On September 16, The Washington Post reported that the Obama administration may be looking for a détente in the encryption wars. For proof, they offered a leaked draft of a National Security Council paper which said that Obama should not support a law mandating a decryption backdoor in tech devices.
This bodes very well. For months, federal law enforcement has been in a tizzy over the prospect of automatic encryption in Apple and Android devices. Federal Bureau of Investigation (FBI) director James Comey said that it would benefit pedophiles. Other national security officials echoed these melodramatic sentiments. Later, UK Prime Minister David Cameron came out against unbreakable encryption. Recently GOP candidate Jeb Bush said that “evildoers” would use this enhanced privacy for…doing evil.
Apple seems to be leading this new “you can’t stop us” charge, since it began with last year’s announcement that their IOS8 would make Apple itself unable to comply with certain law enforcement requests. Previously, users could choose to encrypt their devices, but making it all automatic means someone would have to opt out of these privacy measures. This could set a fantastic precedent for privacy. Now a user need not have the tech savvy of an Edward Snowden in order to have their data secret. It will be automatic. It will be an easily purchasable commodity, even in this era of Smartphones.
The US government is currently in a fight with Microsoft, who fought a warrant in a drug investigation because their servers are in Ireland, not the States. Microsoft argues that this precedent does not bode well for dissidents in more authoritarian countries, in which governments might try to force tech companies to reveal identifying information. Strong encryption, as the NSC paper notes, would in many ways lead to increased trust in the US, and certainly in US companies. The Post sums it up: that the NSC thinks that letting Apple and the other companies have their automatic encryption “would counter the narrative that the United States is seeking to expand its surveillance capability at the expense of cybersecurity.”
Official sentiment – barring that of law enforcement – seems to be going a little more in this direction. If Obama really does back off of support for a law, and Congress is unlikely to actually get one together, privacy may simply win by default. Companies move faster than bureaucracy, and they are getting more scrappy since Snowden.
Law enforcement’s argument is that they cannot “go dark” otherwise pedophiles will keep endangering children, and terrorists will keep communicating. The national security state(s) want to be able to decrypt the contents of a phone, laptop, or tablet without owner permission, or even knowledge. Or rather, they want tech companies to do it for them, as they have done previously. Law enforcement have horror stories of kidnappers and murderers and the need to get info off of a phone right now, and they believe that such rare cases mean that the world should have less privacy, period. Tech companies repeatedly counter that they know how to build their own devices, and that if they include space for law enforcement to get in, hackers can get in as well. (Hence the more government-palatable argument over “cybersecurity risks”.)
Apple, to its great credit, has been fighting hard since Snowden’s revelations – which included some unsavory allegations against them, as well as giants like Facebook and Google having helped the feds spy. Most of the companies critiqued after PRISM was revealed responded with denials mixed with a plea for understanding that they didn’t have much choice in the matter. But the revelations did put the fire under them to at least look like they’re making a good faith effort to fight for privacy. They should be applauded for this and pushed ever farther.
On Apple’s website they tout privacy now and again claim they “wouldn’t be able to comply with a wiretap order even if we wanted to.” According to The New York Times, this has already come up. Apple’s recent response to a law enforcement request to decrypt both ends of an IMessage chat, so that investigators could crack a drug case, was denied. Said Apple, they can’t do it. They literally can’t do it. They don’t have the decryption keys for the phones.
National security fans can relax, though. Actually, a great deal of spying can still happen. The kind that requires a warrant and informing its recipient is one. In some cases a device’s owner can be ordered by the court to provide a password. (A merely thumbprint-protected phone requires lower standards for compelled compliance than a password does. Just a tip.) And there are other options for phone sneakiness, including remotely controlling a phone as the NSA reportedly has been known to do.
Or officials can simply use a Stingray or tower dump in order to track location, and incoming or outgoing calls. (Except they now need a warrant for that as well!) Basically, what companies are starting to prevent through encryption is the kind of spying detailed in the accounts of the NSA’s PRISM program – where law enforcement goes to the companies and orders them to secretly hand over data
New, tough, automatic encryption scares law enforcement for a very basic reason: privacy will be the default setting for a company that may sell nearly 200 million of its newest iPhone iteration. They hate the prospect of encryption being a casual, consumer good. Smartphones were a brilliant invention for many reasons – one depressing one is that they were an easy way to get people to keep a tracking device in their pocket.
Since social media and real names took over from the early, anonymous web, lack of privacy has been winning. We have tools to fight this such as the anonymous web browser Tor. We have items such as the “blackphone” which will give us (possible) privacy for the low, low price of $629. But the cost and the complexity and the intimidation factor keeps these privacy protections out of most casual tech user’s hands.
That is the supposed danger of Apple and Google doing the encryption legwork for people, that it will make privacy as easy and thoughtless as using social media is now. And then privacy could become not a nerdy, fringey thing we have to squeeze out of tech and tech companies, but something we get because we deserve it as human beings (and as savvy consumers). We’re still a long way off from that ideal. Apple can’t end the NSA, and it can violate users’ privacy in its own way. Still, we should applaud them and every other company that is telling the feds to mind their own damn business.
Lucy Steigerwald is a contributing editor for Antiwar.com and a columnist for VICE.com. She previously worked as an Associate Editor for Reason magazine. She is most angry about police, prisons, and wars. Steigerwald blogs at www.thestagblog.com.