A tech startup has found a simple way to keep what you send from your smartphone private: scramble it. Starting on Feb. 8, you could download, for $20, an app by Silent Circle that will encrypt your data before sending it to another person. Silent Circle already has a similar app for encrypting texts and calls. Now, outgoing data (including pictures, videos, spreadsheets, etc. up to 60 megabytes) can get the kind of encryption protection that used to be reserved to those with the technical know-how to install and use specialist software. This democratization of encryption service could have a powerful effect on the privacy of smartphone users.
This is because the app does more than simple scrambling. The person who sends the file can also set a timer that automatically burn the data within a specified time from both their own phone and the receiver's phone. As the scrambled data is held temporarily in Silent Circle's cloud on its way to the recipient, only the parties to the exchange can access it: the digital "key" to open the data is located on the users' devices and deleted after the data has been opened. Silent Circle's server infrastructure stores only minimal data on the data flowing through the app; for example, it doesn't record metadata (like times and dates of the calls).
This app was designed with journalists, diplomats, and dissidents in mind. As an example of its potential, a video of official brutality at a vehicle checkpoint in South Sudan was sent encrypted to Europe, and within minutes of its transmission was automatically deleted off the sender's device. This means that even if the sender had been arrested and his device searched, no video would have been found. This ease of use could play a critical role in getting documentation of abuses out of restrictive countries.
Of course, this app has the potential for a dark side as well. Law enforcement officials worry that criminals will be able to use the app to hide and destroy crucial evidence. When Secret Circle came out with its app that allowed for the encryption of texts and calls, the FBI has asked that Silent Circle build in backdoors, so that it can spy on suspects. So far, Secret Circle has refused to comply. It points out that backdoors which might provide a legitimate law enforcement purpose can also lead to weaknesses open to exploitation by hackers and hostile governments. But with the ability to send not just calls and texts, but data files in secret, law enforcement pressure may become too strong. This issue illustrates a classic problem with privacy law. Privacy concerns cut both ways - what protects legitimate users also protects criminal users. The difficult balance to strike in the digital realm nowadays is between accepting that risk (which is the norm in traditional criminal law, such as with the protection granted the home which protects the pot grower as well as the family home) and deciding that the needs of law enforcement require substantial cooperation from digital companies. Silent Circle's CEO, Mike Janke, clearly falls on the 'accept the risk' side of the scale: "We feel that every citizen has a right to communicate, the right to send data without the fear of it being grabbed out of the air and used by criminals, stored by governments, and aggregated by companies that sell it."
Kristin, or anyone else, what are your thoughts concerning the possible problems associated with criminal activity versus that of privacy concerns? I personally have found that people are strong supporters of privacy until that privacy concern infringes on their personal safety. I would cite different periods in US/global history where extreme measures were implemented (patriot act, etc.) when personal safety (whether real or imagined) is threatened. Here, this sounds nice, but when "criminals" start going free, will the public still want this much privacy. My bet is that it won't. Thoughts?
ReplyDeleteI agree that the thought of "criminals going free" can have a powerful effect on the public mood. However, I would argue that certain areas have such a widespread expectation of privacy, that intrusion, especially by the government, would still be viewed as outrageous. The protections surrounding the home are the best example I can come up with. Even the warrantless wiretapping that occurred under the Patriot Act was a scandal when it was discovered.
ReplyDeleteIn the digital realm, however, I don't think that expectation level is really high enough that government collection of texts, for example, will spark widespread outrage. There is a level of resigned acceptance that what is out there in technology is out there - disclose at your own risk. In that sense, I think police collection of texts and data would probably not be viewed as that outrageous by the general public.
The problem is that the mere presence of such an ap on a phone will be taken as proof of behavior, rather like the use of the 5th Amendment is taken as proof of guilt. I haven't checked Silent Circle website but being able to hide, rename, or stealth the ap would be a nice feature.
ReplyDeleteGood question, Lucas. What I find interesting is that Silent Circle's CEO thinks that his app will promote citizens' "right[s] to send data without the fear of it being grabbed out of the air and used by criminals." To him, then, Silent Circle not only promotes free speech and privacy, but also decreases the potential for criminal activity. In other words, he doesn’t see this as a choice between privacy and crime prevention—he sees privacy and crime prevention as entirely consistent goals.
ReplyDeleteI personally disagree that privacy in this instance leads to safety. In my view, this technology would more often be used in the furtherance of crime than it would be used by criminals to intercept messages. For me, it really is the privacy v. crime prevention debate that Lucas and Kirsten engage in the comments above. (I realize that technology may indeed progress to where it’s much easier for criminals to intercept smartphone data.) But it’s interesting that based on that short quote at least, CEO Janke seems to think the public will accept this because it prevents crime.
I admire Silent Circle CEO's defense of his app and refusal to build in back doors at the FBI's request. Silent Circle wasn't designed for law enforcement officials, it was designed for the user-- whether or not the user also happens to be a criminal is a risk that I'm willing to accept. In a time where it seems that someone always wants something from us (whether that be the government, Target tracking my spending habits, or Facebook monitoring my Internet activity) privacy is something we're all seeking- but that doesn't mean I'm hiding anything.
ReplyDeleteIt's a little funny to me that we need to entertain the idea of "balancing" law enforcement needs with the privacy of citizens simply because something could potentially be used to facilitate and conceal criminal activity.
ReplyDeleteLots of things can be used to facilitate and conceal criminal activity, including, for example, the home. But law enforcement doesn't have a special "back door" to my house to make sure that I'm not planning to build a dirty bomb, manufacturing and distributing methamphetamine, or whatever else it might accuse me of (note: I'm not doing any of these things and surely not suspected of doing so, just trying to use examples that invoke this kind of fear). I could have a fireplace or even a a secure paper shredder in my home to destroy evidence of the activity. Should we consider banning secure paper shredders in the name of public safety? Secure paper shredders are specifically designed to destroy documents after all.
Just like homes and shredders, this app has plenty of practical, noncriminal purposes.
I'd also point out that these sorts of debates often confuse various terms: law enforcement, public safety, and evidence preservation are not synonymous. In other words, law enforcement is not public safety enforcement, and the evidence preservation implicated has little to do with public safety (except to the extent that insufficient evidence means an alleged criminal goes free, but most criminal activity creates far more evidence than data on a phone).
Let's be honest, law enforcement will use this tool mainly for drug-law enforcement, just like most other technologies they have at their disposal (see, e.g. Kyllo and Jones). Is this the kind of "public safety" that justifies balancing? I realize there's room for disagreement regarding the public safety threat of drugs, but surely we can agree that its mostly the gang violence that comes with a profitable black market that causes most threats of imminent harm to the public at large, which is in and of itself illegal and not as conducive to facilitation by encryptable phone data.
Incidentally, I came across this related recent opinion from the Sixth Circuit earlier today (upholding conviction obtained from warrantless tracking of throw-away cell phones). http://www.ca6.uscourts.gov/opinions.pdf/12a0262p-06.pdf