Without question, Apple and Google’s announcements that they will offer cell phones providing full end-to-end personal encryption were among the biggest and most talked about news stories of the past few weeks. This is a watershed event for personal privacy, with Apple and Google being the first to provide this privacy measure out-of-the-box on consumer mobile devices.
The announcements from Apple and Google are also the latest to fuel debate over the balance between personal privacy and national security. Perhaps the most public opponent has been FBI director James Comey, who spoke out against Apple and Google’s plans this past Thursday in a speech at the Brookings Institution in Washington. Comey is calling for new legislature to prevent technology companies from manufacturing devices that block government access to personal data. He believes this poses a threat to national security, as malicious actors could benefit from having their communications obscured from government or law enforcement surveillance. While this will hold true in some cases, fully encrypted phones and other devices would not hinder legitimate real-time wiretaps of phone calls, text messages, emails, or other communications. Additionally, pursuant to a warrant, law enforcement agencies would still be able to access communications metadata as well as data that is synced to the cloud or stored in applications.
Beyond securing personal data, this measure could also protect users from malicious hacking and non-governmental surveillance. Full encryption eliminates the attack vector created when devices are built with backdoors for government and law enforcement access. According to the New York Times, such backdoors often serve as gateways for criminals to access or steal unencrypted private data.
The FBI’s position could be a real issue for U.S.-based technology companies. New legislation that bans production of encrypted consumer devices by American companies would have no effect on non-U.S. companies that produce the same technology. Passing such laws could result in a serious loss of competitive advantage for many U.S. technology companies, as consumers that demand encryption could instead purchase products not subject to the same regulations.
Comey did emphasize, however, that he was speaking only for FBI, not the NSA or any other government agency. There has been no indication that the Obama administration is looking to ban or restrict consumer device encryption. In fact, in the wake of the Snowden breach the Presidential Advisory Committee on the NSA called for increased use of encryption by the government and U.S. companies, advising that “the use of encryption should be greatly expanded to protect not only data in transit, but also data at rest on networks, in storage and in the cloud.”
Data-Centric Security: Why You Need it, How to Get Started
Forrester VP and Principal Analyst John Kindervag explains the fundamentals of a data-centric security approach, why you need it, and how to get started. Watch the webinar on demand.
Related ArticlesThe Security Hot Seat: HealthCare.gov
Welcome to our newest blog feature, The Security Hot Seat. Every Monday we will put a person or organization in the Hot Seat based on the security news of the past week. We picked quite a week to kick this off!The Security Hot Seat: Ernst & Young
As usual, there was no shortage of security news last week - the unraveling of the Home Depot breach, the discovery that banking malware Dyre has set its sights on Salesforce, and the release of 5 million Gmail logins by Russian hackers were just a few of the big stories. However, I decided to go with a slightly more bizarre selection for this week's Hot Seat.Security Hot Seat: Chip and PIN
The Latest Payment Card Security Technology in this Week's Hot Seat