Manhattan District Attorney on collision course with tech giants after call for weaker encryption
Officials in New York are calling for weaker encryption levels on smartphones in order for law enforcement to be able to easily access the data stored on the devices.
The stance sets New York officials firmly against leading technology companies and privacy campaigners, who have consistently opposed efforts to weaken encryption systems.
The call to weaken smartphone encryption was made by Manhattan District Attorney Cyrus Vance Jr.
During the sixth annual financial crimes and cybersecurity symposium, he urged the US Congress to pass a law that ensures smartphones only utilise weaker encryption standards.
Indeed, the Manhattan District Attorney’s Office has also published a white paper detailing the investigative challenges posed by smartphone encryption.
“In September 2014, Apple Inc announced that its new operating system for smartphones and tablets would employ, by default, what is commonly referred to as “full-disk encryption,” making data on its devices completely inaccessible without a passcode,” said the whitepaper. “Shortly thereafter, Google Inc. announced that it would do the same. Apple’s and Google’s decisions to enable full-disk encryption by default on smartphones means that law enforcement officials can no longer access evidence of crimes stored on smartphones, even though the officials have a search warrant issued by a neutral judge.”
“Apple and Google are not responsible for keeping the public safe,” the paper argued. “That is the job of law enforcement. But the consequences of these companies’ actions on the public safety are severe. That is why my Office has been working with our law enforcement partners around the world to craft the solution recommended in this Report. We believe there is a responsible way to balance safety and security.”
“Congress should enact a statute that requires any designer of an operating system for a smartphone or tablet manufactured, leased, or sold in the US to ensure that data on its devices is accessible pursuant to a search warrant,” the paper proposed. “Such a law would be well within Congress’s Commerce Clause powers, and does not require costly or difficult technological innovations.”
But this argument is unlikely to impress privacy campaigners and technology companies. Indeed, in June a number of leading technology companies including Google, Apple, IBM, Microsoft and Facebook wrote a strongly-worded open letter to President Obama, calling for him to respect the privacy rights of consumers by not weakening encryption systems.
President Obama previously said he recognised the need for privacy, but he had asked tech companies to allow the government to break that encryption when necessary. That said, the White House backed down on the matter last month.
Yet law enforcement frustration remains. Earlier this year, the chief for Europol echoed previous comments by the FBI and GCHQ when he said the increasing prevalence of encrypted Internet communications presents a major difficulty for law-enforcement and national security efforts.
US law enforcement have also complained in the past that encryption can prevent the FBI and the Department of Homeland Security from examining data during investigations. And in April the leading counter-terrorism policeman in the UK said that some tech firms are helping militants avoid detection by developing systems that are “friendly to terrorists”.
In January Prime Minister David Cameron said that he wanted British intelligence agencies to be able to monitor the encrypted communications of terror suspects.
Incidentally, it is thought the NSA and GCHQ already has the supercomputing power to crack 512-bit encryption in just a few minutes. And the NSA is widely believed to be capable of breaking 1024-bit encryption as well.
Can you protect your privacy online? Take our quiz!