' New iOS and Android Encryption Protections Spark Privacy Debate | MTTLR

New iOS and Android Encryption Protections Spark Privacy Debate

On September 17, Apple updated its privacy policy to reflect privacy enhancements added to its most recent iteration of its iPhone mobile operating system, iOS 8. Notably, the update highlighted iOS 8’s new protection for user phone data: out-of-the-box passcode encryption that the company itself cannot bypass. Similarly, Google recently related to the Washington Post that Google’s latest mobile operating system offering, Android L, would also include default user-end passcode encryption that cannot not be circumvented by Google.

ALCU technologist Christopher Soghoian and Center for Democracy & Technology technologist Joseph Lorenzo Hall applauded the moves to enhance consumer protections in the wake of increased government surveillance stoked by Edward Snowden’s leaks last summer. But not all are pleased with the announcements. Notably, Ronald H. Hosko, President of the Law Enforcement Legal Defense Fund and former Assistant Director of the FBI Criminal Investigative Division, criticized the moves in a recent op-ed as protecting “those who desperately need to be stopped from lawful, authorized, and entirely necessary safety and security efforts.”

Hosko’s point indicates a possible shift in the legal landscape of digital privacy rights. In its recent Riley v. California opinion, the Supreme Court weighed in on the digital privacy debate, holding that authorities generally may not search digital information on a cell phone seized from an individual without a warrant. However, even upon obtaining a warrant for user data, police now face an additional difficulty, as they can no longer can lean on Google or Apple to procure this data. As Apple itself pointed out in its revamped privacy policy, with the addition of these new encryption protections, “…it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.” The fact that Apple and Google together control about 95% of the U.S. smartphone operating system market only underscores the impact of these new policies. As Google and Apple customers update their devices to the latest versions of the companies’ operating systems, chances will be increasingly high that authorities will only encounter criminals with these new encryption tools enabled on their devices.

One Forbes blogger has rightly pointed out that this only recasts the legal issue onto Fifth Amendment self-incrimination grounds. If the contents of a phone cannot be unencrypted by Apple and Google themselves, law enforcement must instead seek to compel defendants themselves to decrypt and hand over their user data. The Electronic Frontier Foundation (EFF), however, maintains that a court order to decrypt personal data for law enforcement violates the Fifth Amendment right protecting against self-incrimination. Specifically, the EFF argues that the act of producing encrypted personal data qualifies as privileged testimony under the Fifth Amendment. Many federal courts agree, with both a Colorado Federal District Court and the Eleventh Circuit having held recently that the act of decryption and production of contents of computers sufficiently implicates Fifth Amendment privilege.

The question then turns on the application of the “foregone conclusion” doctrine to this type of user data. The doctrine essentially considers acts of production of decrypted phone contents not subject to Fifth Amendment protection if it can be shown with reasonable particularity that, at the time authorities seek to compel the production, they already know of the incriminating contents of the phone, thereby making any testimonial aspect a foregone conclusion. The trick for authorities, of course, will now be building a case to show with reasonable particularity that they already know of the incriminating contents of an encrypted phone. This may be no easy feat, if the Eleventh Circuit’s application of the doctrine is any indicator — absent an admission by a defendant that a phone contains incriminating data, “[i]t is not enough for the Government to argue that the encrypted drives are capable of storing vast amounts of data, some of which may be incriminating.” As such, only time will tell how Google and Apple’s new encryption policies limit the capacity of law enforcement to conduct investigations.

Submit a Comment

Your email address will not be published. Required fields are marked *