Last year, Apple and Google, whose software runs 96.7 percent of the world’s smartphones, announced they had re-engineered their operating systems with “full-disk” encryption — expressly so that they could no longer unlock their own products. In effect, the companies are now able to say: “We will no longer comply with judges’ orders to unlock passcode-protected phones, because we no longer can. ”
The Manhattan District Attorney’s office immediately and repeatedly engaged the companies, Congress and the public in a dialogue about how this new level of encryption inhibits the investigation and prosecution of everyday crimes. We documented how our office’s Cyber Lab was unable to execute search warrants for 125 iPhones, because the perpetrators — of murder, sex trafficking, assault and identity theft — used devices that even Apple can’t unlock. We explained why the encryption issue is particularly important to state and local law enforcement agencies, who prosecute more than 95 percent of all crimes committed in the United States and who rely on photos, videos and messages stored on lawfully seized devices to hold perpetrators accountable, deliver justice for victims and exonerate the innocent.
[Other perspectives: We think encryption allows terrorists to hide. It doesn’t.]
In a recently published report, my office — in consultation with cryptologists, technologists and law enforcement partners — has proposed a solution that we believe is both technologically and politically feasible: Keep the operating systems of smartphones encrypted, but still answerable to locally issued search warrants.
This can be achieved in two ways: through good-faith collaboration with Apple and Google or through enactment of a federal statute providing that any smartphone made or sold in the United States must be able to be unlocked — not by the government, but by the designer of the phone’s operating system — when the company is served with a valid search warrant.
This is a reasonable, achievable, middle-ground solution. It represents the bare minimum that we need to conduct critical investigations within the rule of law. We also hope that our solution serves to dispel certain myths about local law enforcement’s position on smartphone encryption.
MYTH 1: We want to ban encryption.
We don’t. We want smartphone makers to offer the same strong encryption that Apple and Google employed without any documented security problems before iOS 8 and Android Lollipop, the two operating systems released in 2014. Previous mobile operating systems allowed the companies to access data on a seized device with a valid court order. Apple and Google have never explained why the prior systems lacked security or were vulnerable to hackers and thus needed to be changed.
To the contrary, they have characterized their prior encryption standards as the ultimate in privacy. A May 2012 guide to “iOS Security” notes that “Apple is committed to incorporating proven encryption methods and creating modern mobile-centric privacy and security technologies to ensure that iOS devices can be used with confidence in any personal or corporate environment.”
Apple offered this strong encryption with iOS 7, and at the same time, maintained the ability to help — in Apple’s own words — “police investigating robberies and other crimes, searching for missing children, trying to locate a patient with Alzheimer’s disease or hoping to prevent a suicide.”
Apple itself has demonstrated that strong encryption and compliance with court orders are not incompatible.
MYTH 2: We want to weaken smartphone security.
Some commentators believe that a return to the encryption offered by iOS 7 would mean that “a cascade of other actors, from malevolent hackers to foreign dictatorships like China and Russia will waltz through.” But they have not explained why this did not happen under previous operating systems. Indeed, according to Apple, iOS 7 “provides solid protection against viruses, malware and other exploits that compromise the security of other platforms.”
Many technologists and forensic experts offer a simple explanation: Even if a hacker were able to learn Apple’s decryption process — which Apple guards extremely closely — that hacker would also need to have the actual device to steal its data. Likewise, a thief who steals a person’s locked smartphone would also need to know either the victim’s passcode or Apple’s highly guarded decryption process to obtain the device’s data.
MYTH 3: We want a backdoor.
I understand that Apple and Google did not take their actions in a vacuum. There remains enormous public anger at several highly publicized cases of federal intelligence-gathering involving bulk data collection and other secretive practices. That’s what makes Myth 3 so potent and so credible.
So let me be clear. We do not want a backdoor for the government to access your information. We don’t want a key held by the government. We want Apple and Google to maintain their ability to comply with state and local judges’ warrants.
MYTH 4: We want “surveillance” of smartphone communications.
Our proposal is limited to “data at rest” — or information stored on the hard drive of a smartphone — that we have taken into our custody following a judge’s determination of probable cause. Our proposal does not affect the encryption of phones that we don’t have, and it does not affect encryption of “data in transit” between two devices.
Much of the encryption debate is focused on the government’s ability to access “data in transit” through real-time surveillance. Our proposal recognizes that the ability to decrypt “data in transit” poses unique technical challenges and should be limited to “data at rest.”
MYTH 5: We want warrantless searches.
Lawful access to criminal evidence on smartphones has nothing to do with the kind of mass surveillance or bulk data collection disclosed by Edward Snowden. That is not the access that local law enforcement seeks or expects. Rather than finding ways around the Fourth Amendment, our solution empowers neutral, local judges to determine whether searches are lawful — not Silicon Valley.
Explore these other perspectives: