Law enforcement agencies have a problem.
They know that more and more of us use our cellphones and other devices to communicate, and that they contain a wealth of information of about our circle of friends, our family, those we do business with.
But most smartphones encrypt their data when locked, stopping everyone – including the device’s manufacturer – from breaking in.
Unless law enforcement agencies can find a way to bypass the device’s security by exploiting a software flaw, the best they can hope for is to guess a mobile phone’s passcode or to find a suspect willing to cough up.
Speaking at the International Association of Chiefs of Police conference in Philadelphia, FBI director Christopher Wray called device encryption “a huge, huge problem”, and admitted that the agency had failed to retrieve data from more than half of the mobile devices it had tried to access in the last 11 months… even though it had the legal authority to do so.
The issue perhaps came to greatest prominence with the general public after the San Bernardino shooting, when Apple resisted demands from the Department of Justice to help it unlock an encrypted iPhone 5C owned by gunman Syed Farook Rizwan.
I can understand the frustration of those tasked with investigating crime, and yet…
… wouldn’t things be much much worse if such devices’ weren’t securely encrypted?
If modern smartphones had weaker security or – heaven forbid – backdoors that allowed the-powers-that-be to open them even when locked, then that would surely open up opportunities for criminals to do the same.
Think of how many innocent, law-abiding people misplace their mobile devices every year. And how many of those devices could fall into the hands of criminals. We’ll never know just how many people’s privacy has been protected by device encryption, or how much damage could have been done if criminals, identity thieves, and state-sponsored hackers had the means to crack smartphones open to reveal the data within.
But my hunch is that although it might have been nice for FBI investigators to have been able to crack into those 7000 mobile devices, much more harm could be done if all of our devices were not properly secured.
According to a BBC News report, FBI Director Christopher Wray appears to acknowledge that the privacy encryption offers is an understandable and attractive feature:
“I get it, there’s a balance that needs to be struck between encryption and the importance of giving us the tools we need to keep the public safe.”
In the case of the San Bernardino iPhone 5C, the authorities stopped pressuring Apple after the FBI paid over $1.3 million to a third-party who provided an exploit which was able to unlock the device… revealing “nothing of significance”.
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all postsSeptember 06, 2024
September 02, 2024