A year after terrorist attacks, phone privacy laws unchanged – but watch out for Trump

Some say privacy climate has improved due to technology advances

One year ago, 14 people were killed and 22 injured by a husband-and-wife pair of domestic terrorists who attacked a training session of government employees in San Bernardino, Calif. Although the perpetrators were killed in a gun battle with law enforcement within hours of the attack, the FBI’s interest in one terrorist’s iPhone precipitated a public standoff with Apple that captured its own share of national headlines.

The FBI argued that Apple must cooperate in circumventing security features built into Syed Rizwan Farook’s employer-issued iPhone 5C, while Apple said that this would unreasonably compromise the security of its devices and place other users at risk. Hours before a scheduled hearing on whether Apple could be compelled to write code that compromises its own smartphones, the FBI backed off, saying that it had enlisted outside experts to get into Farook’s phone, though it provided few details.

+ ALSO ON NETWORK WORLD: Amazon will literally truck your data into its cloud + Finland's largest airline inks iOS deal with Apple and IBM +

There has been one well-publicized attempt to tilt the law in the direction favored by the FBI, post-San Bernardino - the bill introduced by senators Diane Feinstein and Richard Burr shortly after the end of the FBI’s standoff with Apple. Burr-Feinstein would have, in effect, required tech companies to insert exploitable back doors into all of their products, just in case the government wanted a look at some of the data within.

Yet Burr-Feinstein, despite a favorable climate in the wake of the San Bernardino attacks, went nowhere. Nor have there been any more serious attempts to undermine commercial encryption in the U.S., and experts say that the law around smartphones and privacy hasn’t materially changed since last year.

If anything, according Holmes Wilson, who co-founded the digital privacy rights group Fight for the Future, the privacy climate is actually getting better, thanks in large part to advancing technology.

“Encryption has become the default on many Android phones since San Bernardino,” he told Network World. “Generally phone privacy is improving, not degrading.” (Apple’s iOS has supported full encryption since iOS 8 in 2014.)

What will President-elect Trump do?

That could change, however, with the advent of the new administration in January, according to experts. Nate Cardozo, an attorney for the Electronic Frontier Foundation, pointed out that President-elect Trump’s pick of Alabama Sen. Jeff Sessions – a leading critic of Apple during its spat with the Justice Department – to be the next attorney general could signal a willingness to go after encrypted devices, although it wasn’t immediately clear what form that would take.

“A Sessions-led DOJ could indeed try to pressure companies to weaken encryption, but how exactly is anyone's guess,” he said.

The hints, however, are already out there: A report from JustSecurity editor and Cato Institute senior fellow Julian Sanchez said that a revised version of none other than Burr-Feinstein may yet be under consideration.

And Wilson highlights that, despite positive trends, many smartphones sold in the U.S. are still easily compromised by both law enforcement and other actors.

“The biggest missing piece now is that many Android phones are still sold without the latest security updates, or they become out of date soon after purchase,” he said. “To protect user data, we simply don’t allow our employees to use most Android phones. No company should. If it’s not a recent, Google-brand Android phone or an iPhone, don’t trust it.”

Of course, there are plenty who support the Justice Department’s assertion that strong encryption on personal devices poses a serious national security threat. Pace University professor and computer forensics expert Darren Hayes argued just that point in an editorial for the Guardian’s website at the time.

“Many mobile forensics examiners, including myself, know that what is at stake is not just the San Bernardino case but a growing backlog of criminal cases – some involving suspected child abusers or terrorists – that cannot proceed because of Apple’s defiance in assisting law enforcement,” he said.

It’s worth noting also that then-candidate Trump himself publicly called for a boycott of Apple over the San Bernardino case, putting him squarely in the FBI’s corner on the issue – and potentially putting the technology world on notice.

This story, "A year after terrorist attacks, phone privacy laws unchanged – but watch out for Trump" was originally published by Network World.

Copyright © 2016 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)