A Mexican Stand-off over Phone Encryption
As recently as 2012, cell phone theft in chic urban hotspots had been at an all-time high. Naturally, this is the fault of their universal appeal as one of the remaining affordable status symbols. What to do…
One of the main aspects to the popularity of any given cell phone, must be people’s need to be socially relevant. This goes beyond being able to browse the internet to check email, or the latest status update on Facebook, and extends into the realm of social apps that were initially very platform dependent. Many of the most populist messaging apps were only available on a specific device or operating system, like Blackberry’s famous BBM messaging app. Ever since the iPhone de-throned Blackberry devices as the cool platform, a platform BBM wasn’t available for, new apps arose to take its place, and now fight for dominance. Belatedly BBM was ported to Android and Apple toys, but it’s hard to lure the people (who already left the party) back.
The basic social requirement of staying current, or even trendy, was amplified by the fear of social exclusion for many as well. What good is a smartphone if you can’t run the apps to communicate with your friends or colleagues? So, inevitably, the free market tended towards a monopoly for Apple, at least briefly. Once Android became a serious contender, a tipping point when the hardware had caught up, and the operating system became slick enough, it was able to breakout of it’s contrarian niche, to make it a duopoly. In the subsequent market split, lazy app developers no longer had the security to remain only on one of he platforms, and more eager developers were relieved that there were only two to target, which ironically boosted app availability for both.
There was a huge cost to this arms race as could be expected, average selling prices (ASP) of devices were reaching stratospheric levels that only Blackberry was able to maintain previously. These days it’s not unusual for a trendy smartphone to exceed $600, a retail price not seen since the early days of Motorola flip-phones, though it was often hidden in lengthier contracts. Blackberry’s ASP was defined much differently though, a side effect of mostly dealing with government or big business clientèle is much larger budgets, with much more specific performance demands. Android devices were allowed to crash, iPhones were allowed to lose information, they were “consumer” devices afterall, a Blackberry wasn’t.
Thus the demand for either iPhone or Android smartphones kept rising, their costs kept creeping up with every revision of their flagship models too, and their desirability to thieves rose with it. And so theft became a serious issue, made worse by the lack of serious security in the devices themselves. Everyone knew that stealing a Blackberry was just about pointless, it used centralized servers to provide the “smart” services, and having it without that infrastructure made it less useful than a scientific calculator, something not the case with a stolen iPhone, as it could be sold to a customer in a zone that has no worldwide blacklist checks. Then imagine having your phone stolen, with all your irretrievable data and personal information stored on the phone itself, you might start to panic.
This provided a great opportunity for profit-squeezed vendors to get back a bit of margin from the end-user, to push lost and stolen phone insurance, something that became rather indispensable, and therefore lucrative. Insurance couldn’t save your information though, just cover a similar value replacement most likely, since phone models were obsoleted and replaced with new models within months. While buyers were encouraged to protect their expensive devices as any insurance is supposed to do, even that was used as an upselling opportunity to get punters into the latest iteration of the same damned thing, for even more money, yielding that much more profit by churning.
Perhaps ironically, phone providers were under no incentive to protect their users from theft, rather the opposite, they made more money every time a phone was stolen.Bring Your Own Device
Consumer oriented smartphones managed to permeate enough of popular culture, that even business people were under immense pressure to move away from secure Blackberry devices, and allow the free-for-all of BYOD. With iPhones and various Android operated devices becoming more popular for business activity, data loss was becoming a rather serious problem. You could see this as the democratization of employment standards, but really just exposed how complacent big business has become, and how unaffordable business oriented systems were for smaller companies.
When people had a serious business enterprise, and they had deployed Blackberry phones for employees, people still used to hang onto their private devices for everything else. As new businesses were forced to adopt a device agnostic approach, and old businesses started moving away from Blackberry servers with their uncertain future, the separation of business and pleasure ceased to exist. Increasingly with the ubiquity of the phones, they were being taken into the bath to text, or taken mountain climbing for selfies, accidents became common. Not good for the budding pseudo-professional Yuppie.
