Category: Encryption

Should Apple fight a court order to decrypt iPhones?

There is a lot of heated discussion regarding the following. The technology companies seem to fall on the side of refusing to participate and the general consumer seems to think the technology companies should assist. While I can agree with both sides I think the bigger problem is people specifically understand what the government is requesting Apple (and eventually others) to provide.

In theory, The FBI is asking Apple to weaken the security of their products. They have stated “Hackers and cyber criminals could use this to wreak havoc on our privacy and personal safety. It would set a dangerous precedent for government intrusion on the privacy and safety of its citizens.” While most of this statement are true other specific that are not.

If Apple provided a utility to reverse encryption of Apple devices how could it be protected to not fall into the hands of others that would use such utility for criminal activities as opposed to helping solve or prevent crimes. Also, since Apple is privately held and also provides hardware to government agencies building a solution to reverse encryption could also open the door for agencies like the NSA to spy on others. We know that the NSA has a history of doing such as the document Snowden leaked confirm such.

Smartphones are packed with private information like emails, text messages, photos, financial information and calling history. They are no longer a phone but more of a personal computer with access to less complex applications. As time progresses I think phones and tablets will eventually replace laptops as portable personal computing devices. It’s really just a matter of time as Microsoft is already pushing that direction with their devices.

The scary thing is, law enforcement agencies are currently seizing and searching phones during traffic stops, raids, during interrogations and stops at the U.S. border. These searches are frequently conducted without any proper court order which makes thing even more concerning.

Several courts have blessed such searches, and so as a practical matter, if the police seize your phone, there isn’t much you can do after the fact to keep your data out of their hands. Once they have possession is theirs to do with as they please. I think the general consumer doesn’t understand that just because the courts have permitted law enforcement agencies to search seized smartphones, doesn’t mean that you have any obligation to make it easy for them.

For example, the Android mobile operating system includes the capability to lock the screen of the device when it isn’t being used. Android supports three unlock authentication methods: a visual pattern, a numeric PIN, an alphanumeric password and a fingerprint reader which is the newest addition to security.

For many obvious reasons the more simple lock screen is the pattern, followed by PIN, then alphanumeric password and finally the fingerprint sensor. Though some might argue the fingerprint sensors have proven to be “tricked” using a latent fingerprint pulled from a source and then used to trick the device into reading the latent fingerprint. I honestly wish there was an ability to use two-factor authentication for mobile devices and I am sure in time there will be. Enforcing the use of a fingerprint and password would make things much more complex. Or possibly having both hardware and software based encryption without a single sign-on (two different methods to authenticate) may suffice.

I think companies providing utilities or offering to unencrypt devices is a blessing and a curse. I do not advocate individuals who commit crimes having their devices protected so law enforcement cannot pull data from but at the same time there needs to be a line drawn in the sand. Once the order is issued completing the advocation of such where does it end?

My rule of thumb. Don’t store anything on a device you don’t want stolen or seen on a device that connects to the internet and always encrypt your data. This is obviously not always feasible and can be quite cumbersome but it’s really the only foolproof way of attempting to protect your data. Even this is not foolproof but it’s a start.

Last but not least. Don’t be a criminal and don’t do bad things.

Yes, this may be common sense but the fact is if you are a legitimate person who does not participate in criminal activities you really shouldn’t have anything to hide.