Don’t Speed … and … Could I have your phone?

By Ashish Lall | January 20 2021, 01:30 PM SGT
Photo by melissa mjoen on Unsplash

Incumbent firms almost always feel threatened by new technologies, at least in the first instance. Protagonists of new technologies add to these fears by using words such as ‘transformational’ and ‘disruptive’. It’s no wonder the post office thought that it would be destroyed by email. Publishers were afraid of e-books, although many are now priced almost as much as the printed versions – so much for zero marginal costs of producing digital products. The list goes on… and right now of course we are all afraid because AI and robotics are going to replace us.

It’s not just businesses. Law enforcement and intelligence agencies indicate that the law has not kept pace with technology and they are ‘going dark’ in their fight against terrorists, paedophiles, drug dealers and money launderers. They want access to ‘data at rest’, or what is stored on our encrypted devices and ‘data in motion’, or our encrypted communications on messaging apps.

This is version 2 of the so called ‘Crypto Wars’. Version 1 took place in the United States (US) in the 1990s when technology shifted from analog to digital. Cryptographic software was on the US munitions list and subject to export controls. Today, these ‘munitions’ are everywhere, and help protect data that we send, receive and store using our devices. They secure Bluetooth connections, Wi-Fi networks, messaging, online commerce, banking, payments and cloud services.

In 1994, Congress enacted the Communications Assistance for Law Enforcement Act (CALEA) which mandated that telecommunications carriers assist law enforcement agencies to conduct authorized surveillance. Media reports indicate that after 9/11 AT&T, BellSouth and Verizon facilitated warrantless wiretapping for the Bush administration. AT&T installed surveillance equipment on at least 17 of its internet hubs and its engineers were the first to try out new surveillance technology developed by the NSA. Since they already have our internet traffic, V2 is about phones.

In 2016, the US government sought to compel Apple to unlock an iPhone 5C belonging to a dead terrorist. In this much publicized San Bernardino case, the District Court of California ruled for the government. Apple CEO Tim Cook responded in a public letter:

 

The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers… from sophisticated hackers and cybercriminals.

 

The US government later withdrew the case and media reports indicate that the FBI paid around $1.3 million to an unknown third party to hack the iPhone. According to a recent report by the non-profit Upturn. The problem of accessing ‘data at rest’ or accessing and interpreting the contents of a smartphone and as many as 181 apps is now solved and at a much lower cost. Dropbox, Box, Office 365, WhatsApp, Slack, Uber, Lyft… no problem!

The ‘data in motion’ debate continues, with reasonable arguments on both sides. Of course law enforcement and intelligence agencies need to do their jobs using the best available technology and information. But companies worry about compromising privacy and eroding trust, which is central to their business relationship with customers. And cooperation between government and Big Tech is even more worrisome. Eventually there will be a technological solution for this as well or countries could take the Australian route of legislation which is not without controversy.

The Upturn report finds that 2000 local and State law enforcement agencies in the US have purchased mobile device forensic tools (MDFTs) sold by companies such as Cellebrite, Grayshift and Magnet Forensics. Agencies “have performed hundreds of thousands of cellphone extractions since 2015, often without a warrant”. The problem is temptation – why stop at major crimes? MDFTs have been used to investigate petty theft, shoplifting, graffiti and car crashes.

Upturn has recommended banning consent searches of mobile devices, audit logs, data deletion requirements and public logging of law enforcement use of MDFTs.

Some Tech companies may think they are more powerful than States. They are deluded. We should all be afraid of the coercive power of the State.

 

Ashish Lall has taught at both Nanyang Business School (NTU) and the LKY School of Public Policy (NUS) and is presently Senior Advisor at PS-engage Global Government Relations. 

 

Posted in

Related Articles

What’s the path to stronger digital trust in Vietnam?

By Nga Dao The alarming situation I receive spam emails, texts, and calls almost every day and about almost everything: from warning a security threat or inviting to a promotional event to offering sales or investment opportunities. Spam is annoying, but I’m still lucky they haven’t stolen my money. Last month, a friend of mine […]

The Problem with Malaysia’s PADU Initiative

By Edika Amin The Problem with Malaysia’s PADU Initiative   At the time of writing, PADU also known as the Government’s Central Database System’s registrations has reached 1.63 million people, including those of children under 18 who have completed the registration process. There was a recent influx in registration numbers following the announcement that targeted subsidies […]

Why does ASEAN need an Institute for Innovation, Technology and Industry (AITII)?

By How Yong Yang ASEAN, or the Association of the Southeast Asian Nations, has made countless headlines in recent years for different reasons: political, economic, and security. Professor Kishore Mahbubani, former President of the United Nations Security Council, has said that ASEAN should be given the Nobel Peace Prize for its capacity to maintain peace, […]