Industry Articles

Smartphone Encryption: The information you need to know

The debate over encrypted smartphones phones and smartphone applications refuses to go away.

Law-enforcement demand that Apple, Google and app makers decrypt their devices and services, or else provide “back doors” by which they can read data and messages. Technology companies respond that because encrypted data is fundamental to privacy, helping law enforcement would be betraying their clients. Also politicians who have no concept of the issue nevertheless have a lot to say about it.

In maybe the best-known case, in mid-February, Apple declined to help the FBI unscramble an iPhone utilized by one of the San Bernardino shooters, producing huge public attention. Apple later responded with a 65-page motion to vacate the court order compelling it to assist the FBI in its investigation.

What is smartphone encryption?

There are two  kinds, both designed to stop people from reading private information unless granted access. First, there’s encrypted messaging software, which covers what law-enforcement  call “data in motion,” or messages going from one device to another.

The most secure kind of  encryption, called “end-to-end” encryption, prevents even app makers, cellular carriers or phone makers from being able to read the messages.

The other kind of encryption is encryption of the stored data on a device itself, which law enforcement calls “data at rest.” This is more often sought by local law enforcment who want to read what a dealer  or pimp has on his phone. Google and Apple both offer full-device encryption, and both companies have fought court orders to prevent government agencies from gaining access to private data & information.

Why is encryption on a phone important? I have nothing to hide.

Apple CEO Tim Cook provided an answer to that question in  in December 2015.

“On your smartphone today, on your iPhone, there’s likely health information, there’s financial information,” Cook said, referring mainly to “at rest” data. “There are intimate conversations with your family, or your co-workers. There’s probably business secrets, and you should have the ability to protect it. And the only way we know how to do that is to encrypt it.”

Why is smartphone encryption so controversial?

Encryption has gotten so good that no one can crack it — not even the smartphone manufacturers themselves. So government agencies want a “back door” to decrypt even the strongest encryption Democratic presidential candidate Hillary Clinton demonstrated a decent  grasp of the issue during a debate in December.

“It doesn’t do anybody any good if terrorists can move toward encrypted communication that no law-enforcement agency can break into before or after,” she said. “There must be some way. I don’t know enough about the technology … to be able to say what it is, but I have a lot of confidence in our tech experts.”

But, Clinton added, “maybe the back door is the wrong door, and I understand what Apple and others are saying about that.”

Can you explain what a back door is?

A back door is a secret way of defeating the security encryption software. Government agencies want secret methods to be able to read any message or listen to any call sent via any method.

Would it be possible to let the government disable encryption in certain cases?

It would be a big deal, it would restore the access to private communications that goverment agencies  traditionally had — to an extent. Government agencies are  worried about communications “going dark” to authorities.

But Apple, Google, many encryption experts and dozens of other Silicon Valley companies argue that if a  “back door” was created for government use, it wouldn’t be exclusive for long. Hackers, criminals and repressive governments would soon find the keys leaving everybody unsafe.

“If there’s a way to get in, then somebody will find the way in,” Apple’s Cook told CBS’ Charlie Rose. “There have been people that suggest that we should have a back door. But the reality is if you put a back door in, that back door’s for everybody, for good guys and bad guys.”

And it may not even be possible. Some cryptography experts say that, due to the complex math involved in creating encryption algorithms, a single flaw would render an entire algorithm useless. Many encryption algorithms have been abandoned after mathematical flaws were found.

Furthermore, the U.S. government would have no effect on foreign companies. Telegram is run by Russians and based in Germany, and Germany has very strong privacy laws. Basically, you can’t stop encryption. The issue really is whether we should try to. One solution might be for Apple to give the government access without telling anyone — but such an arrangement would be found out eventually.

Do government back doors already exist?

The Communications Assistance to Law Enforcement Act (CALEA) of 1994, law enforcement has nearly instant access, upon presentation of a warrant, to landline and cellular telephone calls. But CALEA doesn’t cover software communications such as instant messaging. The FBI has spent the past few years trying to push through changes to these laws.

British government-mandated back doors?

The British government in November introduced the Investigatory Powers Bill, which grants British police and intelligence agencies broad powers to collect data from Internet providers and from physical devices. Companies that provide Internet-related services in the UK are compelled to collect bulk data on all customers, and cooperate fully with investigations that involve breaking into encrypted communications and encrypted devices. Overseas based companies such as Apple, would not be exempt. Apple responded with a letter to the UK government.

“The bill threatens to hurt law-abiding citizens,” Apple said in the letter, which was distributed to news outlets. “A key left under the doormat would not just be there for the good guys. The bad guys would find it too.”

“The best minds in the world cannot rewrite the laws of mathematics,” Apple added. “The bill would attempt to force non-U.K. companies to take actions that violate the laws of their home countries. … We owe it to our customers to protect their personal data to the best of our ability. Increasingly stronger — not weaker — encryption is the best way to protect against these threats.”

Can I secure everything on my smartphone? Texts? Calls? Data?

Everything except text messages and regular calls, because neither of those normally uses the Internet. But using a device such as NCryptcellular’s hardened Nexus 6P will allow you to encrypt your voice calls, SMS, internet chat and browse websites anonymously.

NCryptcellular devices are the most secure option available on the market for those who demand the highest level of privacy and security.