23 September 2014

The Encryption Wars Continue

September 20, 2014 

For quite a while it has been the case that properly implemented encryption will defeat efforts to crack it(at least using current technology). Yet it has been the case for an equally long time that very few people actually use encryption to protect their vital secrets – not journalists, not criminals, and most assuredly not the (perhaps mythical) “average layman user.”

Why is that the case? Nobody knows for sure of course, but speculation reasonably focuses on a range of possibilities: ignorance; complexity; laziness and hubris lead the list. User error is a frequent issue. Of all of these, I tend to think complexity and laziness lead the list – that is, most encryption programs are difficult to use and need to be installed. They don’t have “one button” applications and they are not “on” by default.

That seems to be changing. And the reason is, as many have predicted, less about the utility of encryption and more about the business necessity of appearing resistant to government surveillance. That explains Apple’s recent decision to make encryption the default in its new operating system iOS8, that is being delivered in the new iPhone6. For data stored on a device the user (and only the user) will have the passphrase to unlock the data. The move is so widely lauded that Google moved quickly to follow with its own Android operating system.

There are a number of legal and practical implications of this transition, almost all of which reset the balance between security and liberty in a way that tends to favor more libertarian impulses: 

The transition will essentially render moot last terms decision in Riley v. California (proving once again that by the time the Supreme Court addresses a technological issue the issue is irrelevant!). Rileyheld that, as a general matter, law enforcement will need a search warrant to access data on a cell phone. While that certainly raises the bar for access, it does not do so to an impossible degree. Probable cause is, after all, a standard that law enforcement establishes every day around the country. 

By contrast, however, the new operating systems act technologically to divest Apple and Google of any ability to respond to a warrant – they can’t produce what they don’t have. So this Fourth Amendment question now becomes converted to a Fifth Amendment question – whether or not the owner of the cell phone can be compelled to unlock his phone by providing the passphrase. Unlike the Fourth Amendment context, this privilege is absolute. If courts recognize the Fifth Amendment protection then the data on the phone is absolutely unavailable to law enforcement – which would be a significantly greater crimp in law enforcement (or counter-terrorism) investigations.
 
That makes the growing debate over the extent of a Fifth Amendment privilege even more salient. When last I wrote about it, the latest word was an Eleventh Circuit case In Re: Grand Jury Subpoena (US v. Doe), which held that disclosure of the passphrase could not be compelled. That debate is not, however, over. Earlier this year, the Massachusetts Supreme Judicial Court ruled to the contrary. InCommonwealth v. Gelfgatt, the Court held that disclosing the passphrase disclosed only the capacity to decrypt, which was a “foregone conclusion” and did not implicate any proof of authenticity, control, or knowledge. That seems to me a highly suspect conclusion – but it is evidence that the legal question is not settled in the least. 

Notwithstanding all of the strum und drang there may actually be less to these announcements than meets the eye. Why? Because the encryption default lock applies =only= to data on the phone itself. Aswe’ve noted before, unless you encrypt data before you store it with a cloud service provider then it is the provider’s encryption, not the user’s, that matters. And, of course, most Apple users store data in the iCloud (they like to synchronize data across all their devices) and Android users store their data in Google’s cloud storage for the same reason. And that sort of synchronicity remains the default “on” function in both operating systems. So, all that data stored behind a hard encryption lock on your phone is accessible from your cloud storage provider as a back up. And that data may sometimes be accessed with a subpoena – that is, on a basis requiring less than probable cause. So the only way to be completely privacy protective is to turn off the cloud storage portions of your new iPhone or Android tablet – hardly a way to advance efficiency and productivity (and also, perhaps, a sign that law enforcement fears are overstated). 

Meanwhile the same business reasons that are driving the adoption of encryption are likely to frustrate any effort to end the synchronicity default. Apple makes its money by offering you the seamless cross-platform product. And Google’s business model involves its access to your data for advertising purposes. So don’t expect a default “off” switch for cloud storage anytime soon. 

Finally, it is worth pondering the larger individual trade-off question. While I certainly respect the opinion of those who perceive government surveillance as a threat, I sometimes wonder if they are forgoing too many technological advantages in the pursuit of personal privacy. Encrypting your data and turning off your synchronization means that if you forget your passphrase your data is gone … totally gone. It means that you can’t automatically see a picture you took on your iPhone when you go to create a family newsletter on your Mac. One answer, of course, is differential encryption (protecting only sensitive data), which is what I do with my client files. But overall, we sometimes don’t recognize, I think, the efficiency/security tradeoff.

No comments: