A couple of weeks ago, the mere mortals who lead the voracious giants of technology — Google and Apple — announced that they were striking a blow for protection against NSA spying by making “encryption” the default on Google cell phone software (which is used on most cell phones) and THEY software used on Apple mobile devices.
This affects equipment like the ubiquitous cell phone, although it is also relevant to some handheld computers and similar portable equipment.
The idea would be that your data on these devices would always be encypted — appearing as unintelligble nonsense to anyone looking at it without a key to “decrypt” it. You use a password and, bingo!, you can read what you stored. Without the password, it looks like a bunch of bizarre symbols. This would now be the “default”. While you could encrypt if you chose to up to now, you will now have to consciously choose not to; encryption will be automatic unless you turn it off.
The point of all this is that, since these companies would not be able to read your encrypted data, they can’t turn over legible data when the government orders them to. Since the government orders them to turn over data constantly, that’s a pretty big change.
But how real is it? Such concern for user data seems to conflict with the history of both behemoths. For exampple, the National Security Agency has long taken advantage of Google’s remarkable policy of reading its users’ email and data, purportedly for marketing purposes and to “make users’ experience easier”. That stored data has been a plum for the NSA which gets it with the company’s cooperation via court order or by using sneaky programs to intercept messages and search data on-line.
Although not a data storage company, Apple’s programs move data and interact with storage services. Its iPhone, one of the world’s most popular hand-held devices, uses a lot of Google software as well as much of its own programming. Through cell phone technology, these two companies are the major sources of NSA-gathered information. Google gives the government copious information stored on most cell phones and Apples does the same for its powerhouse iPhone.
So savvy critics are wondering if this latest announcement is really a pledge to privacy or the latest in the long string of cynical marketing ploys that have made these outfits the powerhouses they are.
Apple may not be the absolute king of computers but it has cornered the huge market for sophisticated cell phone users making its iPhone as close to a hand-held computer as anyone has come up with. What’s more, its control of “content” (particularly movies and music) is staggering.
The point is not so much what part of your home computer life it controls, it’s those cell phones that make the target. Apple makes them and Google offers a large percentage of the “apps” that expand their power beyong their “call your Aunt” capability. Both companies saw with stunning clarity the cell phone popularity coming and the impact it would have on our culture, particularly our on-line life.
People use their cell phones all day long and making calls is just a small part of that experience. Most of what you might do on a phone draws a detailed sketch of your interests, friend, activities and opinions. That’s the information that governments and companies want.
In fact, the NSA doesn’t collect all that information and doesn’t have to. That’s Google’s role. It’s a historically unprecedented relationship: a corporation acting as a government intelligence-gathering agency. It’s like an unmarked police car on street patrol.
To say that Google dominates the information world is hardly controversial. The only disagreement you might get from Google is how far it has progressed in realizing that goal. In his book (co-authored with Google’s resident visionary Jared Cohen) “The New Digital Age: Reshaping the Future of People, Nations and Business”, Google Ceo Eric Schmidt describes a world in which governments, borders and nations themselves become less important than the culture and vision emanating from technology. That culture looks like the one that’s alive in the United States and this “Americanist” vision of the world is perhaps Google’s greatest threat to humanity.
When, in the book, the authors state that privacy will soon no longer exists, they’re describing current reality: a reality Google has constructed and profits from.
Google, however, is now telling a very different story. In its recent announcement the company states, “For over three years Android has offered encryption, and keys are not stored off of the device, so they cannot be shared with law enforcement…As part of our next Android release, encryption will be enabled by default out of the box, so you won’t even have to think about turning it on.”
Android, in case you haven’t noticed, is the open source cell phone operating system that was invented as an alternative to cell phone companies’ systems and has quickly been “adopted” by every major cell phone manufacturer. Google backed its development financially and then gobbled it up in 2005. It is used by an estimated one billion users. Every Google phone app is compatible with Android.
Apple, for its part, is making similar noises.
“Apple cannot bypass your passcode and therefore cannot access this data… So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.″ iOS 8 is the currently available operating system for all kinds of Apple mobile products. It is compatible with Google’s software.
People who are comforted by this marketing ploy should reclaim their previous discomfort. Local cell phone encryption, while useful, is not the protection these companies claim it is. What’s more, it won’t protect anyone from government data-capture and intrusion.
There are many reasons for this.
Nobody can assure that this software is bug-free because almost all commercial software is first released with bugs. That means government programs can take advantage of flaws in future software and, trust me, they will.
Additionally, most cell phone users now download all kinds of “independent” or “third party” apps to enhance their “experience”. These are not Google or Apple apps. Nobody can assure that these apps are safe from data-capture and neither company pledges that they’ll test those apps for that security. So if you use a “third party” email program (like I do), your data could be captured unless you actually email encrypted data (like I do). What’s more, the government itself has a history of developing software (malware) that pretends to offer security but has a hidden pipeline to the NSA. This way, they can target individuals or groups for secret capture.
And what about international communications? Do you ever email or text someone in another country? Even if your phone uses encryption as a default, you have no way of assuring that the recipient’s software also does. In fact, it probably won’t. Many governments in other countries, for instance, banned Blackberry from selling secure phones a while back and it’s a stretch to think they suddenly will change that stance with Apple. So that when your international correspondents respond, you are vulnerable to capture.
If you store anything from your phone to Google’s “cloud” (also a default if you use Google software of the iPhone), your data is available for viewing. That’s because in order to move your data among different storage servers (which is the main benefit of cloud technology), Google has to decrypt the data. That means that, even if the NSA can’t get readable data from the phone, it can pick it up on the cloud.
Additional caveat: if you use Gmail (and most phone users do), that email isn’t encrypted on Google’s servers (where all Gmail is stored). It must be readable to allow the company to use it for the marketing and other purposes I mentioned above. So forget it — you’re vulnerable.
Finally, there’s the complacency factor. You use these phones with the assurance of encryption and you just communicate away. But a phone does a lot more than email. It tracks your location, your calling patterns, your buying patters…even the games you might play while you’re waiting in the dentist’s office. This data can’t be encrypted. Encryption doesn’t necessarily hide who you are emailing with and it can’t hide where you are when you do it.
The key here is that your phone uses an email provider just like any computer. Google products use Gmail. Gmail is not safe. In fact, it’s the NSA’s major source of email information in the world. If you think Google is suddenly going to deny the NSA the right to legally take your data with a court order, you’re a whole lot more confident in Big Brother than you should be.
The bottom line on which you should rest your data communications: privacy in email is possible but there’s no shortcut to it and no company should be relied upon to automatically provide it.
Find an email provider that allows full encryption with GPG or PGP and use it.
Make sure the email you read on your computer goes through that provider first and then can be read on your phone. This is a much more secure way of doing email by cell phone that most users do not, in fact, take advantage of.
Finally, if you can, don’t use cell phones for email or, if you must, just use them to read email you’ve received. Refrain from sending email on your hand-held device. Use your computer for that — you can control security on that computer much better.
Big Brother is always watching. Protect your privacy.