Data Privacy Smoke and Mirrors
As hardware and software manufacturers make public statements about hardening and protecting their services in the name of customer privacy, federal agencies speak out against it – let the smoke and mirrors game begin…
After Snowden revealed how deep tech company’s “data sharing” cooperation with the federal government has been, many of them are now making stands on protecting their customer’s data privacy. Google and Apple have announced that their latest operating systems will include encryption by default. According to the Washington Post, Apple has gone as far as stating that they will not be able to unlock an Apple device, even with a search warrant:
“Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data, so it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.”
As expected, government officials are coming out in protest of the tech giants move to protect data privacy. FBI Director James Comey recently told reporters that the move could hinder investigations and put lives at risk, “I’d hate to have people look at me and say, ‘Well how come you can’t save this kid?’ ‘How come you can’t do this thing?“
In all honesty, this just appears to be a lot of smoke and mirrors. Manufacturers have worked hand-in-hand with law enforcement for a very long time, and most likely are not going to stop now, or anytime soon. Does anyone remember Cisco’s “Lawful Intercept?”
On Cisco’s website, Lawful Intercept is defined as:
“… the process by which law enforcement agencies conduct electronic surveillance of circuit and packet-mode communications as authorized by judicial or administrative order. Countries throughout the world have adopted legislative and regulatory requirements for providers of public and private communication services (service providers) to design and implement their networks to support authorized electronic surveillance explicitly. International standards organizations have also developed standards to guide service providers and manufacturers in specific lawful intercept capabilities.”
Communication interception devices in use by the government (and apparently some law enforcement agencies) have the capability to intercept and analyze cell phone calls and other electronic signals, so having physical access to a device may not be as big as a priority as before. Even so, if someone can remotely access a device as the currently logged in user, certain data encryption is meaningless – the device will dutifully unencrypt the data for the remote user thinking it is in fact the legitimate user.
It would seem that this display of concern for data privacy is nothing more than a public display to regain consumer trust. As soon as access to a device is needed for a criminal case or terrorist incident, you better believe that a back door or other way to access needed data will be available.