On Dec. 2, 2015, Syed Rizwan Farook and Tashfeen Malik, a married couple, carried out a mass shooting and an attempted bombing at a San Bernardino County Department of Public Health training event.
This attack, which was also a Christmas party, took place in a rented banquet room at the Inland Regional Center. About 80 employees witnessed the carnage that day. When it was over, 14 people had been killed and another 22 injured.
Approximately four hours after the shooting, the couple was killed by police following a vehicle pursuit and shootout with local law enforcement.
According to the FBI, the couple were homegrown violent extremists without any ties to any foreign terrorist cell or network. They had become radicalized by information they found on the internet.
Encrypted Evidence
One of the pieces of evidence the FBI collected from searching the couple’s Redlands townhouse was an iPhone 5C that belonged to one of the shooters. The phone was not only password protected but set up so that after 10 incorrect password attempts, the phone would essentially self-destruct — erasing everything on the device.
The FBI failed to crack the passcode on the iPhone, which they needed to review any communications relevant to the investigation of the shooting. So they turned it over to the National Security Agency. However, the NSA was also unable to break into the phone.
Then the FBI asked Apple to create a new operating system that would override certain security features. Apple refused, citing a desire to protect the integrity of their encryption from the security risks inherent in creating a back door.
On March 28, 2016 — the day before a court showdown between the U.S. government and Apple — the FBI announced they had obtained the help of a third party to successfully crack the passcode on the iPhone. Once the FBI was able to access the information they wanted, the court case was withdrawn.
Problem solved, right? Wrong.
This left many unanswered questions regarding the government’s authority to forcibly access information on someone’s personal device — even in an ongoing criminal investigation.
The Potential Price of Privacy
Clearly, the debate about whether the government has the right to access encrypted data on personal devices is not going away anytime soon. Government agencies (like the FBI) claim their actions are necessary to thwart terrorism, while tech companies (including Apple) maintain this practice raises serious privacy concerns.
The FBI reports that in 2017 they were locked out of 7,775 devices involved in various investigations. Recently, “U.S. Deputy Attorney General Rod Rosenstein made the strongest argument that ‘warrant-proof’ encryption hobbles law enforcement’s ability to protect the public and solve crimes,” writes Tom Spring at Threatpost.
The thing is most tech companies create encryption that even they themselves cannot access. For example, according to Apple CEO Tim Cook, his company cannot access messages sent and received on its iMessage service. Which means if the tech company that created the software can’t even access the requested information, what good would a warrant do?
Now, what if access to a smartphone was needed to stop a terrorist plot and no one had a way to crack the encryption? Hundreds of innocent lives might be in danger.
On the other hand, what if the government had some type of software key that gave them access to encrypted devices? It would only be a matter of time before hackers figured out a way to steal or replicate it.
Plus, foreign governments would want to use the same access method to protect their countries. Eventually, this would defeat the entire purpose of using encryption.
Ways to Defend Your Data
There is no question we live in an era of government surveillance. If you are concerned about protecting your privacy from the government or hackers, you should always use encryption on your smartphone and other electronic devices.
The best way to do this is by downloading and installing a virtual private network (VPN). Many VPNs can be run on multiple devices. If you use a VPN, make sure it’s installed on all your devices, including your computer, tablet and smartphone — basically any device that connects to a network.
The VPN I recommend (which I also use) is TunnelBear. You can browse with confidence on up to five devices. Best of all, TunnelBear does not log any customer activity — so you don’t have to worry about ANYONE tracking your internet usage.
Another step you should take to protect your information along with running a VPN is use encrypted messaging services. Here are two apps you should check out:
1. Wickr — This app was one of the first to offer end-to-end encryption as well as self-destructing messages. Wickr contains multiple layers of encryption and is built on the industry standard calculations for security. Best of all, Wickr is free in the App Store.
2. WhatsApp — This is the most popular messaging app on the market, with over a billion users. WhatsApp not only provides similar encryption to Wickr but also uses secret keys to verify the authentication of messages. This app is also free in the App Store.
The U.S. government will continue to see an increase in the number of devices they are unable to access on demand as people push back with regard to their privacy. It’s only a matter of time before we reach a breaking point and new laws are created to address this issue. But for now, I recommend using every available method to protect your personal privacy.
One last thing I should mention: Perhaps the easiest thing you can do to avoid this issue altogether is to use an old flip phone instead of a smartphone — like I do.
Stay safe,
Jason Hanson