Don’t Speed … and … Could I have your phone?

By Ashish Lall | January 20 2021, 01:30 PM SGT
Photo by melissa mjoen on Unsplash

Incumbent firms almost always feel threatened by new technologies, at least in the first instance. Protagonists of new technologies add to these fears by using words such as ‘transformational’ and ‘disruptive’. It’s no wonder the post office thought that it would be destroyed by email. Publishers were afraid of e-books, although many are now priced almost as much as the printed versions – so much for zero marginal costs of producing digital products. The list goes on… and right now of course we are all afraid because AI and robotics are going to replace us.

It’s not just businesses. Law enforcement and intelligence agencies indicate that the law has not kept pace with technology and they are ‘going dark’ in their fight against terrorists, paedophiles, drug dealers and money launderers. They want access to ‘data at rest’, or what is stored on our encrypted devices and ‘data in motion’, or our encrypted communications on messaging apps.

This is version 2 of the so called ‘Crypto Wars’. Version 1 took place in the United States (US) in the 1990s when technology shifted from analog to digital. Cryptographic software was on the US munitions list and subject to export controls. Today, these ‘munitions’ are everywhere, and help protect data that we send, receive and store using our devices. They secure Bluetooth connections, Wi-Fi networks, messaging, online commerce, banking, payments and cloud services.

In 1994, Congress enacted the Communications Assistance for Law Enforcement Act (CALEA) which mandated that telecommunications carriers assist law enforcement agencies to conduct authorized surveillance. Media reports indicate that after 9/11 AT&T, BellSouth and Verizon facilitated warrantless wiretapping for the Bush administration. AT&T installed surveillance equipment on at least 17 of its internet hubs and its engineers were the first to try out new surveillance technology developed by the NSA. Since they already have our internet traffic, V2 is about phones.

In 2016, the US government sought to compel Apple to unlock an iPhone 5C belonging to a dead terrorist. In this much publicized San Bernardino case, the District Court of California ruled for the government. Apple CEO Tim Cook responded in a public letter:

 

The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers… from sophisticated hackers and cybercriminals.

 

The US government later withdrew the case and media reports indicate that the FBI paid around $1.3 million to an unknown third party to hack the iPhone. According to a recent report by the non-profit Upturn. The problem of accessing ‘data at rest’ or accessing and interpreting the contents of a smartphone and as many as 181 apps is now solved and at a much lower cost. Dropbox, Box, Office 365, WhatsApp, Slack, Uber, Lyft… no problem!

The ‘data in motion’ debate continues, with reasonable arguments on both sides. Of course law enforcement and intelligence agencies need to do their jobs using the best available technology and information. But companies worry about compromising privacy and eroding trust, which is central to their business relationship with customers. And cooperation between government and Big Tech is even more worrisome. Eventually there will be a technological solution for this as well or countries could take the Australian route of legislation which is not without controversy.

The Upturn report finds that 2000 local and State law enforcement agencies in the US have purchased mobile device forensic tools (MDFTs) sold by companies such as Cellebrite, Grayshift and Magnet Forensics. Agencies “have performed hundreds of thousands of cellphone extractions since 2015, often without a warrant”. The problem is temptation – why stop at major crimes? MDFTs have been used to investigate petty theft, shoplifting, graffiti and car crashes.

Upturn has recommended banning consent searches of mobile devices, audit logs, data deletion requirements and public logging of law enforcement use of MDFTs.

Some Tech companies may think they are more powerful than States. They are deluded. We should all be afraid of the coercive power of the State.

 

Ashish Lall has taught at both Nanyang Business School (NTU) and the LKY School of Public Policy (NUS) and is presently Senior Advisor at PS-engage Global Government Relations. 

 

Posted in

Related Articles

How will South Korea’s Online Platform Self-Regulation Work?

By Somang Yang | August 2, 2022 Photo by Joongil Lee on unsplash Since the Yoon Seok-yeol administration took office with a deregulatory zeal, the fate of various legislative efforts to regulate the power of online platforms look doomed. The “Online Platform Fairness Act” was promoted by the ruling Democratic Party of Korea during the Moon […]

Vietnam’s new FDI Strategy promises opportunities for tech companies

By Nga Dao | June 14, 2022, 2.00pm Photo by Samson on unsplash Vietnam’s Deputy Prime Minister Pham Binh Minh has signed off Decision 667/QD-TTg approving the Strategy for foreign investment cooperation in the 2021-2030 period. The Strategy was issued following Resolution 50-NQ/TW of the Politburo (the highest body of the Communist Party of Vietnam) […]

The Indo Pacific Economic Framework for Prosperity

By Mark Chan | June 5, 2022, 2.00pm SGT Photo by Adrian Schwarz on unsplash First proposed by U.S. President Joe Biden at the East Asia Summit in October 2021, the Indo-Pacific Economic Framework for Prosperity (IPEF) has garnered significant attention following its launch in May 2022. It is widely seen as an attempt at […]