X
Tech

If a smartphone vendor acquiesces to anti-encryption laws, don't use them

One of the only good things to come out of governments wanting encryption backdoors is that it will allow the public to identify shady phone software creators in order to avoid them.
Written by Chris Duckett, Contributor

As the United States gears up for the strangest quadrennial election fiesta it has seen in some time, with the rest of the world looking on with increasing horror and fascination, it seems that members of state legislatures are determined not to be left behind in the bad idea stakes.

Two Democrat assemblymen, one in California and the other from New York, have introduced Bills that would see $2,500 fines issued to sellers of smartphones that are not capable of being decrypted by the device manufacturer or operating-system provider.

Without doubt, there are a lot of functional drawbacks -- the major one being the invention of magical decryption keys that only work for those designated as "good guys" -- but I do hope one of these ill-thought-out schemes becomes operational, as it would provide the public with a great service: Alerting us to which phone makers cannot be trusted.

If either of these laws are passed and bans begin to be handed out, and you happen to be using a non-banned device, then it will be safe to assume that device is able to be decrypted by law enforcement.

Any phone or software maker that is caught under one of these schemes should wear it as a badge of honour.

Even though Apple could be potentially banned from sale in its home state, such action would solidify Apple's mantra of using privacy protection as a competitive advantage against rivals that have an innate lust for personal data.

I, for one, would be regarding any list of banned smartphone vendors as a best-of-breed list for my next handset.

At the same time that politicians on one side of the Pacific want to attack encryption front on, the Australian government has decided that it will mandate the collection and storage of two years' worth of customers' call records, location information, IP addresses, billing information, and other data stored by telecommunications companies.

It was revealed last week that along with the 21 already-approved enforcement agencies that are able to warrantlessly access the metadata collected under the data-retention scheme, 61 other agencies at various governmental levels want in on the party. Among those that had sought to join the metadata club were such esteemed agencies as Australia Post, the National Measurement Institute, and Harness Racing New South Wales.

Fortunately, to this point, it appears as though none of the 61 applications were successful. But should one of the agencies far removed from law enforcement and the usual handling of personal data be given access to the retained data, the security implications could be severe.

When the bad guys come looking for valuable metadata, and they will, they are not going to attack core government systems when desk jockeys within departments and agencies are going to make it easy for them. A couple of spear phishes here, and a malware install there, and who knows what sort of data could await the lucky hacker? This will be true for both data retention and any Bill that allows the decryption of phone content.

Can the local motor registry, consumer affairs agency, or racing authority be trusted with your contact list, location history, or messaging history?

The history of data breaches, especially in recent years, shows that information leakages can, and will, happen.

The question at the moment seems to be: How much data will we let them get their hands on, and will we actually know when the breaches occur?

In Australia, breach knowledge remains more or less a black hole until sometime in 2017, when a data-breach notification scheme is set to come into effect.

As for how much data is gained, that is something governments and electorates worldwide are wrestling with, and the US is sure to be at the centre of as it enters this election year.

ZDNet's Monday Morning Opener is our opening salvo for the week in tech. As a global site, this editorial publishes on Monday at 8am AEST in Sydney, Australia, which is 6pm Eastern Time on Sunday in the US. It is written by a member of ZDNet's global editorial board, which is comprised of our lead editors across Asia, Australia, Europe, and the US.

Previously on the Monday Morning Opener:

Editorial standards