If the Police can read your mobile device at will, what should you do?
The BBC reports (http://www.bbc.com/news/technology-18102793) that the Metropolitan Police (the Met, aka Scotland Yard) in London is spending GBP50K to obtain 16 terminals which can read your mobile phone at selected Police Stations in London. This demands thought — and analysis suggests some interesting implications.
Not only will the Met be able to read the data (which includes telephone calls and SMS messages but also all your private apps and data and those of your employer enterprise, if stored on the device) but it will be able to retain indefinitely — even if you are not charged with an offence (unlike DNA, which has to be destroyed if there is no charge). It is to be hoped that Civil Rights movements will protest loudly, and win.
However, that does not mean that you should not plan. But the implications are diverse. For example, what happens if you:
- choose encryption?
- prefer to hold the minimum on your device?
The encryption route is not straightforward, and produces some differentiating insights:
- Apple prevents whole device encryption (unless, presumably, it controls this — which is pretty much like having the Met have access); the implication is that if you are worried about any authority having access you should NOT buy an iOS device unless you jailbreak and adopt a jailbroken-iOS encryption approach
- for Android various possible whole-device or selected partial-device encryption solutions exist or are in development; thus an Android device looks as if it would be inherently superior at fending off the likes of the Met (especially if encryption is not implemented in hardware — because the phone vendors will almost certainly have given hardware keys to governments in order to be permitted to sell devices)
- the position with Windows Mobile is open; potentially it could have many solutions derived from the many encryption applications already available from the Windows/Open Source world — though this will likely have to wait until Windows Phone 8
- the concept of Linux as your smartphone OS looks much more appealing, because owners can do so much more (if they understand Linux).
There is one further dimension. Say you have encrypted your smartphone. No encryption is unbreakable, given enough time and resources. But what are your rights if the Met asks you for the decryption password? You refuse. What can the Met do? It can still take a copy of the encrypted data. But it is likely, unless you have been especially evil, that the authorities will not be bothered to crack any decent encryption, if only because of the expense. (There is also the possibility of using physical coercion — torture — but hopefully the Met would not resort to this.)
Besides an encryption solution, a wholly different approach would be to store nothing on your device — but have everything in a secure cloud location (or locations — not everything should need to be in one cloud). The obvious disadvantage is that you would need connectivity and complexity to access anything. On the other hand the Met (and its ilk) could happily read your smart device and find what is there — which would be relatively little (remember, all your ordinary call and SMS data can be resurrected from the telco/carrier, once sufficient identifying device information was available, so there is little point in worrying about this). While a cloud approach would be a nuisance, slow and necessitating the downloading of apps and data, at least it might make mobile devices cheaper (there would be less need for so much storage on smartphones, etc).
Indeed, one of the reasons that many enterprises are looking to keep their data (and even apps) off smart devices is to ensure that enterprise assets do not fall into the wrong hands. Those hands could include the Met, or some other over-mighty authority.
Unintentionally the actions of the Met (and its equally greedy Big Brother — called the Home Office, in the UK) may achieve what no-one else has yet managed to achieve:
- knock Apple off its iOS perch (unless Apple changes — which seems less than credible)
- emphasize the desirability of clouds
- reduce the cost of smart devices
- encourage the adoption by all of enterprise-quality security
- significantly inhibit the very possibilities that the Met/Home Office desire.
On a personal note, this will almost certainly encourage me to go down an Android or Linux route for any new smart phone (see http://bit.ly/H94hrq and http://bit.ly/HtgnyV) — if only to frustrate those who seek to know all and to hold data they do not need to have.