While the newest Apple Inc and Google Inc smartphones will automatically encrypt data stored on them, that won't keep the US law enforcement and intelligence agencies from obtaining evidence linked to the devices.
Marketing by the two companies in which they pledge to shield photos, documents, contact lists and other data from the prying eyes of government or hackers won plaudits from privacy advocates. It also drew condemnation from US Attorney General Eric Holder, Federal Bureau of Investigation (FBI) Director James Comey and local police officials who say it will make it harder to investigate crimes ranging from child abuse to drug trafficking and terrorism.
Those assertions "are wildly exaggerated" because police can still obtain evidence through traditional court warrants while revelations about government spying show the National Security Agency (NSA) can break or bypass encryption for terrorism investigations, said Jonathan Turley, a constitutional-law professor at The George Washington University Law School.
The companies announced in recent weeks that their new phones will automatically scramble data so that a digital key kept by the owner is needed to unlock it, making it harder for detectives to examine the content of suspects' phones without their knowledge or cooperation. Previously, such encryption was an option that required users to endure a time-consuming process to activate.
Wiretaps, Records
"Wiretaps would still work. You can also get call-details records," Stewart Baker, a former general counsel for the NSA said. "That's available from the phone companies and it's not affected by this decision." Anything sent from or to the devices can still be captured and investigators can hack software to collect evidence. That means there will likely be little change in the way text messages, e-mails, phone calls, location coordinates and other data are mined for terrorist communications and other threats.
Data stored in so-called cloud services, including photos such as the ones stolen from Jennifer Lawrence and other celebrities, would still be vulnerable to hackers.
The encryption feature offers users some confidence and is a selling point for the companies.
Companies can be forced to turn over information stored in cloud services, Baker said. And governments with powerful spying tools such as the US and China can bypass encryption on mobile phones by hacking into suspects' devices. Right now, a committee of US judges is weighing a proposal that would give federal agents greater leeway to secretly access suspected criminals' computers in bunches not simply one at a time.
While the improved security of their smartphones is a challenge for law enforcement, the moves can help protect the privacy rights of users who haven't broken any laws, Turley said.
"Civil libertarians have long called for privacy speed bumps or barriers for the government," he said in a phone interview.
The NSA is "concerned about the proliferation of any technology that might allow international terrorists or other foreign intelligence targets to evade lawfully authorised surveillance," said agency spokeswoman Vanee Vines.
"As a general rule, NSA does not comment on specific, alleged foreign intelligence capabilities," she said.
A Google spokeswoman, Niki Christoff, said "People previously used safes and combination locks to keep their information secure - now they use encryption." "It's why we have worked hard to provide this added security for our users," she said in an e-mail.
Apple spokesman Colin Johnson declined to comment on the impact of their encryption measures beyond pointing out a public statement by Apple CEO Tim Cook on the company's website.
"We have never worked with any government agency from any country to create a backdoor in any of our products or services," Cook wrote. "We have also never allowed access to our servers. And we never will." The scope and force of secret government requests for data was highlighted last month when newly released documents showed Yahoo! Inc might have had to pay millions of dollars per day in fines if it kept refusing to comply with US requests for its users' Internet data. Yahoo complied on May 12, 2008, giving in to the NSA's Prism electronic surveillance program that had operated without public knowledge until Snowden exposed it. The company then went to court to win the right to release details of its fight against the order.
Aggressive Focus
"Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data," the policy says. Apple is based in Cupertino, California.
Google, based in Mountain View, California, earlier in September said that it was making its encryption feature automatic after offering it as an option for more than three years.
The more aggressive focus on security has also put a spotlight on the ability of technology companies themselves to access users' data. One tool in particular, little-known outside of the security community, is known as a kill switch.
Kill Switch
Built into mobile operating systems, kill switches give companies such as Apple and Google the ability to reach into users' devices remotely to delete malicious software and access content stored on them. Designed as a security feature, it's also a potential avenue for spying and it's not clear whether new encryption measures will close the door on it.
Overall, new data encryption measures represent important steps in raising consumer awareness about security and make mass surveillance harder, he said.
"If the NSA is coming after you, they will get you either way," Oberheide said. "But at least it will help prevent the inadvertent collection of information, which is where a lot of the outrage comes from about the NSA."
