There’s a reason smartphone encryption is a flashpoint for controversy: in those instances when a secured handset is used to facilitate crime, it sometimes presents a significant roadblock to law enforcement. Two months following the Islamic State-inspired rampage in San Bernardino, California that left 14 people dead, technicians at the Federal Bureau of Investigation have been unable to crack security on a smartphone belonging to the terrorist couple who were responsible.
“We still have one of [the] killers’ phones that we haven’t been able to open,” FBI Director James Comey told the Senate Intelligence Committee on Wednesday. “We are still working on it.”
The agency had previously implied that messages exchanged via the cell phone would shed light on the activities of Syed Rizwan Farook, a county health inspector, and Tashfeen Malik, his wife, who together gunned down attendees of an Inland Regional Center holiday party in December. The FBI hopes to learn whether the couple had planned additional attacks and whether they’d coordinated with other parties prior to the attack. (Short of evidence to the contrary, the FBI believes that Farook became self-radicalized via the Internet.)
The Bernardino barrier is the second such type the agency’s faced in recent months. A handset belonging to one of two gunman involved on an attempted Islamic State attack directed at a cartoon contest in Garland, Texas last year was used to exchange 109 messages with “an overseas terrorist,” messages which Director Comey told the Senate Judiciary Committee in May remain encrypted.
The San Bernardino revelations are sure to reinvigorate the contentious debate over mobile device encryption. Opponents of encryption argue that the privacy it affords isn’t worth the investigative obstructions it presents, and that encryption must at the very least accommodate searches authorized by warrant. This rhetoric has resonated with lawmakers: bills before the state assemblies of New York and California would impose a fine on manufacturers and operating system providers for devices that don’t provide a “backdoor” around encryption for authorities. Senators John McCain and Dianne Feinstein and Senate Intelligence Committee Chairman Richard Burr have called for similar legislation at the federal level.
“All of the evidence contained in smartphones and similar devices will be lost to law enforcement, so long as the criminals take the precaution of protecting their devices with passcodes,” reads a statement issued in connection with the proposed New York law. “Simply stated, passcode-protected devices render lawful court orders meaningless and encourage criminals to act with impunity.”
Security proponents refute those claims. A study published by Harvard’s Berkman Center rebuts FBI claims that the use of encryption inhibits law enforcement in terrorism investigations. Tim Cook, NSA Director Admiral Mike Rogers, former CIA analyst John Kiriakou, and others have questioned the need for backdoors in encrypted devices and messaging platforms.
And in an open letter published by digital rights group Access Now in January, nearly 200 cyber security experts and activists from 42 countries urged lawmakers in the U.S., U.K., and China not to curtail encryption on consumer devices. “Users should have the option to use — and companies the option to provide — the strongest encryption available, including end-to-end encryption, without fear that governments will compel access to the content, metadata, or encryption keys without due process and respect for human rights,” the letter says.
Meanwhile, Democratic representative Ted Lieu and Republican representative Blake Farenthold in early February introduced pro-encryption legislation that would make it illegal for state or political representatives to demand the ability to decrypt communications, effectively nullifying the proposed New York and California laws. So as lawmakers on both sides gear up for what’s sure to be a lengthy legislative battle, an end to the decryption debate is nowhere in sight. And tragic attacks like San Bernardino will only prolong it.
- Facebook’s merger plan causing concern among lawmakers and security experts
- San Francisco could be the first city in the U.S. to ban facial recognition
- Democrats aim to save the internet and restore net neutrality
- Can new laws protect you from smart home security breaches?
- Who should fix Internet of Things cybersecurity? Congress takes a crack at it