As we reported yesterday, Google has announced that new versions of Android will automatically enable encryption by default, and like Apple the company says it will protect people from the police.
A day after Apple announced that its new iOS 8 will encrypt data by default and even Apple can’t crack an iPhone or iPad that uses it, Google followed suit by announcing new versions of Android will also enable encryption by default. I’m not going to get into an argument over which of these two companies did what first or for what reasons, except to say that I believe Google has probably been working on something like this for quite a while and only made the announcement because Apple made its announcement (not that they are scrambling to play catch up).
Google’s announcement didn’t go quite as far as Apple’s strongly worded post, but I find it interesting that like Apple, they specifically mention law enforcement.
According to Niki Christoff a Google spokesperson: “For over three years Android has offered encryption, and keys are not stored off of the device, so they cannot be shared with law enforcement. As part of our next Android release, encryption will be enabled by default out of the box, so you won't even have to think about turning it on.”
Apple’s announcement read: “Apple cannot bypass your passcode and therefore cannot access this data. So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.”
So they aren’t protecting us from hackers or thieves or even terrorists – they are protecting us from our own police departments and government agencies.
As I mentioned in a previous article, even with Apple’s new encryption there are many other ways to get at 99 per cent of the data stored on an iPhone, and that also applies to Android devices. And since Google doesn’t control the hardware, deployment or update process for Android devices, it will be up to individual smartphone manufacturers and phone service providers to implement the changes, and that could take quite a while.
Generally speaking I think security is a good thing and the more companies that implement security by default, the better off we all are. But I find it interesting that both companies specifically mention these measures will prevent law enforcement and the government from gaining access to our smartphones, yet neither of them said it would prevent criminals from cracking our phones.
Yes, I realise that many people would say that these days law enforcement and government agencies fall into the criminal category too, but are we really that paranoid about our own police and government agencies spying on us that they are at the top of the security risk list?
If that’s true then we are all in some seriously deep crap, and need to figure out how to change things as quickly as possible.
No doubt these moves will stir up a hornet’s nest of backlash from regulators across the country, and I fully expect to see new laws and regulations rushed into place preventing companies like Google and Apple from implementing any sort of encryption system that can’t be broken.
The funny thing is, I believe that Google and Apple aren’t really doing this out of the goodness of their mercenary hearts. Instead, I believe they are doing this simply to try and take themselves out of the legal loop. If they can get law enforcement and governments to believe they simply can’t get to the data on an encrypted device, then they won’t have to deal with warrants and subpoenas and court orders every time the police arrest some prostitute or drug dealer and want to get at the contact list stored on their smartphone.