Also, with phones being commodity property, with lightning fast release cycles, many users began to view their phones with contempt. Waiting for the next greater thing, and researching the latest must-have gizmo, became a part time job for many. Phone envy became a big thing, benchmarking programs were released to show who’s coloured lines were longest, something that was only common for the homebuilt computer user before. All very unhealthy if you ask me, since there was nothing you could do about it anyway, short of getting an entirely new phone.
Then in comes Apple with their fantastic borrowed-idea solution for the lost data, Cloud storage. Basically mimicking Blackberry’s centralized storage for all your important stuff, you were now free to lose your cell phone, and have it replaced, without skipping many beats. Cloud storage coupled with insurance seemed like the antidote to the poisonous issue of theft, but it may have actually made things worse. This allowed careless users to be even more careless, as “loss” became less critical, and as their fears were lessened.
Of course, during all this time, contract laws were amended to have shorter terms to allow voracious data users to flip between carriers more easily, to chase discounts. This unintentionally drove up phone costs for many end-users, as carriers were no longer able to feast off of their captives for long durations to cover the phone subsidies; subsidies that had already been hurting the bottom line, with the uncontrolled growth of cell phone ASPs. While some carriers chose to roll the subsidy costs into higher monthly premiums, it was a losing proposition when there was competition in the region, and people didn’t take kindly to it. Most carriers decided instead to offer full-price (or nearly full) phone purchases, with much more flexible plans, or even no-contract service, which seemed to be a more palatable way to eliminate their exposure to risk.
Having the price increases finally trickle down to those ending existing plans, and higher device costs for new customers, suddenly the issue of theft became serious again.Scratch and Sniff
The NSA loved this move towards Cloud storage, an American corporation collecting enormous amounts of personal information, including location tracking, associative links to other people, and even the email contents in some cases being stored for harvest was irresistible. For the first time in human history, a profile of someone’s entire life could be compiled remotely, without having to deploy any surveillance vans or badly dressed spies. All the agencies wanted a piece, national security threats, blackmail, deep cover tracking, all these things dovetailed with their incessant need to create criminals, to justify their very existence.
The vast majority of “terrorists” caught in the United States since 2001 were actually trained and encouraged by FBI agents. In most cases, it was federal agents who provided the fake explosives, or brokered arms purchases, or crafted the activities to make sure they couldn’t do any damage, then arrested them with the insider knowledge they already had. In none of these scenarios was universal surveillance required, and a lack of database access to AT&T would not have hindered them, but they demanded more and more access anyway.
Retrospectively we know how Apple was blackmailed, with secret directives, with the flimsiest justifications, and like many communications companies voluntarily gave up information on request, without being able to admit it even to the affected user. It was only under huge pressure from customers that found out about these programs from the Prism program leaks, that Apple and others exerted any pressure on the government to restrain themselves. And although the government was clearly uninterested in restraint, many of the compromised companies started employing encryption to frustrate the agents who had enjoyed siphoning everything freely until then. It shouldn’t surprise anyone to know that the NSA has been infiltrating the various security standards bodies to weaken encryption, because it’s really just another attack vector of their battle to know everything.
There was even a document released by Snowden, that showed how the NSA, and other acronymed branches of the US government, could break into an Apple phone with 100% certainty, if they had to search it, and a high percentage for popular Android devices as well. This may have had to do with the physical hardware designs between manufacturers, where Apple released few unique devices for their market share, competing Android market share was divided across a huge diversity of devices that shared little in hardware design, and reverse engineering each board wouldn’t be practical, even for the NSA.
This second level of compromise also drove Google, the maker of Android software, to see an opening against it’s iPhone rival, and began implementing full device encryption. We might be tempted to think of Google as a “good guy” in the fight for consumers rights against The Man, but Google itself was seed-funded by government entities, and has close cooperation with DARPA and the CIA to this day. Probably, like all customer centric businesses, it was more an act of self-preservation than altruism, but each affected company was under the same pressure (or backlash) to do something, and each has their own approach to appease the masses. Even here, they have to walk a tightrope, or risk being excluded from important contracts, face licensing challenges, and other sandbagging by a jilted administration.
