Saturday, October 4, 2014

Why we need smartphone encryption

The Washington Post argues against smartphone whole drive encryption:
LAW ENFORCEMENT officials deserve to be heard in their recent warnings about the impact of next-generation encryption technology on smartphones, such as Apple’s new iPhone. This is an important moment in which technology, privacy and the rule of law are colliding.

Apple announced Sept. 17 that its latest mobile operating system, iOS 8, includes encryption so thorough that the company will not be able to unlock it for law enforcement. The encryption is to be set by the user, and Apple will not retain the key. Google’s next version of its popular Android operating system also will be unlockable by the company. Both insist they are giving consumers ironclad privacy protection. The moves are in large part a response to public worries about National Security Agency surveillance of Internet and telephone metadata revealed by former government contractor Edward Snowden.

What has the law enforcement community up in arms is the prospect of losing access to the data on these smartphones in cases where they have a valid, court-approved search warrant. The technology firms, while pledging to honor search warrants in other situations, say they simply won’t possess the ability to unlock the smartphones. Only the owner of the phone, who set up the encryption, will be able to do that. . . .

How to resolve this? A police “back door” for all smartphones is undesirable — a back door can and will be exploited by bad guys, too. However, with all their wizardry, perhaps Apple and Google could invent a kind of secure golden key they would retain and use only when a court has approved a search warrant.

The non-technical journalists at the Washington Post demonstrate their technical ignorance with this editorial. They argue against a "back door" and then immediately argue for a "secure golden key" which would be a back door. They just give the back door a different name.

Also, they argue that drive encryption protects against the NSA. It doesn't. The data encrypted on the drive is AT REST, but the NSA intercepts data IN TRANSIT.

They also make Apple's and Google's encryption sound more secure than it really is. The vast majority of passcodes can easily be cracked by a sophisticated attacker like the FBI.

In addition, they ignore the real risk of unencrypted phones getting into the hands of thieves and hackers. In 2006 Boeing lost a single laptop that contained unencrypted identifying information for 382,000 employees and former employees. The personal information of those 382,000 employees could have been protected if Boeing had simply used whole disk encryption on the laptop. Ever since then, Boeing has required whole disk encryption on all company computers. The same practice should be used for phones for the same reason. People keep important data on their phones, and encryption is the best way to protect it in the case of theft.

Let's also not forget that the FBI once argued against strong encryption for web browsers. Today that strong encryption is essential for secure online banking.

If you don't think the FBI can get access to anyone's encrypted smartphone in an emergency, let this xkcd comic explain it for you.

5 comments:

  1. The drives should be unique and understandable to us so that anyone can read the details.There are many research paper writing services in the omline market place. You should visit the appropriate site for your desured services.

    ReplyDelete
  2. James - not sure you remember this but exactly 5 years ago on BubbleMeter you made a 10 year price prediction for Arlington & DC:

    http://bubblemeter.blogspot.com/2010/01/my-dc-housing-predictions-for-new.html



    As we are now at the halfway point, any chance you could update it?

    ReplyDelete
  3. James - exactly 5 years ago on Bubble Meter, you made a 10 year price prediction for DC and Arlington:

    http://bubblemeter.blogspot.com/2010/01/my-dc-housing-predictions-for-new.html

    Seeing as we are now at the halfway mark, any chance you will update it?

    ReplyDelete
  4. So are you arguing that given between 2007 and 2009 the price of gas declined by 40% that there was 40% deflation during that time?


    What about now, is there massive deflation over the last year?

    ReplyDelete
  5. Hi, Nice site I enjoyed reading it. Thanks for sharing.
    Would it be possible if I contact you through your email? Please email me
    back. Thanks!
    Aaron Grey

    aarongrey112 at gmail.com

    ReplyDelete