Your Data, Your Rules: The Encryption of Everything

1

Who owns your data? The common sense answer is obvious, but isn’t always true: in certain situations, law enforcement officials can access, search and even confiscate your electronic information. Coupled with concerns about malicious actors getting their hands on personal and corporate data, big tech players have been hard at work developing end-to-end encryption solutions that are built-in, require no action on the part of users — and according to The Economist, are now frustrating some lawmakers.

Many governments are making the case for security over privacy, while users want the freedom to search, download and communicate without observation. So what’s the bottom line — is the encryption of everything good for you, or bad for business?

Splash Damage

Lawmakers often make the case that greater privacy through encryption or anonymity — think Facebook’s “dark” site or a secure VPN — puts the general public at risk. One report called Facebook a “safe haven for terrorists,” and the FBI says encrypting smartphone, tablet and computer data is of greatest benefit to criminals. The idea here seems rooted in good sense: if law enforcements officials locate evidence of online criminal activity, they don’t want red tape impacting their ability to safeguard citizens.

But there’s a problem: sometimes, these same citizens get caught in the crossfire. In 2011 officials raided a hosting facility in Reston, VA, and seized servers looking for information related to the Lulz Security group The issue? Their search led to a host of private, non-criminal websites being taken down without any explanation or timeline for return.

There’s also the fact that until recently, tech manufacturers could be compelled to bypass the lock code on your device if compelled to do so by law enforcement. New encryption methods, however, mean that big players like Apple and Google don’t have the keys to unlock your data under any circumstances. If federal authorities want access to your information, they’ll have to ask in person — rather than trying to compel companies using laws written in the 1700s . And if hackers want to try, they’ll face an uphill battle.

The New Privacy

So how is encryption changing? It starts with services like the Facebook-owned messaging service WhatsApp, which is now using open-source software TextSecure on Android device. Using TextSecure reduces the chance of interception or decryption to almost zero, and according to developer Moxie Marlinspike can be easily added to existing apps. Biometric security measures such as Apple’s TouchID are also gaining popularity as a way to prevent unwanted access, but as noted by CNN, they’re not always so secure. Courts have found that law enforcement officials can forcibly compel users to unlock phones with biometric sensors, but cannot make you give up your passcode.

And to protect the Web at large, the Electronic Frontier Foundation (EFF), recently announced the formation of new consortium which includes big players like Cisco, Mozilla, and Akamai. They’ve created a standardized process called Let’s Encrypt, which allows websites and other online services to encrypt traffic between browsers and Internet servers at no cost. Let’s Encrypt is headed for a mid 2015 release and according to Peter Eckersley of the EFF, “within a year or two, if we complete these projects successfully, Internet users should have their browsing, their e-mail and their messaging encrypted in most or all cases by default.”

Fight for Your Rights

So what’s legal and what isn’t when it comes to privacy? Are devices with built-in encryption, anonymous websites and secure browsing above board?

As noted by the EFF, the onus is on law enforcement to prove the need for access, rather than on you to prove the need for privacy. Unless there’s an immediate, identifiable threat or police believe key evidence could be destroyed, officials in most countries need either a warrant to search or your consent. When it comes to encryption, however, there are no exceptions to the rule: your data is your business and it’s not for any company, organization or agency to give up access on your behalf. Big tech companies are behind this initiative as a way to support both personal and business freedoms, and while law enforcement may cry foul, it looks like they’ll just have to deal with it: the encryption of everything is here to stay.

1 COMMENT

  1. Good article and point on in many aspects. I can offer some further insight with regards to the courts and Law Enforcement.

    As one in the field, I work with my counterparts in the California Dept of Justice and CA Attorney’s General’s Office, along with other agencies in the state, the nation and world wide. This topic has been a HOT topic in meetings, and surprisingly, despite what law makers may try to convey (as well as the brass in various departments) most I know in the field support privacy rights 100%.

    Many I know, including myself, regularly post information on how to secure your devices, protect your information, etc. I will clarify, Law Enforcement is extremely limited on access to a person’s mobile devices since the recent US Supreme Court ruling that laid down the law that Law Enforcement DOES require a warrant to search a mobile device, even if it’s not locked. That’s because, phones are consider more private than ever and the high court recognized that. Many agencies immediately revised their search policies once that ruling came down. The truth is, why would an officer want to search a phone without a warrant; you only open up your actions to a great legal challenge when the case goes to court.

    As for the your note about Law Enforcement being able to compel someone to use their biometric to unlock the phone, that is the result of a result Virginia Dist Court ruling; a highly flawed ruling in light of the high court ruling earlier last year. That case is already being appealed by the ACLU and other others, including support letters from law enforcement community members.

    The focus is not on the biometric, but the mere fact that the phone was locked, and to unlock it, violates the guise under what the high court ruled about requiring warrants. Additionally, forcing someone to use their finger to unlock a phone directly flies in the face of 5th Amendment rights of Self Incrimination.

    My peers in the court system are already telling me several of the Supreme Court justices are angered at the Virginia ruling; yet, this is par for the course with the VA district court and CA’s 1st District Court of Appeals. In spite of the VA ruling, most agencies I deal with have policies not to force unlocking of phones; period.

    I have to be honest, this is the stuff that gets me excited. My expertise is Constitutional Law and one of my own cases is the California ruling with regard to DNA collection for felony arrest; a case directly from the work I do.

    As I tell many, I may be in the field, but I’m not ready for a police state. The American public is so unaware of the civil liberties they are giving up; most notably because of Social Media. Once the public allows corporations to gather information without challenge, it only opens Pandora’s Box to allow government entities to do the same. A good case in point is Koozoo (should do a review on them some day).

    The launched in San Francisco, on my street with a group from the neighborhood association. In short, a camera(s) on every home, aimed at the street, filming everything, including people across the street in their own home. I raised the red flag on this and Koozoo called an emergency meeting. First question from Koozoo legal expert; “any attorney’s here.” I don’t practice anymore, so I didn’t raise my hand. He claimed the 4th Amendment only applies to Gov entities. I replied, while the Amendment states gov entities shall not do certain things, there is no language in the Amendment itself, stating the Amendment is only applicable to gov entities. You could here crickets. I told them; “why do you think Google Earth blurs peoples faces, license plates, etc?

    What was revealing was Koozoo operates the group on a web portal, and on that portal was the local police department, city Mayor and others. So, police had direct visual of what they legally cannot partake in. When this was brought up to the City Attorney, the Attorney General and others, suddenly Koozoo toned down. It’s one thing to aim a cam at your door to prevent crime, but to randomly film people in public is not that easy. In California Articles 1 & 13 of the state constitution afford citizens significant privacy rights in public.

    Anyway, probably delve into this more than you wanted to know. I guess my overall message is not all of us support the changes we are seeing and appreciate groups such as yours that are fighting to protect our privacy.

LEAVE A REPLY