Privacy

FBI Director Comey Gives Apple and Google a Tongue-Lashing

The FBI apparently is in a snit over steps Apple and Google have taken to protect their customers' personal data from the probing eyes of law enforcement officials. The companies are using encryption tools that give users ultimate control over data stored on their devices. The companies couldn't turn over their information even if they wanted to -- and they don't.

FBI Director James Comey on Thursday strongly criticized Apple and Google for hardening information stored in smartphones by encrypting data, making it inaccessible to law enforcement even with a court order.

The FBI has had conversations with both Apple and Google over the encryption features, Comey told reporters at a media session in Washington, D.C., although he personally was not involved in those talks. The talks are ongoing, with the FBI aiming to get a better understanding of the companies’ points of view.

Comey plans to gather more information about the issue and comment on the results at a later date.

FBI spokesperson Christopher Allen declined to provide further details.

“The conversation is skewed. It’s not about blaming Apple or Google, but rather a realization that technology innovation cannot be halted. This is Apple and Google’s attempt at cracking the code of secure mobility,” Trent Telford, CEO of Covata, told TechNewsWorld.

Privacy vs. Public Good

Comey accused Apple and Google of marketing products that would let people put themselves beyond the law’s reach. He referred to child-kidnapping and terrorism cases as examples of why authorities need access to information on cellphones.

Comey feared that not having a way to access smartphone data in certain situations could cost lives.

“Nevertheless, the discussion around policy is an important one for government and technology vendors to have. It’s not a viable option for government to restrict technology innovation until the world is completely secure,” said Telford.

A Fight Brewing

This is a fight government officials are going to have to take on themselves in order to get the information, according to Charles Tendell, founder of Azorian Cyber Security.

“I am very much in favor of Google and Apple saying, “if you want to get our information, you should be going through the appropriate channels. This is dealing with the person you have the warrant for. You should not be allowed to come to us and be sort of your backdoor to the access,'” Tendell told TechNewsWorld.

Developing stepped-up encryption technology for their mobile operating systems is a very bold move for Apple and Google, he said. The two companies essentially are saying that they are not going to let the government agencies compel them to turn over data from customers’ devices.

“I understand there will be accusations about hindering investigations and so forth. But Apple and Google will not have the technical capabilities to turn over that data. They do have access to whatever is in the cloud,” he said.

Access Stays With Owner

Apple and Google are stepping out of the way. They can not give access to what they themselves do not have, noted Tendell.

That information belongs to the phone owners, and they have paid for it. Apple and Google can not invade their privacy just to give the FBI access to that device, he said.

“The encryption on these phones is strong enough now that by the time the FBI breaks it, it will be completely irrelevant. Some PIN codes will actually take more than a year to break,” Tendell said. “I think it is a good check and balance. I am a hare core advocate for consumer rights and privacy.”

Soft Response

So far, both Apple and Google have been slow to respond to Comey’s accusations. Neither company responded to our requests for comment by press time on Friday.

Both Apple’s newly released iOS 8 and Google’s upcoming Android L are encrypted, or rendered in code, by default. Law enforcement officials can still intercept conversations, but they might not be able to access call data, contacts, photos and email stored on the phone.

Personal data is password-protected on devices running iOS 8. Such data includes photos, messages and attachments, email, contacts, call history, iTunes content, notes and reminders.

Apple cannot bypass user passcodes to access their data. That makes responding to government warrants for the extraction of user data technically not possible.

Phones running Android have had encryption as an option for three years, but it will be turned on by default in Android L, the next release of Google’s operating system.May Cloud BlockageEnterprises with comprehensive IT security policies will encrypt data before its put in the cloud — so cloud access to user data may not be a given for law enforcement.

“In this case, both the data on the phone and in the cloud will have been encrypted,” Garry L. McCracken, vice president for technology partnerships at WinMagic Data Security, told TechNewsWorld.

Another issue that’s cloudy is what circumstances might justify government demands to access data stored off site, he said. If an enterprise stores information in the cloud, it typically would control who gets to see the data. This is especially true in cases when data is encrypted by the enterprise before it goes to the cloud.

“If the government has a legitimate reason to want to access this data, they would have to go to the enterprise to unlock the keys. We as an industry can enforce this rule by having the enterprise protect its information before going into the cloud, with enterprise-controlled encryption management,” McCracken said.

“We are essentially taking the responsibility of managing the keys out of Apple/Google/other cloud providers hands. If Apple is no longer keeping a copy of the encryption key,” he explained, “then it is true that the data on the device cannot be accessed.”

Jack M. Germain has been writing about computer technology since the early days of the Apple II and the PC. He still has his original IBM PC-Jr and a few other legacy DOS and Windows boxes. He left shareware programs behind for the open source world of the Linux desktop. He runs several versions of Windows and Linux OSes and often cannot decide whether to grab his tablet, netbook or Android smartphone instead of using his desktop or laptop gear. You can connect with him onGoogle+.

1 Comment

  • The problem is the United States, and its agencies, have serious credibility issues, both inside and outside of their own nation – constitutional violations, spying on their allies, illegally obtained private information with no recourse to ensure that that data is ever destroyed, wrongful convictions which in spite of overwhelming evidence are almost impossible to overturn and prosecutors that refuse to accept that overwhelming evidence, a legal system where politics and perception are more important than the rule of law and justice.

    I’m personally not in favour of terrorists and pedophiles being able to communicate securely without fear of their data being accessed by authorities, but I’m even more in favour of authorities that respect their own constitutions, basic human rights, and who respect their allies, and their allies citizens.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Jack M. Germain
More in Privacy

Technewsworld Channels