U.S. Attorney General echoes FBI’s objection to increased mobile security
Wed 1 Oct 2014
Departing U.S. Attorney General Eric Holder has reinforced the emerging objections of law enforcement departments to the new trend for client-side encryption in consumer devices.
Speaking before the Global Alliance Against Child Sexual Abuse Online, Holder said: “It is fully possible to permit law enforcement to do its job while still adequately protecting personal privacy.”
Holder, who will shortly leave the Attorney General’s post after a six-year tenure, said that rapid access to customers’ phone data can help law enforcement to protect victims and combat the activities of sexual predators and kidnappers.
The emerging strand of objection from law enforcement has been prompted by the new security features in Apple’s iOs8 mobile device operating system update, which encrypts the data on the device based on a cipher derived from the personal security passcode that the owner generates. The passcode is not sent to Apple nor made available to the company, rendering official requests for access useless – since Apple themselves cannot access the data.
A forthcoming iteration of Google’s Android mobile operating system is to offer the same kind of unilateral encryption.
Last week FBI director James Comey gave a press conference expressing similar concerns about the new trend in ‘blind’ customer data storage, and declared that the FBI was in conversation with Apple and Google on the subject.
Publicising the issue at this particular event is an obvious appeal to consumers’ sense of civic responsibility, but attaching it to the topic of sexual predators and child protection may not be enough to reverse the tide this time – if it can be reversed – due to the impact of several years of negative news items regarding the security of our data online. A case-study of great public note may be necessary to get this particularly vigorous genie back in the bottle.
It is certainly proving an alarming few weeks for those agencies which have come to depend on desk-bound, net-based investigation. Yesterday it was revealed that government-level encryption protocol Tor has been mooted for inclusion in a major consumer web browser, as yet undisclosed.
The implications for a consumer connection map which is dominated by client-side encryption and Tor-based anonymity is practically apocalyptic for investigative agencies, which have relied on the cooperation of communications companies since the invention of the telephone – if not the invention of the letter. It seems reasonable to anticipate that government in the U.S. and Europe will be addressing the rising tide of concern from their own departments soon.