The encryption that secures your phone doesn’t come with a backup key. That may make you nervous if you’re prone to forgetting your passcodes — but it makes many law-enforcement and national-security types even more anxious when they contemplate permanently losing access to valuable evidence.
They use the phrase “going dark” to describe the spread of hardware and software that can only be unlocked by their owners — even if a court orders the companies behind those products to allow police access.
Privacy advocates, however, see “strong crypto” — without any extra keys or back doors — as vital when both commercial and government attackers may want into your devices and the immense stores of data on them.
Meanwhile, companies like Apple (AAPL) and Google (GOOG, GOOGL) increasingly treat strong encryption as a standard feature. As this debate escalates — and as many observers think the Trump administration may try to move a bill mandating what’s sometimes called “exceptional access” — they continue to ship encrypted devices and apps that can’t be whisked out of existence by any such bill.
A new twist on the Apple-FBI fight
The encryption argument got its most public airing two years ago, when the Federal Bureau of Investigation went to court to compel Apple to write special software to disable the lockout system on an iPhone 5c used by one of the San Bernardino shooters.
But a final ruling never came, because the FBI dropped the case after saying it had “successfully accessed” that iPhone’s data. Subsequent reports pointed to the bureau hiring the services of an Israeli mobile-security firm, Cellebrite, that exploited a vulnerability in Apple’s iOS operating system.
In March, however, the Justice Department’s Office of the Inspector General issued a report suggesting the FBI hadn’t tried too hard to get into that iPhone.
That report found some FBI employees seemed more anxious to set a court precedent of requiring manufacturers to let in police than to get the San Bernardino shooter’s phone unlocked. It quotes the head of one FBI office voicing his disappointment that another had hired a contractor to hack the iPhone: “Why did you do that for?”
“What we saw was a breakdown of the FBI’s argument,” explained Robyn Greene, policy counsel and government affairs lead at New America’s Open Technology Institute. “You can hack into every version of an iPhone; why do you need to back-door it?”
The biggest secret in phone unlocking in years: GrayKey
Two weeks ago, Vice’s Motherboard tech-news site revealed that one iPhone-unlocking tool — a device offered by Atlanta-based GrayShift called GrayKey — was far more widely used than even the OIG report implied.
Details had surfaced about this apparatus in earlier reports by Forbes and the security firm MalwareBytes, but reporter Joseph Cox found that numerous federal, state and local law-enforcement agencies regularly used GrayKey.
GrayKey works, MalwareBytes reported, by trying different passcodes until one works—somehow without invoking the self-defense feature that causes an iPhone to wipe its storage irreversibly after 10 incorrect tries.
GrayKey’s effectiveness and wide use surprised people on both sides of this issue, who are still trying to figure out how it works and how many other such tools might exist.
“It’s hard to know whether there are other undisclosed tools like it,” said Jamil Jaffer, head of George Mason University’s National Security Institute and an advocate of preserving law-enforcement access to encryption.
Andrew Blaich, head of device intelligence at the mobile-security firm Lookout, suggested that market forces alone ensure that more GrayKey-like tools will be built.
GrayShift has since provided its own unintentional warning of the risks of leaving back doors open: After a customer left some of its interface code exposed on the web, unknown hackers downloaded it and demanded a ransom of two Bitcoin. GrayShift doesn’t seem to have paid up.
Congress complicates this
The Trump administration has been more vocal about encryption than Obama’s. “I think the administration is increasingly getting spun up and looking for ways to address this problem,” Jaffer said. Last month, the New York Times reported that the White House was considering pushing for legislation mandating law-enforcement access to encrypted devices.
But so far, the administration has offered little detail about what an exceptional-access system might look like.
For instance, former FBI director James Comey’s instant bestseller “A Higher Loyalty” reveals that the Obama administration had developed a “proof-of-concept” plan. But officials under President Trump have only offered vague appeals for “responsible encryption.”
The most common concept offered outside government is to have backup keys locked in a secure area of the phone, to be unlocked only by a key or keys held by somebody besides the government.
On Wednesday, Wired published a report by Steven Levy outlining Lotus Notes founder Ray Ozzie’s proposal for a system called Clear in which a phone manufacturer would keep an archive of emergency private keys that law-enforcement investigators could, after taking custody of a phone, get with a court order to unlock a backup passcode permanently encrypted on the phone.
Cryptography experts pounced on issues with Ozzie’s already-patented plan. Matthew Green, a professor at Johns Hopkins University, wrote in a post that such a vault of private keys would be both massive — Apple alone would need to safeguard more than a billion—and a massive target for every government and criminal enterprise in the world.
Absent customer demand, tech firms won’t start building in exceptional-access mechanisms. But while Congress has done near zero for online privacy, it hasn’t shown much interest in passing such a sweeping mandate. After the Inspector General report and GrayKey news, a bipartisan group of 10 House members asked FBI director Christopher Wray to explain why the FBI keeps complaining about locked phones if unlocking tools are so widespread.
It’s true that, as President Obama warned at the SXSW conference in March of 2016, some horrible crime might push lawmakers not just to act, but to mandate more access than could happen under concepts such as Ozzie’s.
But even then, nothing short of totalitarian controls on software distribution would stop people from using strong encryption in add-on apps like the open-source messaging app Signal. And in that scenario, criminals could benefit more from strong crypto than citizens who play by the rules and stick with the default settings.
More from Rob: