(Editor’s Note: The following is a guest blog post from Nuala O’Connor, President and CEO at Center for Democracy & Technology. It originally appeared on CDT’s website on October 8, 2014. Golden Frog is a member of CDT, an organization that fights for global online civil liberties and human rights. It works to drive policy outcomes that keep the Internet open, innovative, and free).
Smartphones have become the archives of our lives. From family photos and calendars to financial records and medical information, cell phones no longer serve solely as communications devices but are instead a comprehensive repository of both the intimate details and most mundane trivialities of our lives. They often lay next to us as we sleep, and remain close to us all day long, an integral part of our navigation of the online and offline world.
The fact that our phones are also vehicles for commercial services that run on a fuel of our personal data can be easy to forget, and many users are unaware of the security vulnerabilities on devices that open back doors to outside interference.
It’s crucial that users demand the highest level of security to both protect our personal privacy and mitigate the potential harm that can result from theft of personal data. In response to these concerns, Apple and Google recently made headlines by announcing that their smartphones would encrypt content stored on all phones by default. Personal data has become a valuable currency on the black market, and victims of identity theft know that data is often far more valuable to a criminal than the device that holds it.
Law enforcement officials, including FBI Director James Comey, did not welcome this announcement. Instead of recognizing that stronger smartphone security better protects hundreds of millions of people around the world, they view it as a threat to obtaining evidence in criminal investigations and have called on Apple and Google to reverse their policy.
Unquestionably, encrypting the content of smartphones makes it more difficult to access that information; that’s the point. However, there are still many legal channels police can pursue to access encrypted data. For example, much of the data stored on smartphones, including emails and phone records, are also stored remotely in the cloud. This information could still be obtained with a warrant. Additionally, there is legal precedent in some jurisdictions that courts may order the owner of a cell phone to unlock the phone. A recent Supreme Court ruling held that law enforcement needs a search warrant to examine smartphones, so a request to compel unlocking is hardly an unreasonable additional burden.
The core tension of this debate is balancing the need for greater government access with our country’s long tradition of individual autonomy and privacy. When the government calls for reduced security on smartphones, or worse yet, seeks technological backdoors into our devices, we are being asked to expose our personal data to criminals. Any backdoor the government can walk through to uncover evidence will eventually be used by malicious actors to exploit our personal information.
Data breaches at major retail chains like Target and Home Depot, along with the truly dangerous security flaws of Heartbleed and Shellshock, illustrate how easily criminals exploit vulnerabilities. The technology community should work together with law enforcement to find security flaws and fix them.
In addition, last year’s shocking revelations of pervasive government surveillance programs have shaken the confidence of people in their governments worldwide. As these companies work to restore the trust of their customers in digital communications systems, a swing towards stronger protection from government intrusion is necessary and warranted.
Encrypting smartphones by default is just one part of what is necessary to enhance the security of our personal information stored electronically. Much of the data stored in the cloud by companies is not fully protected from government surveillance because of gaps in the Electronic Communications Privacy Act, a law written in the low-tech world of 1986. Also, government surveillance reform legislation, including the USA FREEDOM Act, around the National Security Agency’s most invasive programs has been stalled in a do-nothing Congress. These reforms should be passed.
In the end, we are far more secure, individually and as a country, if we are empowered to control the security and privacy of our own information. As we store more and more personal data in our smartphones, we must be given the ability to protect it from sophisticated hackers and criminals. The government vision of national security where only the good guys exploit weak security is not realistic, nor is it globally scalable. We should applaud the companies that take concrete steps to enhance the security of our personal information and encourage more companies to be equally bold.
About the Author
Nuala O’Connor is the President & CEO of the Center for Democracy and Technology. She is an internationally recognized expert in Internet and technology policy, particularly in the areas of privacy and information governance. Nuala is passionate about the ways technology and the Internet can be instruments of global free expression and individual freedom, and is committed to finding policy solutions that affect real people. You can follow Nuala on Twitter at @PrivacyMama