Apple and Google are trying to assuage customer fears with new encryption to boost smartphone privacy, but the FBI is upset that the software prevents spying on the contents of a phone – even by the companies.
The makers of the two dominant smartphone systems announced separately last week they will not hold the keys to unlock the latest versions of Apple iOS and Google Android, meaning they cannot be compelled to hand over information stored on the phones to law enforcement.
Federal Bureau of Investigation Director James Comey said Thursday he was “very concerned” by this encryption, which he claimed could limit the department’s ability to monitor crime and terrorism.
“There will come a day – – well it comes every day in this business -- when it will matter a great, great deal to the lives of people of all kinds that we be able to with judicial authorization gain access to a kidnapper's or a terrorist or a criminal's device,” Comey said during a briefing with reporters.
Comey accused Apple and Google of “marketing something expressly to allow people to place themselves above the law," adding that FBI officials had been in touch with the companies on the issue.
Despite the complaints “there is little the FBI can do to force or pressure companies to change their technology to make data stored on the phones accessible to law enforcement,” says Michael Vatis, founding director of what was the FBI’s first cybercrime division, the National Infrastructure Protection Center.
“If the companies don't have the technical capability to decrypt information on their customers' phones, then they can't be compelled to do anything if law enforcement finds encrypted data and can't crack it,” says Vatis, now a partner at the law firm of Steptoe & Johnson in Washington, D.C. “And there's no law that permits the government to force the companies to change their hardware or software in advance.”
Disclosures about the National Security Agency's broad spying on people’s phone records and Internet accounts shook the public’s trust in Silicon Valley after former agency contractor Edward Snowden revealed they were forced by court order to hand over data. Tech companies have sought to regain the public’s trust this past year by boosting their encryption, so this move by Apple and Google is another such example, says Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology advocacy group.
Data stored on Internet accounts outside a phone - like Apple's iCloud -will still be vulnerable to access by hackers or law enforcement despite this new smartphone encryption, Hall cautions.
“There’s many more trails that we leave through cyberspace that they can track without legal disclosures,” Hall says. “The FBI have been asking for a wiretap assistance authority for software.”
The FBI might also be able to remotely implant malware in the phone that allows it to tap the device's communications or access stored data, Vatis says, noting some of the means that government can access phone data.
Apple said in its announcement of the new encryption on Sept. 17 that it will never allow a government agency to develop a backdoor program to access its customers’ systems. That seems to be what the FBI would like, however, says Chris Calabrese, legislative counsel for the American Civil Liberties Union.
“It almost seems like a war of words,” Calabrese says of the FBI’s complaints. “You can’t build a backdoor to a phone without making the phone less secure – and thus vulnerable to hackers.”