Marketing by the two companies in which they pledge to shield photos, documents, contact lists and other data from the prying eyes of government or hackers won plaudits from privacy advocates. It also drew condemnation from US Attorney General Eric Holder, Federal Bureau of Investigation (FBI) Director James Comey and local police officials who say it will make it harder to investigate crimes ranging from child abuse to drug trafficking and terrorism.
Those assertions "are wildly exaggerated" because police can still obtain evidence through traditional court warrants while revelations about government spying show the National Security Agency (NSA) can break or bypass encryption for terrorism investigations, said Jonathan Turley, a constitutional-law professor at The George Washington University Law School.
More From This Section
"Citizens should not assume that these encryption devices will necessarily prevent government from intercepting communications," Turley said in a phone interview. "If history is any guide, the government will find a way to penetrate these devices." The issue has renewed tension between law enforcement and intelligence agencies and technology companies trying to stand up for the privacy rights of their users. Apple, Google and other companies have been trying to restore their reputation after revelations by former NSA contractor Edward Snowden that they cooperated with government spying programs in the past.
The companies announced in recent weeks that their new phones will automatically scramble data so that a digital key kept by the owner is needed to unlock it, making it harder for detectives to examine the content of suspects' phones without their knowledge or cooperation. Previously, such encryption was an option that required users to endure a time-consuming process to activate.
Wiretaps, Records
"Wiretaps would still work. You can also get call-details records," Stewart Baker, a former general counsel for the NSA said. "That's available from the phone companies and it's not affected by this decision." Anything sent from or to the devices can still be captured and investigators can hack software to collect evidence. That means there will likely be little change in the way text messages, e-mails, phone calls, location coordinates and other data are mined for terrorist communications and other threats.
Data stored in so-called cloud services, including photos such as the ones stolen from Jennifer Lawrence and other celebrities, would still be vulnerable to hackers.
The encryption feature offers users some confidence and is a selling point for the companies.
Companies can be forced to turn over information stored in cloud services, Baker said. And governments with powerful spying tools such as the US and China can bypass encryption on mobile phones by hacking into suspects' devices. Right now, a committee of US judges is weighing a proposal that would give federal agents greater leeway to secretly access suspected criminals' computers in bunches not simply one at a time.
While the improved security of their smartphones is a challenge for law enforcement, the moves can help protect the privacy rights of users who haven't broken any laws, Turley said.
"Civil libertarians have long called for privacy speed bumps or barriers for the government," he said in a phone interview.
The NSA is "concerned about the proliferation of any technology that might allow international terrorists or other foreign intelligence targets to evade lawfully authorised surveillance," said agency spokeswoman Vanee Vines.
"As a general rule, NSA does not comment on specific, alleged foreign intelligence capabilities," she said.
A Google spokeswoman, Niki Christoff, said "People previously used safes and combination locks to keep their information secure - now they use encryption." "It's why we have worked hard to provide this added security for our users," she said in an e-mail.
Apple spokesman Colin Johnson declined to comment on the impact of their encryption measures beyond pointing out a public statement by Apple CEO Tim Cook on the company's website.
"We have never worked with any government agency from any country to create a backdoor in any of our products or services," Cook wrote. "We have also never allowed access to our servers. And we never will." The scope and force of secret government requests for data was highlighted last month when newly released documents showed Yahoo! Inc might have had to pay millions of dollars per day in fines if it kept refusing to comply with US requests for its users' Internet data. Yahoo complied on May 12, 2008, giving in to the NSA's Prism electronic surveillance program that had operated without public knowledge until Snowden exposed it. The company then went to court to win the right to release details of its fight against the order.
Aggressive Focus
"Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data," the policy says. Apple is based in Cupertino, California.
Google, based in Mountain View, California, earlier in September said that it was making its encryption feature automatic after offering it as an option for more than three years.
The more aggressive focus on security has also put a spotlight on the ability of technology companies themselves to access users' data. One tool in particular, little-known outside of the security community, is known as a kill switch.
Kill Switch
Built into mobile operating systems, kill switches give companies such as Apple and Google the ability to reach into users' devices remotely to delete malicious software and access content stored on them. Designed as a security feature, it's also a potential avenue for spying and it's not clear whether new encryption measures will close the door on it.
Overall, new data encryption measures represent important steps in raising consumer awareness about security and make mass surveillance harder, he said.
"If the NSA is coming after you, they will get you either way," Oberheide said. "But at least it will help prevent the inadvertent collection of information, which is where a lot of the outrage comes from about the NSA."