The FBI’s Fight With Encryption Continues. Michael Balsamo, Associated Press:

In the first 11 months of the fiscal year, federal agents were unable to access the content of more than 6,900 mobile devices, [FBI Director Christopher] said in a speech at the International Association of Chiefs of Police conference in Philadelphia.

“To put it mildly, this is a huge, huge problem,” Wray said. “It impacts investigations across the board — narcotics, human trafficking, counterterrorism, counterintelligence, gangs, organized crime, child exploitation.”

The FBI and other law enforcement officials have long complained about being unable to unlock and recover evidence from cellphones and other devices seized from suspects even if they have a warrant, while technology companies have insisted they must protect customers’ digital privacy.

The long-simmering debate was on display in 2016, when the Justice Department tried to force Apple to unlock an encrypted cellphone used by a gunman in a terrorist attack in San Bernardino, California. The department eventually relented after the FBI said it paid an unidentified vendor who provided a tool to unlock the phone and no longer needed Apple’s assistance, avoiding a court showdown.

In an age where someone’s cellphone is the key to potentially terabytes of personal data, some of which might be incriminating, what protections does the Fifth Amendment offer? Additionally, as our device unlock mechanisms move from passwords to fingerprints to advanced biometrics, what can the courts legally force you to give up? So far, being forced to divulge your passcode appears to be protected, but in 2014, a Virginia judge ruled that police could legally force a man to unlock his phone with his fingerprint. As pointed out by Marcia Hofmann, an attorney and special counsel to digital rights group Electronic Frontier Foundation, a biometric password is a unique legal challenge, because “is it something you know, or something you have?”

I believe U.S. citizens have a fundamental right to privacy, but the legal questions surrounding this generation’s data, privacy, and use of encryption have a ways to go before we can codify a reasonable set of laws. I have no doubt encrypted devices are a significant impediment to the FBI’s work, but asking companies to weaken security features or install digital backdoors is both irresponsible to customers and sets a dangerous legal precedent for use of the All Writs Act.

Additionally, encryption—as in the maths and algorithms that we use to encrypt data—is here to stay. Having one company weaken (read: break) their encryption implementation won’t stop a soul from going out and encrypting data on their own. And with everything from email to notes to chat to to-do lists implementing some form of encryption, personal privacy is not only a selling point, but also increasingly accessible. Can’t stop it now.

Tuesday, 24 October 2017