It seems that the debate over encryption technology is entering a new phase.
The argument that law enforcement needs a magical* backdoor into every piece of encryption software “to fight terrorism” isn’t making enough headway to satisfy our political masters. If an article by Melody Gutierrez in today’s Chron (only available behind the paywall on the website) is any indication, the new argument is our old friend “think of the children”.
* I don’t need to explain this do I? Oh, all right. For the benefit of anyone who’s been aggressively not paying attention: there’s no such thing as a backdoor that can only be used by authorized people. If there’s a way to bypass or remove encryption, crackers–independent, criminal-sponsored, and government-sponsored will find a way to use it.
As Ms. Gutierrez puts it, “lawmakers and law enforcement groups are pushing bills [in California and New York] to enable investigators to unscramble data […] in human trafficking, terrorism and child pornography cases.”
Worthy causes, certainly, but does anyone really believe it would stop there? Even leaving aside the impossibility of limiting access to the decryption tools to the “right” people, once the capability is introduced, there would be an immediate push to expand the categories of crimes it could be used for.
And the emotional appeals are so over-the-top the article almost reads like a parody. Consider this quote from Assemblyman Jim Cooper, who wrote the bill being considered in California:
“If your kid goes to meet someone and your kid disappears and we find the phone, right now–today, there is no way for us to find out who they were last texting, who they were talking to unless you have the pass code to get in.”
Really, Jim? You haven’t heard of “metadata”? The records of who you call and who you text that the NSA has been using for years to build profiles on Americans who have no connection to terrorism? You don’t even need to “find the phone” to get that information. You just need the kid’s phone number!
Be honest, Jim. You know fully well what you’re talking about is the content of those texts, which are stored on the phones. You even admit it:
“The biggest thing is the information we want to get is from your phone at rest, not information traveling over the airwaves. This won’t affect 99.9 percent of the public.”
Yes, Jim, it will affect that 99.9%. Again, anything that weakens encryption for some people weakens it for everyone.
Feh! You can’t trust the company that makes your device to keep your data safe, and you can’t trust the government either. My advice is to make sure that your devices are encrypted now, while it’s still legal for companies to sell them without government-mandated backdoors. Turn the encryption on now (instructions below) and be prepared to refuse any future OS update that introduces a backdoor. Oh, and don’t forget to encrypt your backups!
On iOS 8 and above, you enable the device encryption by turning on the passcode feature. Go to “Settings | Touch ID & Passcode” (or “Settings | Passcode” if your phone or tablet doesn’t have Touch ID hardware). Tap “Turn Passcode On”. Tadaa!
Android is a little more time-consuming. Google advises you to set aside at least an hour for the encryption. (These instructions apply primarily to Nexus devices; non-Google devices may differ to a greater or lesser degree.) Once you have the time blocked out, set a lock screen pin, pattern, or password. Plug in the charger (encrypting the entire device will burn through your battery like crazy). Then go to “Settings | Security | Encrypt phone” (or “Encrypt tablet”) and follow the instructions.