VERIZON’S ENCRYPTION POLICY MAY RESOLVE A CONFLICT BETWEEN PRIVACY AND PUBLIC SAFETY
In October of 2014, Apple and Google announced new privacy enhancements to their handset encryption policies that was considered so obstructive to public safety that FBI Director James Comey began visiting Capitol Hill to demand a legislative response. A few months later, Verizon modified its handset encryption in a way that helped both privacy and public safety. Is the encryption fight suddenly resolved?
Apple and Google’s Encryption Improved Privacy But Potentially Risked Public Safety
In the wake of the 2013 NSA/Ed Snowden scandal Apple and Google were two of the major Internet providers who took heat from privacy interests for allegedly cooperating too closely with the intelligence community. The complaints made the companies fear their assistance to national security investigations might scare away business, especially in foreign markets such as Western Europe, a leader in privacy protection.
The tech giants responded to the bad press by raising their privacy standards. Among other things, Apple created an “encryption-by-default” policy for its iPhone, and Google adopted a similar practice for Android phones. The new policy essentially made it impossible for law enforcement to access the content of a suspect’s smart phone, even when agents presented the phone maker with a valid warrant.
Privacy advocates cheered the encryption-by-default innovations as necessary defenses against government intrusion. Law enforcement complained that the new encryption policies placed terrorists and criminal suspects above the law. Meanwhile, law enforcement agencies felt they were judged guilty by association with the NSA even though they played no role in the NSA’s activities.
The encryption-by-default actions sent FBI Director Comey running to Congress for a legislative fix.
The CALEA Section on Encryption Failed to Achieve its Public Safety Purpose
The statute Director Comey wants to change is the Communications Assistance for Law Enforcement Act of 1994 (“CALEA”). CALEA requires that if a communication service provider encrypts communications it must decrypt the communications when implementing court-ordered surveillance. However, soon after CALEA was enacted the encryption provision became useless as carriers migrated to user-initiated forms of encryption.
Law enforcement agencies generally cannot decrypt communications by themselves. In a growing number of cases they must try to solve crimes using old fashioned methods, as opposed to lawful intercepts, because they can’t fruitfully tap a communication that cannot be deciphered. Hence the need for service provider assistance.
Director Comey’s goal is to update the old 1994 CALEA statute so lawful surveillance can include a realistic means of decryption.
Verizon’s Encryption Serves Both Privacy and Public Safety
Verizon Wireless recently unveiled its own encryption policy. Verizon Voice Cypher provides end-to-end encryption for voice calls on all wireless networks, and it works not only on iOS and Android platforms but Blackberry as well. When required to assist lawful surveillance, the wireless carrier equipped with Verizon Voice Cypher can decrypt the suspect’s calls.
For now, Voice Cypher is available only to business and government users. But the product may eventually appear in the residential market.
The Best of All Encrypted Worlds
Verizon shows that when it comes to encryption, privacy advocates and the cops need not wage war. For nearly all calls that a wireless service provider carries it can give its subscribers extreme privacy. And on those rare occasions when a court orders the service provider to intercept the conversations of a terrorist or criminal suspect, the provider can deliver those calls to law enforcement as is, not hidden in a jumble of code.
In light of Verizon’s encryption product, will Director Comey continue seeking a new encryption mandate on communication providers? That probably depends on whether industry follows the encryption policy established by Apple and Google or the one adopted by Verizon.