by Larry Magid
This post first appeared in the Mercury News
The war on encryption is center stage, thanks to the battle between the FBI and Apple over the San Bernardino shooter’s iPhone. But even though the FBI found a way to access the phone without Apple’s help, there continue to be calls for technology companies to either limit their encryption in phones and other devices or at least provide government with a “back door” to make it easier to investigate terrorism and other horrendous crimes.
One of the main arguments for those worried about encryption is that it can shield terrorists and those who exploit children, because of the concern that criminals can use encryption to “go dark.” And, while that can be true, it’s also true that encryption helps protect children from those very predators and other criminals, along with bullies and others who might harm kids. Encrypting is not just for privacy and security but also for personal safety. Phones and other digital devices can contain a great deal of personal information, including our current and previous locations, home address, information about our friends and family, records of our calls and texts, email messages and web searches.
Such information, in the wrong hands, can endanger children. It’s also possible for someone with access to a child’s phone to bully others, distribute images on the phone or commit a crime in the child’s name. That’s why it’s important to have a strong passcode on your phone as well as a strong password on any cloud backup services such as an Apple iCloud or a Google account. But even devices with strong passwords aren’t necessarily hacker proof, which is why it’s important that they be encrypted.
In simple terms, encryption software scrambles communications so that they can’t be understood by anyone unless they have the code (called a “key”) to decrypt them. In modern phones, this is all handled by the device’s operating system so that data, in most cases, is decrypted as soon as you log into the phone with your passcode.
While we don’t know exactly how many children’s phones have been lost or stolen, a 2012 Pew Research study found that nearly a third of all cell phones and 44 percent of phones belonging to 18-24 year-old have been lost or stolen, and it wouldn’t surprise me if the numbers are even higher for children. If an unlocked child’s phone is lost or stolen, the person who finds it could unearth a treasure trove of personal information about the child and the child’s friends and family.
Encryption does present a challenge for law enforcement, but just because people have encrypted phones doesn’t mean that the cops are blind. For one thing, if there is any type of backup, which is often the case with today’s smartphones, law enforcement can obtain a warrant to require the custodians of the cloud servers where that information is stored to turn over relevant information. Also, virtually all communications on mobile devices passes through either a cellular phone carrier or an Internet service provider or cloud-based service and there is a good chance that the information or at least metadata transmitted by the phone can be accessed from those companies with a proper legal order. If anything, today’s mobile technology gives law enforcement more resources than ever.
There are many cases where law enforcement has been able to solve crimes because of their ability to access data with the cooperation of industry after proof of proper legal authority.
Even if a device isn’t encrypted, it is still possible for users, including predators and terrorists, to encrypt their communications using readily available encryption apps. There is even an encryption program that was reportedly written by Al Qaeda operatives to enable terrorists to hide their plans. Encryption software and apps come from multiple countries so even if the United States were to put a back door in programs from all U.S. companies, it would be possible for bad actors to use encryption tools from other parts of the world.
There are proposals to give the government and law enforcement ways to break through encryption to investigate crimes. Most of these proposals would require a court order.
While such a back door might enable law enforcement to obtain valuable information, it comes with big risks, which include both abuse by government as well as criminals and foreign agents who might get their hands on the backdoor or the data it can uncover. Such a back door would, almost certainly, consist of some type of digital access and, as we’ve seen over and over again, anything that’s digital and accessible online can be hacked. The U.S. government’s Internal Revenue Service and Office of Personnel Management are but two examples of large institutions whose highly confidential data has been breached.
A 2015 paper, “Keys under doormats: Mandating insecurity by requiring government access to all data and communications” by some of the world’s leading cryptographers and cyber security experts, concluded “millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws” adding that “criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend.” At the end of the day, encryption is about personal safety, including the safety of the millions of children who use smartphones and other encrypted devices and apps.
Parents and child safety advocates should be supporting strong encryption while, at the same time, supporting law enforcement’s needs for adequate funding and support so that they can continue to do all they are doing to help protect our children.