Does encryption on Apple iPhones and Google Android smartphones encourage people to go ‘beyond the law’? Best of the Web
Wednesday, October 8, 2014/
If there’s one issue at the forefront of everyone’s mind in Silicon Valley at the moment, it’s privacy.
On the one hand, there’s the fallout from revelations made by US intelligence whistleblower Edward Snowden in The Guardian about widespread wiretapping and surveillance operations by the US National Security Agency (NSA).
There are growing concerns, both among the tech giants and investors, that widespread mass electronic surveillance programs such as Prism are damaging US companies’ relationships with consumers and their ability to win lucrative contracts abroad. There is also a growing anxiety amongst some consumers about their personal information being gathered either for advertising or intelligence purposes.
On the other hand, an increase in terror threats following the rise of the Islamic State across Syria and Iraq, and military retaliation from the West, has firmly placed counterterrorism and national security back on the policy agenda.
Against this background, both Google and Apple have announced increased encryption as part of their latest smartphone operating systems, Android L and iOS 8.
How the new encryption system works
Over at his blog A Few Thoughts on Cryptographic Engineering, Johns Hopkins University cryptographer and research professor Matthew Green provides a good technical rundown of how Apple’s cryptography system works:
[Apple’s] approach is to add a 256-bit device-unique secret key called a UID to the mix, and to store that key in hardware where it’s hard to extract from the phone. Apple claims that it does not record these keys nor can it access them. On recent devices (with A7 chips), this key and the mixing process are protected within a cryptographic co-processor called the Secure Enclave.
One wrinkle in this story is that allegedly Apple has been helping law enforcement agencies unlock iPhones for a while. This is probably why so many folks are baffled by the new policy. If Apple could crack a phone last year, why can’t they do it today?
But the most likely explanation for this policy is probably the simplest one: Apple was never really ‘cracking’ anything. Rather, they simply had a custom boot image that allowed them to bypass the ‘passcode lock’ screen on a phone. This would be purely a UI hack and it wouldn’t grant Apple access to any of the passcode-encrypted data on the device. However, since earlier versions of iOS didn’t encrypt all of the phone’s interesting data using the passcode, the unencrypted data would be accessible upon boot.
Does encryption encourage people to go “beyond the law”?
The news has bought criticism from the law enforcement and defence communities, including Cyrus R. Vance Jr. in an article in the Washington Post.
Vance Jr. is the son of Cyrus Vance, who served as secretary of the army under both John F. Kennedy and Lyndon B. Johnson, and later as secretary of state under President Jimmy Carter. He argues the move will make it more difficult for law enforcement and intelligence agencies to gather information from smartphones:
While these manoeuvres may be a welcome change for those who seek greater privacy controls, the unintended victors will ultimately be criminals, who are now free to hide evidence on their phones despite valid warrants to search them.
On the losing end are the victims of crimes — from sexual assault to money laundering to robbery, kidnapping and homicide — many of whom undoubtedly are these companies’ own loyal customers.
As Craig Timberg and Greg Miller report in a separate Washington Post article, the comments echo those of FBI Director James B. Comey:
“There will come a day when it will matter a great deal to the lives of people . . . that we will be able to gain access” to such devices, Comey told reporters in a briefing. “I want to have that conversation [with companies responsible] before that day comes.”
“Beyond the law” goes both ways
Obviously, not everyone agrees with the views put forward by Vance Jr. and Director Comey, including Trevor Timm at The Guardian:
Predictably, the US government and police officials are in the midst of a misleading PR offensive to try to scare Americans into believing encrypted cellphones are somehow a bad thing, rather than a huge victory for everyone’s privacy and security in a post-Snowden era. Leading the charge is FBI director James Comey, who spoke to reporters late last week about the supposed “dangers” of giving iPhone and Android users more control over their phones.
This might be a good time to point out that Congress has not changed surveillance law at all in the nearly 16 months since Edward Snowden’s disclosures began, mostly because of the vociferous opposition from intelligence agencies and cops. The pendulum is still permanently lodged squarely on law enforcement’s side. If it has swung at all, it’s because of the aforementioned ruling by the supreme court of the United States, along with tech companies implementing more privacy protections unilaterally because US tech companies are losing billions of dollars because of the government’s spying scandals.
Did law enforcement bring Apple’s and Google’s encryption efforts on themselves?
A similar argument was made by Zack Whittaker at ZDNet, who says the intelligence and law enforcement community bought the tech industry’s current lack of faith upon themselves.
In response, Whittaker says it is entirely reasonable for the tech giants to take actions within the law that will protect their consumers’ privacy and their business interests:
“Beyond the law” goes both ways. The U.S. government, over multiple administrations, has demonstrated this with the help of Edward Snowden’s disclosures. The way that law enforcement and federal agencies have acted thus far, by using terrorism and child abduction as a way to win the hearts and minds away from the NSA surveillance scandal, is in itself heartbreaking.
Now is the time to restore faith in the technology industry — one caused by a disproportionate and overzealous White House over the past fifteen-or-so years. But a happy compromise, at least in my eyes, cannot be reached any time soon. Silicon Valley has lost its trust in the U.S. government, and so their response is reactionary, albeit still well thought-out.
Why women leave the tech industry
On a different topic, Forbes published a survey of 716 women who left careers in the IT industry. It found that women who enjoy the work are choosing to leave because they are unhappy with their work environment. Discriminatory workplaces and poor maternity leave policies were key factors:
One-hundred-ninety-two women cited discomfort working in environments that felt overtly or implicitly discriminatory as a primary factor in their decision to leave tech. That’s just over a quarter of the women surveyed. Several of them mention discrimination related to their age, race, or sexuality in addition to gender and motherhood… Of the 716 women surveyed, 465 are not working today. Two-hundred-fifty-one are employed in non-tech jobs, and 45 of those are running their own companies. A whopping 625 women say they have no plans to return to tech. Only 22—that’s 3%—say they would definitely like to.
The vigilante responsible for Facebook’s real name crackdown against transgender users
Finally, Facebook has recently been in hot water for a crackdown, for which it has since apologised, against hundreds of transgender people who do not use their real names on their accounts.
Daily Dot has the story of how the whole incident was caused by a single user who reported hundreds of accounts on the grounds they failed to meet the social network’s real names policy:
When Facebook issued an apology this week for suspending user accounts that had what it alleged to be fake names, it pinned the whole debacle on one person. This “individual,” Facebook reasoned, sewed confusion into its flawed reporting system—intended to protect against bullying and online abuse. Facebook Chief Product Officer Chris Cox explains that Facebook was caught “off guard” by a lone actor who reported “several hundred” accounts as fake. According to our source, who claims to have spent “hours and hours” systematically reporting Facebook users from the drag community and beyond, thousands of accounts were suspended—and they’ve been at it for weeks.