizing Apple should put aside the sense of entitlement they’ve developed in those seven years and spend some time thanking Apple and Google for making things so easy for them for so long.