All our children will be kidnapped and exploited unless we permit the government to have unfettered access to all our private communications.
That's an exaggeration -- but not much of one -- of the inflammatory claims government officials have been making since Apple announced it had made its iPhones more secure for users.
Earlier this month, Apple announced that the data that iPhone users stored on their phone would benefit from the enhanced protection of passcode-protected encryption. "On devices running iOS 8, your personal data such as photos, messages (including attachments), email, contacts, call history, iTunes content, notes, and reminders is placed under the protection of your passcode." It went on to explain that this would make Apple unable to respond to a very narrow set of requests from law enforcement -- those for content that exists only on the phone. "[I]t’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8."
In response, various law enforcement officials have attacked the move, suggesting Apple (and Android, which will soon match Apple's move in making encryption the default) were catering to child predators. "Apple will become the phone of choice for the pedophile," a top Chicago detective claimed to the Washington Post.
Attorney General Eric Holder obliquely made a similar complaint at a speech combatting child sexual abuse on Tuesday. "[L]aw enforcement needs to be able to take every legally available step to quickly find and protect the child and to stop those that abuse children," the nation's top law enforcement officer said. "It is worrisome to see companies thwarting our ability to do so."
In their bid to demonize Apple, law enforcement sources have either remained totally silent about how limited the effect of this change really is, or even provided obviously false claims about it. In a piece for Post Everything, for example, former Assistant FBI Director Ronald Hosko originally claimed Apple's move would have led to the death of a kidnapping victim this year. "Had this technology been used by the conspirators in our case, our victim would be dead." After numerous people pointed out that the FBI rescued the victim using phone wiretaps which would be unaffected by this change, Hosko backed off that claim (though he did not correct all versions of the op-ed), replacing it with other inflated claims about data being "impossible" to obtain when it, too, would often remain available by other means.
These types of claims make law enforcement look ridiculous. They either betray a willingness to lie -- or a misunderstanding of the difference between a storage device and a phone service.
Apple's change may lead some currently available data to become unavailable. For users who use the default encryption but not the default iCloud storage, for example, iMessage chats might be unavailable via either the device or iCloud backup. But the most significant of these uses require users to use non-default settings, which is only slightly easier than accomplishing the same outcome via some other encryption that already exists.
Similarly, encrypting the iPhone might make the "Frequent Locations" function -- which tracks everywhere you go and how often, and Apple stores the data on your phone -- unavailable to law enforcement. But law enforcement can still get location data from telecoms, albeit in less convenient fashion.
Encrypting iPhones might have the biggest impact on law enforcement searches that don't involve warrants, contrary to law enforcement claims this is about warranted searches. As early as 2010, Customs and Border Patrol was searching around 4,600 devices a year and seizing up to 300 using what is called a "border exception." That is when CBP takes and searches devices from people it is questioning at the border. Just searching such devices does not even require probable cause (though seizing them requires some rationale). These searches increasingly involve smart phones like the iPhone.
These numbers suggest border searches of iPhones may be as common as warranted searches of the devices. Apple provided account content to U.S. law enforcement 155 times last year. It responded to 3,431 device requests, but the "vast majority" of those device requests involved customers seeking help with a lost or stolen phone, not law enforcement trying to get contents off a cell phone (Consumer Reports estimates that 3.1 million Americans will have their smart phones stolen this year). Given that Apple has by far the largest share of the smart phone market in the U.S., a significant number of border device searches involving a smart phone will be an iPhone. Apple's default encryption will make it far harder for the government to do such searches without obtaining a warrant, which they often don't have evidence to get.
If law enforcement wants to retain this access, they should be honest about what they might lose and why every iPhone user should be asked to carry a phone that is susceptible to criminal targeting as a result. Trading default encryption for a limited law enforcement purpose is just that -- a trade-off -- and officials should be prepared to discuss it as such. And, as forensics expert Jonathan Zdziarski explains, there's a mountain of other data still available to help law enforcement solve crimes. "There is such a mount of peripheral evidence out there that only a small handful of cases are even likely to have the iPhone be the sole smoking gun to begin with," he explained. "Cops have iCloud data, iCloud backups, call records, voicemail records, text messages from the carrier (if obtained within a certain retention period), gmail, email, web logs, trap and trace, proxy logs, not to mention copies of data from other people involved or from the victims themselves, desktop backups (if available), sometimes even a desktop (as many criminals don’t use encryption at all). Add to that they’re eavesdropping on the whole damn Internet."
The FBI is using unrealistic examples to demand a fifth of Americans leave their data exposed -- often, to criminals stealing their phones! -- all to catch the tiny number of criminals who hide all the evidence of their crime inside an encrypted iPhone.
Moreover, it's not like the FBI opposes every "technology" that criminals use to facilitate crime. One of the most frequently used technologies to hide crime or make it harder to prosecute -- and on a much larger scale than a smart phone -- is business incorporation, which not only provides individuals a significant degree of protection from prosecution, but provides ways to make it harder to trace the culprit of crimes. The cartels involved in human trafficking and kidnapping, precisely the crimes top law enforcement profess to be so concerned to combat, are only one of a number of types of criminal that exploit such tools.
Attorney General Holder even acknowledged as much in a recent speech, admitting that individuals often get away with more sophisticated financial fraud because "corporations are structured to blur lines of authority and prevent responsibility for individual business decisions from residing with a single person." Yet Holder's response was to come up with new laws and more creative investigative methods, not to eliminate the corporation as the empowering tool. Not only hasn't he or the FBI (or the SEC, which regulates the banks) screamed about the dire need to eliminate these tools, but they would be regarded as crazy if they recommended the elimination of corporations without discussing the trade-off of the benefit they bring with the damage criminal use of them does to society.
That's what we're faced with: a trade-off. In the past, Apple's phones were woefully unprotected. Going forward, almost all the Apple data that law enforcement sources are complaining about will still be available either via a warrant for iCloud content or via an order to a phone company.
And until law enforcement talks about this as a trade-off -- and recognizes that workable encryption for phones carrying a lifetime of data offers real benefits to everyone, not just pedophiles -- they should be treated as dishonest alarmists. We can have a discussion about these trade-offs ... once law enforcement stops making inflammatory accusations and starts talking about their real needs.
Shares