Friday, September 26, 2014

FBI director disingenuous or ignorant to criticize smartphone encryption

FBI chief James Comey criticized Apple and Google this week for new encryption added to their latest smartphone product offerings, declaring “he could not understand why companies would 'market something expressly to allow people to place themselves beyond the law.'”

That statement is either a) utterly disingenuous or b) so ignorant and wrong-headed that it calls into question the man's competence to perform his job.

Apple and Google aren't trying to thwart cops. Cops are exploiting security flaws that leave consumers open to identity theft, stalking and other third-party access to their data. And Director Comey would prefer to put consumers' data and finances at risk than make his agents work a little harder to prove their cases.

Bruce Schneier summed up the conundrum thusly in a recent post: "We have one infrastructure. We can't choose a world where the US gets to spy and the Chinese don't. We get to choose a world where everyone can spy, or a world where no one can spy. We can be secure from everyone, or vulnerable to anyone. And I'm tired of us choosing surveillance over security."

Today, smart phones are increasingly used directly for commerce; e.g., you can pay for your coffee at Starbucks with a smartphone app. And many people have data on their phones they need to secure for reasons that have nothing to do with law enforcement - e.g., an attorney with confidential client information, a doctor accessing personal medical data, or a defense contractor worried about cyber-sleuthing by the Chinese.

You'd think the FBI director would applaud these companies for making personal information more secure from hackers and thieves. That he's adopted this stance instead makes me think Mr. Comey cares less about the public's security than preserving his own agency's power, and that we probably need a different FBI director.

10 comments:

Tom G said...

In post 911, our govt thinks it is entitled to any information you have or they think you have. Simply put, the FBI Director is mad he now has to work to spy on your information. Before encryption, he could just take it.

Elvis said...

Curious if LE personnel have or frequently file "tampering with physical evidence" when suspects remotely wipe data from their phones.

Anonymous said...

In a recent OAN news show a guest made the statement, "The mafia could take lessons from our government." If those fake cell phone towers were spying on the government instead of for the government, they would appear in a grainy black and white video with a frame around them right before the smart bomb hit...

Anonymous said...

Once upon a time, the FBI was looked upon as the best law enforcement agency there was in this country. Or was that in a fairy tale?

Elvis said...

Many phones, including the iPhone, use passwords and or fingerprint(s) as passwords. While Apple doesn't store or have access to passwords, or so I understand; could LE not obtain a search warrant for the suspect to utilize his/her fingerprints to unlock their phone? Similar to search warrants for DNA or dental impressions. Encryption would have little bearing on this procress.

Curious if LE often file the charge "tampering with physical evidence" when someone remotely wipes the data from their cell phone?

Anonymous said...

Big Brother likes to watch.

Anonymous said...

As most iPhones and I suspect many other cell phones utilize passwords and or fingerprint technology to unlock phones; could LE not obtain a search warrant for the phone user's (owners) fingerprints to unlock the phone? Encryption or not. Similar to a search warrant for DNA or dental impressions.

I'm curious if LE often file "tampering with physical evidence" for those that remotely wipe their phones knowing there is a criminal investigation occurring and LE has the phone(s)?

Gritsforbreakfast said...

@5:46, a warrant won't necessarily get past encryption without the private key, though for Apple users there's a cloud-based backup that they can un-encrypt on the company side without the consumers' assistance.

Also, they probably don't need to get a warrant for fingerprints now that DPS is gathering all ten fingerprints from drivers, or they won't after it's fully rolled out. But fwiw there's a recent SCOTUS case that requires a warrant to access data on the phone incident to arrest.

doran said...

Coming Soon To A Law Enforcement Officer In Your Town! A really bright, tough on crime idea: Require every resident in town to deposit a copy of his or hers front door key with the police department.

Anonymous said...

4:29 PM. Your idea is already reality, at least in part. Fire departments are now hammering on businesses to install a Knox Box, basically a box outside their business with a key. The fire department has a key to the box. It gets sticky when its not voluntary, but required.

I say they can kick my door down when flames are shooting out the roof, otherwise, buzz off...