Don’t Speed … and … Could I have your phone?

By Ashish Lall | January 20 2021, 01:30 PM SGT
Photo by melissa mjoen on Unsplash

Incumbent firms almost always feel threatened by new technologies, at least in the first instance. Protagonists of new technologies add to these fears by using words such as ‘transformational’ and ‘disruptive’. It’s no wonder the post office thought that it would be destroyed by email. Publishers were afraid of e-books, although many are now priced almost as much as the printed versions – so much for zero marginal costs of producing digital products. The list goes on… and right now of course we are all afraid because AI and robotics are going to replace us.

It’s not just businesses. Law enforcement and intelligence agencies indicate that the law has not kept pace with technology and they are ‘going dark’ in their fight against terrorists, paedophiles, drug dealers and money launderers. They want access to ‘data at rest’, or what is stored on our encrypted devices and ‘data in motion’, or our encrypted communications on messaging apps.

This is version 2 of the so called ‘Crypto Wars’. Version 1 took place in the United States (US) in the 1990s when technology shifted from analog to digital. Cryptographic software was on the US munitions list and subject to export controls. Today, these ‘munitions’ are everywhere, and help protect data that we send, receive and store using our devices. They secure Bluetooth connections, Wi-Fi networks, messaging, online commerce, banking, payments and cloud services.

In 1994, Congress enacted the Communications Assistance for Law Enforcement Act (CALEA) which mandated that telecommunications carriers assist law enforcement agencies to conduct authorized surveillance. Media reports indicate that after 9/11 AT&T, BellSouth and Verizon facilitated warrantless wiretapping for the Bush administration. AT&T installed surveillance equipment on at least 17 of its internet hubs and its engineers were the first to try out new surveillance technology developed by the NSA. Since they already have our internet traffic, V2 is about phones.

In 2016, the US government sought to compel Apple to unlock an iPhone 5C belonging to a dead terrorist. In this much publicized San Bernardino case, the District Court of California ruled for the government. Apple CEO Tim Cook responded in a public letter:

 

The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers… from sophisticated hackers and cybercriminals.

 

The US government later withdrew the case and media reports indicate that the FBI paid around $1.3 million to an unknown third party to hack the iPhone. According to a recent report by the non-profit Upturn. The problem of accessing ‘data at rest’ or accessing and interpreting the contents of a smartphone and as many as 181 apps is now solved and at a much lower cost. Dropbox, Box, Office 365, WhatsApp, Slack, Uber, Lyft… no problem!

The ‘data in motion’ debate continues, with reasonable arguments on both sides. Of course law enforcement and intelligence agencies need to do their jobs using the best available technology and information. But companies worry about compromising privacy and eroding trust, which is central to their business relationship with customers. And cooperation between government and Big Tech is even more worrisome. Eventually there will be a technological solution for this as well or countries could take the Australian route of legislation which is not without controversy.

The Upturn report finds that 2000 local and State law enforcement agencies in the US have purchased mobile device forensic tools (MDFTs) sold by companies such as Cellebrite, Grayshift and Magnet Forensics. Agencies “have performed hundreds of thousands of cellphone extractions since 2015, often without a warrant”. The problem is temptation – why stop at major crimes? MDFTs have been used to investigate petty theft, shoplifting, graffiti and car crashes.

Upturn has recommended banning consent searches of mobile devices, audit logs, data deletion requirements and public logging of law enforcement use of MDFTs.

Some Tech companies may think they are more powerful than States. They are deluded. We should all be afraid of the coercive power of the State.

 

Ashish Lall has taught at both Nanyang Business School (NTU) and the LKY School of Public Policy (NUS) and is presently Senior Advisor at PS-engage Global Government Relations. 

 

Posted in

Related Articles

The Cyber Landscape in the Digital Age of COVID-19

By Quek Xin Wei | May 5, 2021, 1.30PM Photo by Joshua Woroniecki on unsplash The global pandemic has induced a tectonic shift of the global economy towards one which has fully embraced digitalization. In the wake of government-ordered lockdowns which have shuttered brick and mortar businesses and corporate companies alike as well as forced schools […]

Time is Ripe for ASEAN’s Cloud-First Policy

By Desarack Teso | April 29, 2021, 1.30PM Photo by Clint Patterson on unsplash The time is ripe for Member States of the Association of Southeast Asian Nations (ASEAN) to take initiative to promote the adoption of cloud computing in the public sector. Just as the current unprecedented time requires more digital innovation, creative policymaking is […]

How COVID-19 has widened the digital divide for women: A perspective from South Asia

By Aarthi Raghavan | April 22, 2021, 10.00AM Photo by Christina on unsplash Technology is increasingly perceived as a source of division, rather than as the great equalizer.[1] This is particularly relevant to the goal of achieving gender equality in the sector, a key priority for many leading technology companies today. According to UNESCO, globally, women and […]