FBI director James Comey says he doesn't understand why Apple and others are making devices that allow people to place themselves beyond the law. Photo: Reuters

FBI director James Comey sharply criticised Apple and Google on Thursday for developing forms of smartphone encryption so secure that law enforcement officials cannot easily gain access to information stored on the devices - even when they have valid search warrants.

His comments were the most forceful yet from a top government official but echo a chorus of denunciation from law enforcement officials across the United States. Police have said that the ability to search photos, messages and web histories on smartphones is essential to solving a range of serious crimes, from murder to child pornography to attempted terrorist attacks.

"There will come a day when it will matter a great deal to the lives of people that we will be able to gain access" to such devices, Mr Comey told reporters in a briefing. "I want to have that conversation [with companies responsible] before that day comes."

Hard to crack: The new iPhone 6. Photo: Daniel Munoz/Fairfax Media via Getty Images

Mr Comey added that FBI officials already have made initial contact with the two companies, which announced their new smartphone encryption initiatives last week. He said he could not understand why companies would "market something expressly to allow people to place themselves beyond the law".

Advertisement

Mr Comey's remarks followed news last week that Apple's latest mobile operating system, iOS 8, is so thoroughly encrypted that the company is unable to unlock iPhones or iPads for police. Google,meanwhile, is moving to an automatic form of encryption for its newest version of Android operating system that the company also will not be able to unlock, though it will take longer for that new featureto reach most consumers.

Both companies, contacted on Thursday afternoon in the United States, declined to offer immediate reaction to Mr Comey's comments.

The FBI is unhappy with Apple iPhone encryption levels. Photo: Mark Lennihan.

Read the original here:
FBI director slams Apple over iPhones encryption

"What concerns me about this is companies marketing something expressly to allow people to place themselves beyond the law," Comey told reporters. He said the bureau has reached out to Apple and Google "to understand what they're thinking and why they think it makes sense."

The move to encryption is among the latest aftershocks in the wake of NSA leaker Edward Snowden's revelations about massive US government surveillance.

Last week, Apple announced the enhanced encryption for iOS 8, which Apple says makes it impossible for the company to decrypt a locked device, even for law enforcement. While Android's encryption was optional, it works similarly. In its upcoming Android L release, encryption will be enabled by default.

Apple chief Tim Cooktold PBS News last week that "People have a right to privacy. And I think that's going to be a key topic over the next year or so." When announcing the change,Google spokeswoman Niki Christoff last week said "As part of our next Android release, encryption will be enabled by default out of the box, so you don't even haveto think about turning it on."

Ars' all-knowing Android expert, Ron Amadeo, cautions Androidfans. "...if you are looking to keep something safe from prying eyes, Google can reset the pattern unlock on Android devices for law enforcement. Use PIN or Password."

The weak link in the law enforcement scenario for Google and Apple is cloud storage. Companies can and will turn cloud data over to the police, and Google has even done it proactively. Smartphones today have cloud backup systems for just about everything, so while this will probably protect you from individuals trying to snoop in on a stolen or resold phone, there's nothing to stop the police from getting a warrant for data on your phone or for data stored in the cloud connected to your account.

Read more here:
Apple, Google default cell-phone encryption “concerns” FBI director

Fund managers need to consider who holds the encryption keys for cloud-based email, or face potential legal risks.

One of the major stumbling blocks of moving email into the cloud is the perceived data security problem. While there are many benefits to using cloud-based systems, the downside is that data security and privacy is always a top concern for financial firms.

Sandton Capital, a New York-based private equity firm focused on alternative credit opportunities, decided not to host email on its own premises. Instead, it chose to use Gmail, hosted by Google. As the investment firm grew, and it looked at the kind of data it was emailing, it began to focus on the safety and security of this information. With so much of its confidential data related to investors and lenders via email, Sandton turned to cloud-based encryption to protect its data.

We looked at Gmail for a number of ways to encrypt it, and none of them were very seamless, says Rael Nurick, managing partner at Sandton Capital, which manages a $750 million investment fund. While Google offered email encryption, the process required the recipient to register on a different website to decrypt and open the email. In addition, Sandton used Google Apps and found it wasnt that good at seamlessly syncing with other devices.

While hackers and cyber security data breaches are always a concern, this was not the reason that Sandton was concerned about protecting its email. With $750 million under management, there are several hundred positions in its portfolio. We send emails about those positions, and theres information on investors, too, Nurick tells us.

[Do you aspire to the C-suite, or some other spot in upper IT management? Then bulk up your credentials around today's most pressing IT movement, digital business, at the InformationWeek IT Leadership Summit.]

Nurick says that, although security from hackers is important, the firm was even more concerned about outside parties accessing Sandtons emails through a subpoena or legal proceeding. Often, when an email hosting provider is issued a subpoena, it complies immediately and turns over the required emails immediately. Without any oversight by Sandton, he felt, the actions by an email hosting service could add vulnerabilities.

Since Sandtons specialty is purchasing under-performing bank loans and providing rescue finance to troubled companies, it does get into litigation occasionally. The private equity firm had two different sets of data it needed to protect:

Most importantly, Sandton needs to make sure that no outside party, even if they get hold of the data, can read the information, Nurick says.

Different flavors of cloud encryptionNurick feared that he would lose control of his data to third-party hosting companies if they were to receive a court order to turn over confidential email. Big hosting companies like Microsoft and Google have no incentive to do anything but give away all of your emails.

Read this article:
Encrypting Cloud Email Isnt as Easy You'd Think