Question of the Week No. 6
Should Congress enact a statute that requires
any designer of an operating system for a smartphone or tablet manufactured,
leased or sold in the United States to ensure that data on such devices is
accessible pursuant to a search warrant?
Yes, Congress should enact a statute requiring that data on smartphones or tablets is accessible pursuant to a warrant. The procedure should still be as it was with the pre-iOS 8 devices, where the government had to go get a warrant and then bring that warrant to Apple. I think still having to go through the company enables a certain level of accountability and ensures that the government is not abusing the access. I can see the risk that this access will make the devices less secure in general but I would come down on the side of the consequences of that risk is less severe than the risk of not being able to effectively combat violent criminal activity or terrorism.
ReplyDeleteYes. I feel comfortable with the government acquiring a warrant before using back-door access. And I think that such capabilities are essential for national security. I understand that a "back door" for the government is also a back door for hackers. But I think with appropriate levels of security, it would be a good compromise, enabling the government to have the proper measure of security, while protecting the privacy of the cell phone owners.
ReplyDeleteI really question whether or not Congress could come to an agreement on such a law, however If congress did pass a law that required a back door to only be opened with a warrant I would be ok. I think that it does pose a significant risk to personal privacy but I think that when balanced with the value to national security it would be the right move considering the risks that are becoming apparent. Assuming of course that a warrant is obtained!
ReplyDeleteYes. Given that the law is constantly evolving to address social and technological advancements the law in this area needs to evolve to ensure that the increasing amount of evidence contained on smartphones and similar devices is accessible to inculpate and exculpate criminal defendants. Requiring law enforcement to obtain a search warrant strikes the appropriate balance between the government's need to collect evidence and a criminal defendant's expectation of privacy. On one hand, there is no current or effective legal mechanism to obtain evidence that is encrypted on a smartphone or similar device, although a court may enter an order that requires a defendant to divulge pass-codes the defendant may still refuse to disclose such pass-codes. As Professor Dryer pointed out in class, the defendant will just conduct a cost-benefit analysis of concealing the pass-code, even under threat of sanction. Consequently, such a law would circumvent a defendant's refusal to disclose their passcode. On the other hand, requiring of law enforcement to obtain a warrant ensures that backdoors into an individual's smartphone data remain closed to abuse. To be sure, requiring all OS designers to install backdoors on devices would increase the threat of privacy breaches by third-party hackers and other entities. However, just as the law evolves to address social and technological advances, technology also evolves to mitigate the threats created by those same advancements... hopefully.
ReplyDeleteNo. Asking smartphone and tablet manufacturers to require that their devices ensure that the data stored on them could be made accessible pursuant to a warrant is the equivalent of asking all door and lock manufacturers to ensure that the doors could be opened and locks could be unlocked pursuant to a warrant. Yet, there is no federal statute requiring those manufacturers to ensure that their products will comply with such absurd requirements because of a simple principle: a lock that can be unlocked without a key and a door that can be opened by the U.S. government can also be opened by criminals and other totalitarian governments across the world. Whereas a mechanical door and a lock remain inextricably tied to the geographic location of your home, a smartphone is essentially an internet-connected computer, and is potentially accessible remotely, like any other computer connected to the internet. Requiring device manufacturers to design their operating systems with such capabilities is nothing more than installing a backdoor. Such schemes will leave users with a false sense of security about the encryption schemes and other protections that their devices claim to offer, while leaving them vulnerable to attacks from bad actors with an internet connection. There is a lesson to be learned from Chinese government practices related to backdoors in widely distributed software development kits (see https://thehackernews.com/2015/11/android-malware-backdoor.html ) that leave over a 100 million Android OS users vulnerable to attack. Additional lessons can be learned from the U.S. government’s own efforts that required U.S. internet companies like Google to install backdoors in their core products, and the same backdoors were exploited by hackers in China to compromise Google’s servers to steal valuable trade secrets and to expose the identities of dissidents in that country who used GMail, thus endangering their lives (see http://www.cnn.com/2010/OPINION/01/23/schneier.google.hacking/ ). Given the predictable results from these previous efforts, requiring U.S. smartphone and tablet manufacturers to install backdoors in their operating systems would be utterly reckless.
ReplyDeleteNo, creating a back door seems logical at first but in the end it becomes something beyond the control of the police and leaves everyone vulnerable. Although I think police should be able to obtain a warrant if there is such a back door, requiring phone/computer companies to install backdoors can only create problems. One issue I see if there is a way for Apple to overcome the encryption of a I-Phone then they should allow police to get a warrant and require a key. But again, if there is not an already back door then companies should not be forced to create one.
ReplyDelete