All this just made the federal agencies even more paranoid about losing their unfettered access to everyone’s private thoughts and actions. The NSA directors (and former directors) regularly participate in debates and interviews, decrying their need to know what every terrorist is doing, because everyone hates American freedom. FBI directors take a more subtle approach, releasing memorandums and policy papers to be discussed in hearings, arguing that encryption makes their lives difficult, and it’s so unfair. Lately we even hear fear-mongering over the key internet governing bodies leaving the umbrella of American hegemony, to act more independently, more internationally, and no longer cater to every whim of POTUS, nor to some agency lawyer demanding changes.
Funny that we don’t mind faceless corporations owning all our information, or even tracking us, but throw a tantrum when the feds do…Kill that Switch
Not that long ago, there was a court case demanding one phone provider offer a safe method to not only blacklist a phone, but to kill it, making content unreadable, and the device totally unusable. It seemed to have disappeared, but some municipalities and police departments took up the cause, and California was the first to enact legislation to that effect. It remains to be seen how this will play out nationally across the other States, or whether Canada and Mexico will follow suit, but California was suffering from unusually high cell phone theft, higher than the other regions.
Now on the surface this seems very sensible, if you can order your phone killed, rendered inoperable, then thieves will eventually realize there is no value in stealing _any_ phones in the first place. Yet like all sensible laws, there is a morally ambiguous center to it. There’s obviously authority granted to the carrier to kill the phone, which may or may not void warranty in itself, and may even require the cooperation of the phone manufacturer to implement, otherwise flashing the phone with new software would just overcome the hurdle. Finally, we have the user who is supposed to initiate the killing request, with an implicit requirement to understand what they are asking for, and most people are not very technically savvy when it comes to telecoms. Would the average user even consider asking it if was possible to opt-out of the feature?
Just what happens if a phone is reported stolen, and sent a kill order, but later found underneath a friend’s couch? People temporarily lose stuff all the time, does the hapless user now have to buy a new phone, or is the theft insurance supposed to cover it? Does the kill switch even work if the battery is removed immediately, and the phone is sent to Zaire, to be re-activated outside the reach of the original hostile service provider? If it doesn’t, then what has the law really solved, or did it just make it less profitable? Who’s responsibility is it, if let’s say the kill switch doesn’t work, or the signal never activated it? Is anyone liable? Lastly, is the process reversible, can a kill order be rescinded after the fact?
There’s many questions in practice too, how they send the kill signal will alter its effectiveness, for example, DirecTV would send a kill signal to receivers to ban certain cards/codes from operating, effectively destroying it. DirecTV would send the signal multiple times over the course of a week, every week, for several months, knowing some people were hoping to get around it by leaving it unplugged for some time. Bell Expressvu in Canada did something similar with their satellite TV service, but there are many potential methods, that in theory have workarounds for each. It’s also safe to assume, that implementation of the cell phone killing mechanism will draw on the industry’s experience in the satellite TV market, who have been grappling with kill switches for well over a decade voluntarily.
Time will tell if the legislation has the intended effect, but not everyone is happy to give someone else that much control over their device either. The feds, or specifically the Department of Homeland Security, have a directive in place called SOP 303, which loosely gives them the “authority” to shut down cell towers in case of emergency. This is one of those legally ambiguous procedures, devised in private, to coerce independent businesses into doing something that would negatively affect themselves, or their reputations. There is also technology capable of disrupting all cellular devices and services within a several block radius, which has already been deployed during protests, without consulting with the telcos at all.
The insidious nature of these directives, is the symbiotic relationship these corporations have with the government, both providing the license to operate, and potentially the demand to shut it down as desired, so could a telco reject the request without facing retribution? It isn’t quite the same thing as killing a phone, but shares a lot of overlapping legal ramifications. Then again when do the feds ever ask permission, especially when they already have the capability?
