By Jason Liu
Despite the Department of Justice (DOJ) dropping its case against Apple, (as covered in this earlier post), the same legal arguments were salient before the House Energy and Commerce Committee (Committee). On April 19th, the Committee heard testimony from the FBI, law enforcement heads, Apple and other technology experts about the use of encryption in technology and law enforcement action.
During the hearing, Rep. Tim Murphy (R-Penn.) asked the central question, “Should the government have the ability to lawfully access encrypted technology and communications?” Law enforcement officials insisted on “backdoor” access, while Apple countered that encryption protects people from cybercrime. Overall, the hearing continued to repeat prior arguments from the FBI that access was necessary to prevent criminal activity and Apple that encryption protects free speech and privacy made during the San Bernardino shooter case.
Interestingly, Amy Hess, FBI executive assistant director for science and technology, testified that since October 2015 the FBI has encountered passwords on 30 percent of devices during its investigations, and are unable to unlock the devices 13 percent of the time. We have seen the FBI turn to the courts (Brooklyn drug dealer and Boston gang conspiracy) as well as third parties to access the encrypted information.
What options should law enforcement have when faced with encryption?
On a case-by-case basis, law enforcement should have the ability to overcome encryption by turning to the courts for emergency access of encrypted technology. However, law enforcement should not have inherent “backdoor” access to data behind encrypted technology.
Capt. Charles Cohen of the Indiana State Police testified that for efficiency, law enforcement agencies used to be provided the “backdoor” keys to break the encryption as long as they presented a warrant. Apple’s Sewell responded that “cyber security infrastructure and provides the very best defense we have against increasingly hostile attacks.”
Sewell’s arguments are stronger as technology users require more and more sophisticated encryption to secure personal data. Recently in the Philippines, the personal government records of 70 million citizens were hacked to show the vulnerabilities in the current database. Purposefully building a “backdoor” vulnerability to bypass encryption raises the risk of data breach.
An access alternative for law enforcement in the horizon?
During the hearing, CNET also reported that Sewell raised the idea of the “Internet of Things” for law enforcement to obtain encrypted information. He noted that “We see that there’s an abundance of information. This will continue as … an Internet of Things becomes reality.” The “Internet of Things” is a network of machine-to-machine communication. Smart homes are prime examples, where sensors from different appliances connect together to interface with a central control hub.
Sewell may be alluding to a future in which law enforcement may be able to access sensor information stored in networks of interconnected electronics. As technology becomes more embedded in our lives and our machines (e.g., smart fridges) hold more information, it will be easier for law enforcement to obtain information about our daily lives. Even though the information on your iPhone is password protected, the cumulative information of non-encrypted technology may provide law enforcement the same information behind that password.
Image source: Pixabay.