When Apple announced that iOS 8 would enable encryption of the on-device files by default, there was a lot of ill-informed outrage by various pundits and law enforcement types around the world. After Google also announced plans to follow suit in the next release of Android, FBI director, James Comey, described this as allowing “people to place themselves above the law.” Predictably, various politicians, police, and spies complained that it would make their lives somewhat more difficult and trotted out the standard disinformation tactic that only terrorists and paedophiles would need this capability.
The trouble with the argument that only people of bad intent would need to encrypt their phones or computers is that there is clear evidence in recent history of who considers themselves to be “above the law”. Hint: it’s not consumers. Could it be the FBI illegally searching call records for years without warrants? Perhaps the NSA’s illegal surveillance of US citizens? Even the Daily Mail was driven to report that over 25% of searches by UK police were illegal. There are similar stories in Canada, Australia, and New Zealand, not to mention all the countries we were supposed to be better than because their police and government undertook this kind of surveillance.
Not content with state actors breaking the law, we find that companies are also stealing data and information from individuals. Not Chinese state authorities, but stalwarts like Verizon who were hijacking and tracking all traffic using a “perma-cookie”, LinkedIn illegally slurping users email contacts against their express wishes, Google illegally collecting wifi network info, and AT&T illegally copying all internet traffic and passing that traffic to the NSA.
So who are the bad people in this equation? I have to add the various police and security forces of most of the countries in the world to the list of people who will break the law to steal my personal data and files. Faced with overwhelming evidence of illegal activity going on all around me, I’m currently in the process of encrypting all my external and internal hard drives (using FileVault on OS X). I’m very happy to see that this is default behavior in the latest Yosemite release of OS X – although I’m holding off upgrading for other reasons. I will happily embrace two factor authentication wherever offered and encryption of all traffic and stored files as far as practical.
If the police or legal authorities of whichever country I am in at the time wish to follow the laws of that land and swear a warrant for lawful access to my machines, I will respect that process. Until then I’ll be using 256-bit encryption as widely as possible.
As an interesting aside, the RIPA (Regulation of Investigatory Powers) Act in the UK makes it a criminal offence, punishable by up to two years in prison, to refuse to provide encryption keys to police. Many other countries have similar laws, but the USA appears to be currently upholding the 5th amendment.