And there’s one more wrinkle, if the TPP or TTIP passes, and the telco is owned by a foreign corporation, under the Investor-State Dispute Settlement mechanism, they could sue the government for lost profits…Showdown
It should be clear the feds want access to everything, they don’t want privacy to exist, despite the Constitutional guarantee to privacy in most westernized nations. It should also be clear they fear new technology, especially when that technology revolves around encryption, as it hinders their unofficial goal, even if it does nothing to hinder their officially stated goals. There’s a clear war going on between the privacy activists, who include many of the nerds that invented our communications protocols and the internet they operate, and the anti-privacy federal agencies, the ones that can’t seem to find any needles in the numerous haystacks they already have.
Except, no one is really discussing the illegality of no-fly lists, or even watch-lists when they trample over individuals rights to liberty, or even basic human rights like dignity, which are quite relevant to this topic. If a secret FISA court is able to compel a telecoms provider to turn over all metadata or records about a customer on demand, would they not be able to order the provider to kill their customer’s phone too? Who then has the court authority to challenge that decision, could a harmed customer sue their phone company for acting illegally without due process?
I expect any legal challenges will be contested with “expert” witnesses who support the surveillance programs, and “friends of the court” submissions which seek to squash the legal test altogether, making it a totally unfair fight, and ridiculously expensive to prosecute. The most likely outcome would then be a settlement, perhaps the affected customer will get a new phone, without much incentive to stay with the same provider, but also with many thousands in legal expenses to carry. Which really makes it an exercise in judicial extortion, give up your rights willingly, or “win” a crushing monetary defeat.
The whole situation can get really messy, and I have to wonder if the kill switch won’t end up being reversible anyway? There’s every likelihood the feds would like to recover all the frozen information still stored on a target’s phone they had killed. Unless the phone has a backdoor, a method to bypass any hardware-level storage encryption, or to bypass the killed part of the firmware with some external module, a genuine kill switch seems like something they wouldn’t want all that much. The fight is far from over, but we as the users are the dependents, we rely more and more on the interconnected services, and we give up our leverage over those who provide it, by needing it more, than they need us.
Last month, the US government tried to force Apple to unlock user’s phones for inspection, using the All Writs Act of 1789, updated again in 1911. This laughably old piece of legislation pre-dates phones by a weee bit, which is one of the unwritten tests courts tend to apply to technology, generally opting to get the legislation amended (or new ones passed) to cover the matter more befitting of the times. The challenge was over the password a user had installed, not a fight over some underlying technology like encryption this time, and failed when Apple successfully fought back using the Bill of Rights. The failure was partly because it would have: conscripted (forced) a third party (Apple) to act unannounced (unbeknownst to the owner) to obtain information they (Apple) don’t possess or control.
We could also end up with this power being abused, either by unscrupulous agents, or even hackers. The feds will seemingly dredge up any old statute, or precedent on the books, to force users into compliance with their insatiable hunger for data, legally entitled or not. The famous call-to-arms “Give me liberty, or give me death” could now apply to cell phones, because liberty in this case is incompatible with a centralized kill switch. North America could just go back to using undesirable landfill-grade phones, the kind most common in low income countries, but we know that won’t happen anytime soon.
So we have a kind of conundrum for the end user, the owner of the cell phone, with really no good options, only less invasive, and less detrimental ones to privacy. We could have a 100% effective encryption on the phone hardware, which makes it difficult to repair, and nearly impossible to recover data from in case of damage, but will thwart any tyrannical regime from accessing it too. We could also have a 100% effective kill switch, one that can’t be reversed, which could deter theft, but give authorities pre-emptive powers to shut you down. Just like we can use stronger password systems, and rowdy police officers will still demand access, threatening jail time or prosecution for not complying, even when it is unlawful for them to search the phone without a warrant. The tug-of-war over rights and privileges isn’t going to go away.
In the long view, what’s likely going to happen is whatever the government wants most, if they ever manage to agree on that, and the telcos will market it as a benefit to consumers. The situation will remain that way unless there’s a major consumer backlash that could hurt their stock price, but even then, we can’t exclude the possibility of the feature remaining, just hidden behind some extra layer of obfuscation…