Friday, September 19, 2014

BBC: Google and Apple to introduce default encryption

By Joe MillerTechnology Reporter BBC

Google's devices have offered the option of encryption, but many users did not make use of the feature
Google has announced that its next mobile operating system, Android L, will encrypt users' data by default.
The measure will make it more difficult for private information to be hacked or handed to law enforcement agencies.

On Thursday, Apple said that devices running its new iOS8 software would be encrypted by default, with even the company itself unable to gain access.

Both firms have offered encryption for some time, but many users were unaware of its existence or had not enabled it.

Earlier this week, Apple's boss Tim Cook posted an online messageassuring users the company's philosophy was that a "great customer experience shouldn't come at the expense of your privacy".

Swipe
As well as announcing default encryption for all devices running the new iOS8 software, Mr Cook took a thinly veiled swipe at Google, saying that Apple would not use its customers' information to sell things to them.

"We don't 'monetise' the information you store on your iPhone or in iCloud," he wrote, "and we don't read your email or your messages to get information to market to you."

He added that although Apple does have an advertising business, called iAd, the function can be disabled by users.

Shortly after, Google announced its stance on privacy, also embracing default encryption. A spokesman said: "For over three years, Android has offered encryption, and keys are not stored off of the device, so they cannot be shared with law enforcement.

"As part of our next Android release, encryption will be enabled by default out of the box, so you won't even have to think about turning it on."

Both Apple and Google follow in the footsteps of the now somewhat beleaguered Blackberry, which has encrypted data by default for some time.

The firms' focus on privacy comes after nude photos of celebrities were leaked online earlier this month.

The breach, which affected actress Jennifer Lawrence, among others, was linked by some security experts to vulnerabilities in Apple's iCloud storage service.

Law enforcement
The introduction of default encryption also protects US firms from having to hand over data to law enforcement agencies.

As the companies themselves do not have access to users' passwords, which unlock the encryption, they are not actually in possession of the data concerned.

Several of the largest US tech firms have been fighting government requests for their users' private data, including Microsoft, Google, Twitter, Facebook and Dropbox.

David Emm, a senior researcher at security firm Kaspersky Lab, told the BBC that automatic encryption was "probably more about privacy than about protection".

"Customers will find some reassurance in the fact that their data can't routinely fall into third-party hands," he said.

However he added that the measure only "applies to stuff on a [Apple or Android] device, but not necessarily to stuff you put in the cloud, which could still be accessible to law enforcement agencies".

No comments:

Post a Comment