NEW YORK — While the increasing use of encryption helps smartphone users protect their data, another sometime-related technology, cloud computing, can undermine those protections.
The reason: encryption can keep certain smartphone data outside the reach of law enforcement.
But once the data is uploaded to companies’ computers connected to the internet — referred to as "the cloud" — it may be available to authorities with court orders.
Major cloud-computing suppliers, including smartphone providers such as Alphabet ’s Google, Microsoft and Apple, routinely comply with court orders and search warrants to turn over data that in many cases would have been harder for law enforcement to obtain had users kept it solely on their devices.
"The safest place to keep your data is on a device that you have next to you," said Marc Rotenberg, head of the Electronic Privacy Information Center.
"You take a bit of a risk when you back up your device. Once you do that it’s on another server."
Encryption and cloud computing "are two competing trends", Mr Rotenberg said. "The movement to the cloud has created new privacy risks for users and businesses.
"Encryption does offer the possibility of restoring those safeguards, but it has to be very strong and it has to be under the control of the user."
Apple is fighting a government request that it help the Federal Bureau of Investigation (FBI) unlock the iPhone of Syed Rizwan Farook, the shooter in the December terrorist attack in San Bernardino, California.
The FBI believes the phone could contain photos, videos and records of text messages that Mr Farook generated in the final weeks of his life.
The data produced before then? Apple already provided it to investigators, under a court search warrant.
Mr Farook last backed up his phone to Apple’s cloud service, iCloud, on October 19.
Encryption scrambles data to make it unreadable until accessed with the help of a unique key.
The most recent iPhones and Android phones come encrypted by default, with a user’s passcode activating the unique encryption key stored on the device itself.
That means a user’s contacts, photos, videos, calendars, notes and, in some cases, text messages are protected from anyone who does not have the phone’s passcode.
The list includes hackers, law enforcement and even the companies that make the phones’ software: Apple and Google.
However, Apple and Google software prompt users to back up their devices on the cloud. Doing so puts that data on the companies’ servers, where it is more accessible to law enforcement with court orders.
Apple says it encrypts data stored on its servers, though it holds the encryption key.
The exception is so-called iCloud Keychain data that stores users’ passwords and credit-card information; Apple says it can’t access or read that data.
Officials appear to be asking for user data more often. Google said that it received nearly 35,000 government requests for data in 2014 and that it complies with the requests in about 65% of cases.
Apple’s data do not allow for a similar comparison since the company reported the number of requests from US authorities in ranges in 2013.
Whether they back up their smartphones to the cloud, most users generate an enormous amount of data that is stored outside their devices, and thus more accessible to law enforcement.
"Your phone is an incredibly intricate surveillance device.
It knows everyone you talk to, where you are, where you live and where you work," said Bruce Schneier, chief technology officer at cybersecurity firm Resilient Systems "If you were required to carry one by law, you would rebel."
Google, Yahoo and others store users’ e-mails on their servers. Telecom companies keep records of calls and some standard text messages. Facebook and Twitter store users’ posts, tweets and connections. Even Snapchat, the messaging service known for photo and video messages that quickly disappear, stores some messages.
The company says in its privacy policy that "in many cases" it automatically deletes messages after they are viewed or expire.
But it also says that "we may also retain certain information in backup for a limited period or as required by law" and that law enforcement sometimes requires it "to suspend our ordinary server-deletion practices for specific information".
Snapchat declined to comment.
More Africa news from The Wall Street Journal
More news from The Wall Street Journal
Premium access to WSJ.com: $1 a week for 12 weeks
Picture: THINKSTOCK
NEW YORK — While the increasing use of encryption helps smartphone users protect their data, another sometime-related technology, cloud computing, can undermine those protections.
The reason: encryption can keep certain smartphone data outside the reach of law enforcement.
But once the data is uploaded to companies’ computers connected to the internet — referred to as "the cloud" — it may be available to authorities with court orders.
Major cloud-computing suppliers, including smartphone providers such as Alphabet ’s Google, Microsoft and Apple, routinely comply with court orders and search warrants to turn over data that in many cases would have been harder for law enforcement to obtain had users kept it solely on their devices.
"The safest place to keep your data is on a device that you have next to you," said Marc Rotenberg, head of the Electronic Privacy Information Center.
"You take a bit of a risk when you back up your device. Once you do that it’s on another server."
Encryption and cloud computing "are two competing trends", Mr Rotenberg said. "The movement to the cloud has created new privacy risks for users and businesses.
"Encryption does offer the possibility of restoring those safeguards, but it has to be very strong and it has to be under the control of the user."
Apple is fighting a government request that it help the Federal Bureau of Investigation (FBI) unlock the iPhone of Syed Rizwan Farook, the shooter in the December terrorist attack in San Bernardino, California.
The FBI believes the phone could contain photos, videos and records of text messages that Mr Farook generated in the final weeks of his life.
The data produced before then? Apple already provided it to investigators, under a court search warrant.
Mr Farook last backed up his phone to Apple’s cloud service, iCloud, on October 19.
Encryption scrambles data to make it unreadable until accessed with the help of a unique key.
The most recent iPhones and Android phones come encrypted by default, with a user’s passcode activating the unique encryption key stored on the device itself.
That means a user’s contacts, photos, videos, calendars, notes and, in some cases, text messages are protected from anyone who does not have the phone’s passcode.
The list includes hackers, law enforcement and even the companies that make the phones’ software: Apple and Google.
However, Apple and Google software prompt users to back up their devices on the cloud. Doing so puts that data on the companies’ servers, where it is more accessible to law enforcement with court orders.
Apple says it encrypts data stored on its servers, though it holds the encryption key.
The exception is so-called iCloud Keychain data that stores users’ passwords and credit-card information; Apple says it can’t access or read that data.
Officials appear to be asking for user data more often. Google said that it received nearly 35,000 government requests for data in 2014 and that it complies with the requests in about 65% of cases.
Apple’s data do not allow for a similar comparison since the company reported the number of requests from US authorities in ranges in 2013.
Whether they back up their smartphones to the cloud, most users generate an enormous amount of data that is stored outside their devices, and thus more accessible to law enforcement.
"Your phone is an incredibly intricate surveillance device.
It knows everyone you talk to, where you are, where you live and where you work," said Bruce Schneier, chief technology officer at cybersecurity firm Resilient Systems "If you were required to carry one by law, you would rebel."
Google, Yahoo and others store users’ e-mails on their servers. Telecom companies keep records of calls and some standard text messages. Facebook and Twitter store users’ posts, tweets and connections. Even Snapchat, the messaging service known for photo and video messages that quickly disappear, stores some messages.
The company says in its privacy policy that "in many cases" it automatically deletes messages after they are viewed or expire.
But it also says that "we may also retain certain information in backup for a limited period or as required by law" and that law enforcement sometimes requires it "to suspend our ordinary server-deletion practices for specific information".
Snapchat declined to comment.
More Africa news from The Wall Street Journal
More news from The Wall Street Journal
Premium access to WSJ.com: $1 a week for 12 weeks
Change: 1.19%
Change: 1.36%
Change: 2.19%
Change: 1.49%
Change: -0.77%
Data supplied by Profile Data
Change: -0.08%
Change: 0.12%
Change: 1.19%
Change: 0.00%
Change: 0.10%
Data supplied by Profile Data
Change: 0.32%
Change: 0.40%
Change: 0.40%
Change: 0.22%
Change: 0.58%
Data supplied by Profile Data
Change: 0.08%
Change: -0.41%
Change: -0.13%
Change: -0.33%
Change: 0.10%
Data supplied by Profile Data