Saturday, April 06, 2013

Encryption for cloud communications may best protect Fourth Amendment rights

Says readwrite mobile:
With government requests for personal data on the rise, there are few guarantees in place that you or I won't have our private communications snooped through. Since the Fourth Amendment hasn't yet caught up with the lightning fast pace of technological change, some of the best privacy protections are often the ones implemented by tech companies themselves.
Well put. The comment comes in response to a DEA complaint that encryption on the Apple iPhone's chat services made them indecipherable, even with a warrant. Continued writer John Paul Titlow:
By architecting iMessage the way it did, Apple created a messaging protocol more secure and private than standard text messages, which is how millions of people communicate every day. As we fire those texts back and forth, we're all creating a digital trail that can be snooped upon or hacked more easily than we care to think about. But if they're being and sent and received from iPhones running iOS 5 or later, those messages are invisible to wiretaps by law enforcement or other prying eyes.

Apple didn't have to build iMessage with end-to-end encryption. Gmail isn't encrypted this way, nor are the Facebook messages that are increasingly used like texts on mobile devices. Clearly, SMS text messages aren't particularly well-secured either. Whether winning privacy points was its motivation or not, Apple definitely racks up a few for this.
Legislation like Texas Rep. Jon Stickland's HB 3164 to require warrants to access electronic communications is one way to protect privacy for third-party facilitated communications, but a far more effective one would be if Gmail, Facebook, and other major providers encrypted user messages. Those companies may or may not have an economic incentive to do so, but they're arguably in a better position in many cases than legislatures or the courts to protect privacy and Fourth Amendment rights.

1 comment:

Soronel Haetir said...

I suspect that if such encryption became widespread practice that the companies would be legislatively required to switch to an implementation where the messages could be recovered. Whether that would be upon probable cause warrant or a lesser showing I leave as a guess to the venality of legislators.