New Level of Smartphone Encryption Alarms Law Enforcement
New Level of Smartphone Encryption Alarms Law Enforcement
Moves by Apple and Google Are Latest Fallout From Snowden's Disclosures
By DEVLIN BARRETT And DANNY YADRON CONNECT
Updated Sept. 22, 2014 7:42 p.m. ET
Moves by Apple Inc.and Google Inc. to put some smartphone data out of the reach of police and the courts are raising alarms inside U.S. law-enforcement agencies, current and former officials say.
Several officials in Washington said they were bracing for a confrontation with Silicon Valley on the issue, the latest fallout from the revelations by former National Security Agency contractor Edward Snowden about government surveillance.
Last week, Apple announced that its new operating system for phones would prevent law enforcement from retrieving data stored on a locked phone, such as photos, videos and contacts. A day later, Google reiterated that the next version of its Android mobile-operating system this fall would make it similarly difficult for police or Google to extract such data from suspects' phones.
It's not just a feature—it's also a marketing pitch. "It's not technically feasible for us to respond to government warrants for the extraction of this data," Apple's website says.
Apple acknowledged it could still hand such data over to law enforcement that users back up on the company's iCloud servers. And police can access some iPhone data without Apple's help, because phone firms keep call logs and Apple doesn't control data from third-party apps.
In its announcement, Apple also sought to distinguish itself as more protective of customers' privacy than its competitors are, saying it doesn't use customers' data to sell or target ads. Google didn't comment on the customer privacy issue.
The moves highlight the continuing challenge for law enforcement in responding to new technologies. Other innovations, such as texting, instant messaging and videogame chats, created hurdles to monitoring communication, though law-enforcement agencies in almost every instance eventually found ways to overcome them.
But this time, two of the best-known U.S. companies are advertising that their phone systems may be able to beat a court order, and putting the technology in the hands of tens of millions of people.
"All of a sudden, a for-profit company has decided, 'We're going to step in and be the first line of defense for customers against their own government,' " said Brian Pascal, a fellow at Stanford University who has worked on privacy issues at Palantir Technologies Inc. and International Business Machines Corp. IBM -0.46%
Apple previously ruffled Justice Department feathers by encrypting its iMessage texting and FaceTime calling services, making them more difficult for police to intercept. Apple says even it cannot decipher the communications.
Now, Apple said its new iOS 8 mobile-operating system will by default encrypt certain data on the phone if users set a passcode. That will make the data undecipherable, to both phone thieves and police. The new operating system works with any iPhone released since late 2011, starting with the 4s model. About one-quarter of Americans owned an iPhone as of May.
In the past, investigators with court orders have been able to send harvested iPhones to Apple's Cupertino, Calif., headquarters, where engineers could extract certain data.
Last week's announcements surprised senior federal law-enforcement officials, some of whom described it as the most alarming consequence to date of the frayed relationship between the federal government and the tech industry since the Snowden revelations prompted companies to address customers' concerns that the firms were letting—or helping—the government snoop on their private information.
Senior U.S. law-enforcement officials are still weighing how forcefully to respond, according to several people involved in the discussions, and debating how directly they want to challenge Apple and Google.
One Justice Department official said that if the new systems work as advertised, they will make it harder, if not impossible, to solve some cases. Another said the companies have promised customers "the equivalent of a house that can't be searched, or a car trunk that could never be opened.''
Andrew Weissmann, a former Federal Bureau of Investigation general counsel, called Apple's announcement outrageous, because even a judge's decision that there is probable cause to suspect a crime has been committed won't get Apple to help retrieve potential evidence. Apple is "announcing to criminals, 'use this,' " he said. "You could have people who are defrauded, threatened, or even at the extreme, terrorists using it.''
The level of privacy described by Apple and Google is "wonderful until it's your kid who is kidnapped and being abused, and because of the technology, we can't get to them,'' said Ronald Hosko, who left the FBI earlier this year as the head of its criminal-investigations division. "Who's going to get lost because of this, and we're not going to crack the case?"
Even as officials debated how to respond to the change, a high-profile missing person case pointed to the potential implications of the new technology. Last week, authorities issued search warrants for the apartment, car and phone of a person of interest in the disappearance of University of Virginia student Hannah Graham, a case that remains unsolved. Under the new operating system announced by Apple, a similar phone search in the future might be fruitless.
One official of a technology-industry association said the companies are responding to pressure from customers and competition from foreign companies to offer stronger privacy protections. The official suggested tech companies would make additional moves if the federal government doesn't take steps to protect privacy.
The new security offered by Apple and Google isn't absolute. In some cases, police may be able to find ways around Apple's system, by cracking a phone without Apple's help. Experts say no system is uncrackable.
In addition, a court could try to force a suspect to unlock his phone, said Orin Kerr, a law professor at George Washington University. And a suspect could make data vulnerable to investigators by backing up files, or linking the phone to a computer.
Christopher Soghoian, principal technologist with the American Civil Liberties Union, predicted federal investigators wouldn't be too hampered by the change, but state and local detectives could be. "It's not so much a problem for 'Big Brother,' but a problem for 'Little Brother,' " he said.