Battle Heats Up Over Encryption-Protected Smartphone Data

Thursday, February 11, 2016
(graphic: mattjeacock, Getty Images)

By Melody Gutierrez, San Francisco Chronicle via New York Times


SACRAMENTO, Calif. -- A fight over encryption-protected smartphone data is heating up in California and New York, where lawmakers and law enforcement groups are pushing bills to enable investigators to unscramble data to obtain critical evidence in human trafficking, terrorism and child pornography cases.


The bills seek to loosen the powerful encryption tools major cell phone manufacturers have put in place to protect a smartphone user's privacy and guard against hacking. Supporters argue law enforcement needs access to data that can help them prove or solve criminal cases, while technology and privacy groups are concerned the legislation would put a user's personal information at risk.


``If your kid goes to meet someone and your kid disappears and we find the phone, right now -- today, there is no way for us to find out who they were last texting, who they were talking to unless you have the pass code to get in,'' said Assemblyman Jim Cooper, D-Elk Grove (Sacramento County), who authored the California legislation, AB1681.


A similarly worded bill is being considered in New York. Legislation is also expected to be introduced in Congress, where proposals are being discussed in the wake of the San Bernardino terrorist attack in December. Sen. John McCain, R-Ariz., has called for anti-encryption legislation, writing an opinion piece for Bloomberg last week saying privacy is important, ``but this must be balanced with concerns over national security.''


Sen. Dianne Feinstein, D-Calif., has said she plans to introduce legislation with Senate Intelligence Committee Chairman Richard Burr, R-N.C., to require companies to provide encrypted data when presented with a court order.


Encryption protects data such as photos, messages, e-mails, contacts and call history on smartphones by scrambling the information so that it can't be seen or read unless someone unlocks it with the pass code set up by the phone's owner.


Before 2014, virtually all smartphones had encryption protections that could be unscrambled by manufacturers so that if law enforcement took a search warrant and a cell phone to a manufacturers like Apple, the phone-maker would unlock and turn over material covered under the warrant.


But now, some newer smartphones and tablets, including Apple and Google devices, automatically encrypt the hard drives so that the data can only be accessed with the log-in code set by the user. Under this stronger data encryption, companies cannot unlock protected material. That means when an officer has a warrant to search a suspect's phone, the data can only be accessed if the suspect surrenders the pass code.


``You have a murder victim and they are dead, and their phone is locked,'' Cooper said. ``Of course as a detective I would want to know who they talked to last, but I can't access that phone? To me, a lot of these things aren't fully thought out.''


Cooper's bill, like the legislation in New York, would essentially roll back the technology so that cell-phone data can be decrypted or unlocked by the device manufacturers or operating system providers Manufacturers would face a $2,500 fine for each phone sold in the state that is not capable of being decrypted.


Cooper said he's trying to reach a middle ground with critics who say they don't want law enforcement to have the capability of disabling a phone's encryption.


``I'm OK with sending that phone to Apple with a copy of the search warrant and Apple sending the information back to law enforcement,'' Cooper said. ``So there is no privacy issue.''


Andrew Crocker, staff attorney at the Electronic Frontier Foundation in San Francisco, said the legislation would still weaken privacy protections.


``Yes, Apple could create a system where they have a key, but then they have a target on their back,'' said Crocker. ``It's not an issue of Apple being uncooperative. This is just how you design a feature to be secure.''


Crocker said lawmakers like Cooper don't see the risk that hackers pose to innocent people, who store a great deal of personal information on their phone, including financial and medical records. He said those with something to hide on their phones will find other ways to get around the law, such as buying an encrypted phone out of state or using a third-party encryption software.


``Computers don't differentiate between who has the key,'' Crocker said. ``If you make the key accessible to anyone other than the owner, it will make it vulnerable to an attack.''


A consortium of cyberactivists and technology organizations issued an open letter last month under an initiative called Secure the Internet to fight the attempt by governments across the world trying to ban or limit encryption tools.


``Our safety and privacy depend on secure communications tools and technologies,'' the group wrote in the letter. ``Encryption protects our most personal and sensitive information: our communications, bank information, medical records, and more.''


Crocker said law enforcement has made the same argument against encryption technology since the 1990s.


``I don't question their motives,'' Crocker said. ``But, they aren't taking in the whole set of facts or they wouldn't introduce bills like this.''


For crime victims advocates like Jenny Williamson of Courage Worldwide, giving officers a way to unlock a phone is crucial to helping catch human traffickers. She said information in a pimp's phone can prove a girl was trafficked, perhaps allowing a teen to avoid having to take the stand against her trafficker.


``The phone holds the evidence to her abuse,'' Williamson said at a news conference in January at the state Capitol in support of AB1681. ``The phone holds the evidence to her being sold as a commodity.''


Cooper said he's already seen ``so much misinformation'' about his bill in the two weeks since he introduced it. The bill has not yet been scheduled for a hearing in the Assembly.


``It's kind of like the vaccine debate last year,'' Cooper said. ``It's crazy misinformation. The biggest thing is the information we want to get is from your phone at rest, not information traveling over the airwaves. This won't affect 99.9 percent of the public.'


To Learn More:

U.S. Demand for Encrypted Data from Tech Firms Moves from Backdoor Access to Backroom Deals (by Noel Brinkerhoff, AllGov)

Major Tech Firms Continue to Resist U.S. Government Demands for Text and Email Access (by Noel Brinkerhoff and Steve Straehley, AllGov)

            The Latest Spying Revelations: SIM Cards and Hard Drives (by Steve Straehley, AllGov)


Leave a comment