Smart Phones Get Smarter About Encryption

Apple, and subsequently Google, have proposed to employ new mobile operating systems that would privilege only users to decrypt the data stored on their devices.  The new encryption scheme elevates customer privacy, but at the cost of alienating local and federal law enforcement as well as forcing Congress to address the precarious balance of privacy concerns against security fears.

Several United States governmental officials have spoken out about the new encryption schemes. Former Attorney General Eric Holder has described the new encryption scheme as “worrisome,” as it would thwart law enforcement agencies’ ability to protect citizens from criminal activity and threats to national security.  Holder suggests that there are other mechanisms that could protect personal privacy while still permitting enforcement of the law.  FBI director, James Comey, has also been vocal in criticizing Apple and Google’s new encryption schemes as dangerous to law enforcement and national security.  Comey has appeared on a two part CBS 60 Minutes special episode, in which he criticizes the two companies for allowing people to “place themselves beyond the law.”

In response to the Snowden revelations of June 2013, technology companies received heavy criticism for cooperating with U.S. security and law enforcement officials by providing them with access to customer data.  The new encryption-based mobile operating systems are clear responses to this criticism and to the consequently rekindled sensitivity to privacy concerns.  These technology changes have been available for many years, but their implementation will finally make it technically infeasible for Apple or Google to respond to government warrants for extraction of data.  Lack of pushback from the CIA or NSA, however, has led some technology experts to suggest that the security agencies already have the ability or will have the ability soon to crack these encryption schemes.

It is unclear how and whether the Justice Department or the FBI will be able to reverse or mitigate the Apple/Google encryption lock out without congressional action.  The Communications Assistance for Law Enforcement Act, which was passed twenty years ago, required that telecommunications companies provide a means to carry out wiretap orders for law enforcement agencies.  However, this act was not adapted for the Internet age and does not cover mechanisms for providing data related to emails or Internet searches.  Administrative agencies may pressure Congress to enact legislation that requires a backdoor bypass to cell phone passcodes, legislation that targets phone users directly for phone records and penalize for refusal to reveal passcode upon warrant, or legislation that requires cellphone providers to store certain data independent of the phone.

However, after the 2013 Snowden revelation, there is an inclination in Congress to prioritize privacy concerns over security concerns.  For example, a recent amendment was passed that expressly forbids the NSA from forcing private companies to introduce a backdoor bypass or malware into their products.  While the emphasis in Congress is currently focused on personal privacy, the pendulum may swing in the direction of security as escalating terrorist threats in the Middle East make national security a more immediate threat.