This site may earn affiliate commissions from the links on this folio. Terms of use.

Last week, Manhattan district attorney Cyrus Vance released a whitepaper calling for the federal government to pass laws mandating that Google, Apple, and whatever other smartphone vendor build deliberate backdoors into their devices. Ever since iOS eight, Apple tree has automatically enabled full-phone encryption. As of this writing, 61.8% of all Apple tree devices are running iOS 9, xx.1% are on iOS 8, and just thirteen.4% are on iOS 7. The full number of Apple tree users on iOS 7 or below is estimated at ~xviii%. Android, however, is entirely unlike — an overwhelming bulk of devices (74%) are still using devices that Google can access without the user's permission.

TheNextWeb has details on the overall issue, and the problem is fairly pregnant on the Android side of the argue. Just 26% of devices are running Android v.x or 6.x. Since encryption was optional in Lollipop and but went mandatory for Marshmallow, that means only 0.3% of the Android user base is protected from potential snooping past default. Lollipop owners have the option to plow encryption on, but the functioning striking for doing so can be significant depending on which device yous ain.

Android statistics

The larger question is whether or not Google would assist in the unlocking at all, and that's where a recent courtroom case could come up into play. Terminal calendar month, the federal government asked Apple to decrypt and access an older iPhone running iOS vii as function of an investigation. The government argues that requiring Apple to provide admission to a device it has a legal warrant to search is permissible nether the All Writs Act, which states that federal courts may "issue all writs necessary or advisable in aid of their respective jurisdictions and agreeable to the usages and principles of police." It was written in 1789, though it's been amended several times since, most recently in 1911.

Apple has argued that providing access to devices running iOS vii and earlier, while technically possible, puts the company in a dubious legal position. If Apple performs unlocks on iOS 7 and earlier devices, are the engineers that perform the piece of work now legal witnesses in an ongoing criminal case? In a recent legal filing, Apple also stated:

Apple-Testimony

Every bit Apple notes, while information technology may be possible to assist the government in some situations without an undue brunt, the sheer volume of cases that could wind upwards dumped on the company could be extremely burdensome. Furthermore, Apple isn't a branch of police force enforcement, and knowing that the company cooperates in all such investigations could harm the reputation of its products. Google didn't join Apple in its filing, but all of the same arguments apply to Android just every bit much every bit iOS. The stakes in Android's case are actually much higher, given the number of devices that aren't running the latest version of the operating organization.

Google hasn't entered the fray on this topic quite as loudly as Apple tree has, just the company is clearly moving towards a like model in which all devices are fully encrypted from the moment they go out the manufacturer. The fact that Google'due south exposure is much higher than its principle rival is another example of how the existing Android security model is broken. Google needs a system that allows information technology to button disquisitional security updates more easily and a fashion to ensure that more devices are kept up-to-date on the latest software. In that location'south no guarantee that Apple's challenge volition really win in court, and if the federal system rules that companies must provide access to devices when presented with a warrant, full-phone encryption will be the merely way to avoid the problem.

All of this assumes, of form, that the The states government doesn't pass laws limiting the utilise of encryption in the wake of the Paris attacks. We've already seen members of Congress calling for increased federal oversight of social media and even the FCC chair, Tom Wheeler, repeating at present-discredited reports that the PS4 or encryption were used to prevent authorities from knowing about the Paris assault before it happened. The fact that metadata analysis failed to prevent the attack is paradoxically used equally bear witness that nosotros need fifty-fifty more than invasive "security."

The tiny red sliver are cases launched from NSA investigations.

The tiny ruby-red sliver are cases launched from NSA investigations.

The NSA has already admitted that its bulk data collection programs have failed to stop a single terrorist attack. Of the 227 terror investigations instigated since 9/eleven in the United states of america, 17 came from the NSA's surveillance plan. The single target convicted equally a consequence was punished for sending money to Somalia — non for planning whatever kind of terrorist attack. Requiring Apple tree and Google to hand over encryption keys in routine police enforcement investigation has been sold as a means to continue united states all safer. Just the government's record where these programs are concerned is evidence that there's a very real price to that security — and the benefits of paying that price have still to emerge.