One thing that's been overlooked in coverage of the FBI's increasingly hawkish attempts to obtain smartphone passwords is that it's not just the smartphone owners' personal data that is at stake.
As Julia Angwin reported in the Wall Street Journal last week, law enforcement and tech companies are increasingly at loggerheads over whether the former can obtain users' passwords from the latter.
Law enforcement agents often use forensic equipment to simply download the contents of a phone's memory, without attempting to unlock the phone. But sometimes officers fail to break into a phone or the data they find is encrypted. In that case, they can send a grand jury subpoena to the cellphone owner asking them to turn over their password. Those requests are legally tricky because the Constitution's Fifth Amendment protects people from self-incrimination.
Instead, agencies like the FBI have been pressing smartphone software vendors for assistance in bypassing passwords. Reports suggest that Google, at least, has been pushing back, although both Google and Apple are refusing to discuss the details or frequency of such requests.
There's a deeper issue here, though. It's analogous to the problem with Facebook scraping contact details from the cellphones of anyone using its "sync" feature: Facebook was collecting information about people who might not even be Facebook users -- and certainly without their knowledge.
Armed with a password, and acting outside strict supervision by a court, there's nothing to stop a law enforcement agency browsing freely through any data to which the smartphone provides access. There's nothing to stop the downloading of data, and no control over its storage or disposal. That's potentially a problem, as I said, not just for the smartphone's owner, but for his or her contacts.
In many cases, of course, that includes his or her employer.
In this BYOD age, enterprises are wrestling with the challenge of allowing employees convenient remote access to networks, and to the files and data they need to do their jobs, while limiting exposure to security risks. If the FBI prevails in its efforts to retrieve passwords from vendors, the enterprise has something new to worry about.
I don't mean malevolent exploits or espionage, of course. I just mean the negligence with which law officers, searching for evidence, might treat commercial information they don't even recognize as sensitive. As for whether it would be legal to remotely wipe enterprise data from a smartphone being examined by the FBI -- well, I'm willing to bet that's something the courts haven't even started to think about.
The message, as always, is that we're all connected. When an individual's data is exposed, whatever the circumstances, it's never just their data that's at risk.
It appears that the old laws do not apply anymore. A phone tap and trying to break into a smart phone are pretty close to the same thing. The objective has not really changed that much. Obtain information of illegal activity.
This is the same problem with the cloud and BYOD to work. I am willing to bet 98% of the US population is not part of some spying organization. (Not counting spouses spying on each other)
Yet potential terrorist activity allows this is to be a plausible justification for the FBI to circumvent the courts system to obtain information? To spy on us? This did not stop Oklahoma or the WTC from happening so logically to have Law Enforcement be given the right to circumvent the constitution. Only weakens our high standards we place on the Constitution and Bill of Rights.
Back to US Japanese being sent to US internment camps.
I agree, it needs supervision, and preferably someone who knows what kind of data they will be dealing with to avoid damaging or losing sensitive data that belongs to the company.
Vendors are resisting because they don't want to lose customers. But also, they are responsible for guardian customers' privacy no matter what.
I think it needs court oversight, Susan. Now some may say that that's inadequate, but I don't know what options there are that are any better. Law enforcement should need to tell a judge, we need x information for y purpose. Going direct to the vendor would allow them to romp around in the data with no supervision.
Fortunately, vendors seem to be resisting the pressure -- so far.
"Imagine having police officers, who just don't care, rummaging through your confidential files."
If the files belong to the company, even though they could be found on the suspected employee's device, and if such confidential files are encrypted, aren't those confidential files protected by law?
"If the FBI prevails in its efforts to retrieve passwords from vendors, the enterprise has something new to worry about."
After reading your article I was thinking about the paragraph on this BYOD age. Whereas I believe giving employees convenient remote access to networks, and to the data they need to do their job anytime and anywhere I am also a defender of privacy.
Now, somehow I find it hard to believe that the FBI could retrieve passwords from vendors to get data from devices which belong to normal, non-criminal citizens, someone like us for example.
But, if we are talking about a potential drug dealer who does his business in his free hours after working for X company during the day, would you say this could present a case of moral dilemma?
Enterprises which need to entrust trade secrets to other enterprises (for example, ingredients suppliers who have to divulge information relevant to product safety) typically ensure that strict agreements are signed about who has access to the data, how it's stored, and its disposal.
Imagine having police officers, who just don't care, rummaging through your confidential files.
I am talking about law enforcement being able to sift through data without judicial supervision, and risks arising from negligence as much as anything else.
Liberty knows no party. I disagree with what my party does all the time. You can't change it, if you don't advocate and rustle the bushes to get change.
What, a political message on a technical site? Oh, the horror! Your middle initial wouldn't be 'Q' would it? Seriously, governmental abuses? There's plenty of blame to go around, so we shan't dally with which party controlled what decade. The bottom line is that we get the kind of government we deserve -- when special interests buy candidates and they get elected, everybody suffers. But here's the quandary -- how do we rein in a government that's gone mad? The only entity with enough power to control such a government is...we, the people. We own this, not some bureaucrat. Vote your conscience, vote your beliefs, vote your platform, but for goodness sake, VOTE. (This message sponsored by IBM...) : )
that much power to the government in the first place. It wasn't even necessary! They knew 911 was coming without all this falderall; the only glitch was information sharing. I can see why this happened because of government abuse in the 60's & 70's - but that is doubly why we should never have gone that far. If power can be abused, it will be.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Edward Snowden was so convinced that the Prism program involved secretive surveillance through Internet backdoors that he walked out on his job and his girlfriend, spoke to the media, and resigned himself to jail, or worse. It turns out, he might just be wrong.
In one of the nastiest -- not to mention large scale and long-term -- hacking exploits yet to be reported, it appears that the Chinese army has been rummaging through the data of those who have served in the US Armed Forces.
ASA Risk Consultants added its voice this week to the slowly growing chorus of voices demanding a coordinated international response to cyberattacks. In a research note circulated by IDG, ASA asserts that "nations will need to come to an agreement on how cyber warfare should be handled."
Extending existing US wiretap laws to give federal agencies easier backdoor access to Internet communications -- especially real-time P2P services like VoIP -- will give, not only aid and comfort, but also technical assistance, to the country's enemies. Not to mention cyberthieves.
The FBI recently issued a warning to smartphone users, highlighting two mobile malware applications: Loozfan, which steals personal information, and FinFisher, which is spyware that takes over a smartphone's functions.
With the advent of low-cost Web cameras and broadband network connections, home security systems have become a hot business. In addition to traditional security suppliers, like ADT, the market is attracting telcos, cable companies, and energy providers, thereby creating an area of increasing competition.
Malware designed to infect Google Android smartphones has increased dramatically, and now the government is stepping in. The National Security Agency has developed SE Android, a system that tries to close up its security holes.
President Obama may soon earn the badge as "Mayor" of the White House, thanks to his joining the mobile check-in service, FourSquare. Let's all sigh in unison, shall we?
Law enforcement agencies are poised to use iPhones as facial recognition systems in the coming months. The technical advance promises efficiency but has created a backlash among civil liberties proponents.
Big-data and analytics tools enable marketers to understand customers as individuals, identifying unmet needs and addressing each customer as a "segment of one," says John Kennedy, VP corporate marketing, IBM.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The IBM Smarter Commerce Global Summit in Monaco kicked into high gear today, and we've already begun to see news emerging from that lovely city-state by the sea.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Email This
