Tech companies are increasingly moving to block everyone — even police with a warrant — from accessing people’s data.
The growing trend was highlighted this week by announcements that new phones and tablets from Apple and Google would automatically encrypt and protect people’s data from police and thieves alike.
{mosads}In the face of congressional inaction to update decades-old privacy laws and consumers’ concerns, supporters say the companies had no choice but to act.
Still, the moves have evoked skepticism from critics who worry that the changes will hamper law enforcement and intelligence agencies.
“I understand why they would do this,” said Rep. Zoe Lofgren (D-Calif.), a vocal privacy advocate whose district includes the Silicon Valley hub of San Jose.
“We have failed to provide assurance to technology users that their Fourth Amendment privacy rights will be respected under law,” she added. “So it’s understandable that technology companies will step forward to provide that assurance through technology.”
Not everyone is as comfortable.
Rep. Peter King (R-N.Y.), a member of the House Intelligence Committee, said that he had not heard about Apple’s plans but was “opposed” to the prospect that people’s data would not be obtainable — even with a warrant.
Other prominent security hawks seemed less concerned that the policy would seriously inhibit police.
“I think companies are going to have the obligation, once the court order is issued, to follow the law of the United States and we’ll have to work out the details from there,” House Intelligence Chairman Mike Rogers (R-Mich.) told The Hill.
“If you got a warrant, they’re not going to be able to keep it from being accessed,” added Sen. Saxby Chambliss (Ga.), the top Republican on the Senate Intelligence panel, who said that he had not seen the full details of the policies.
Indeed, there will still be ways for either the government or hackers to get much of the information they are looking for.
For instance, Apple’s new encryption policy will not extend to its iCloud storage system, where images and other data from people’s phones are often automatically backed up. Experts could also hack into someone’s phone by connecting it to a trusted computer and accessing data.
It’s not just phones and tablets that are getting more secure, however.
Both Google and Yahoo have employed extra defenses on all their users’ emails, and are working together to make the messages even more spy-proof. Google is also giving special preference to secured websites in its search results, a move that will surely inspire countless sites to encrypt their connections.
All of that could make it harder for the government to search through people’s communications.
The concern for some is that the same tools to keep out foreign hackers and spies also prevent access by police and the National Security Agency (NSA).
“There is no way to design a system to keep your data safe from the Chinese government but also provide access to local law enforcement,” said Chris Soghoian, principal technologist at the American Civil Liberties Union and supporter of new protections. “It’s not possible to do that.”
In many ways, the trend is a reaction to leaks from Edward Snowden that detailed how the NSA has been able to tap into undersea fiber cables and nab emails, chats and other communications. Concern about the NSA’s prying eyes have had a dramatic effect on public trust in U.S. tech companies, which has hurt their bottom lines.
Privacy worries have also been sparked by the ever-increasing hacks at major outlets including Target and Home Depot — which just this week confirmed that information about 56 million credit and debit cards was recently stolen by hackers — and headline-grabbing incidents such as the recent theft of hundreds of nude celebrity pictures.
Apple and other tech companies are using the privacy focus as a marketing tool, at least in part.
At the same time, laws have been slow to keep pace with the changes in technology.
The Supreme Court just this year issued a unanimous ruling that police need a warrant before they can search through someone’s cellphone.
But on Capitol Hill, the momentum for significant changes has largely stalled.
For more than a year, legislation has stalled that would end a 1986 legal provision allowing police and other government agents to search through people’s emails and other data kept on the “cloud” as long as it is older than 180 days. The House version of the legislation, the Email Privacy Act, has 268 co-sponsors — well more than the 218 backers necessary for a majority — but has sat in committee since last June.
A similar bill was introduced in the Senate just this week that would also extend new protections to data stored in a company server overseas, though the prospects that it will reach the floor this year seem dim.
Though the bills themselves have stalled, the strong support coupled with the obvious commercial focus on security and privacy could lead to movement soon, if not this year.
“This seems to happen about every ten years or so, that the technology changes enough… that we have to adjust our law,” said James Lewis, director of the strategic technologies program at the Center for Strategic and International Studies.
“Cloud, mobile encryption — [these are] things we’ve all talked about before, and now we’ve got to update the rules,” he added.