The Good Guys' Case For Cellphone Security And Encryption
Apple and the U.S. government are in a legal clash over Apple's refusal to comply with a court order to help the FBI crack the passcode on an iPhone used by San Bernardino shooter Syed Farook. This case follows a long debate over how matters of national security should be balanced against an individual's privacy.
For many regular Americans debating this issue, this becomes a common argument: Who cares if the government gets a key to decrypt people's conversations; I have nothing to hide. Why should I get involved with encryption?
"Because the 'bad guys' want your data," says Bruce Schneier, a fellow at Harvard's Berkman Center for Internet and Society. "Almost all encryption on the planet is to protect us and our assets."
Luckily, you don't have to be a fancy computer scientist to take some basic steps to protect your assets. There are a few easy things you can do to help keep the spies, hackers and creeps at bay.
Smartphones carry the intimate data of your everyday life. They show where you go, whom you talk to, and what you care about. They can carry credit card information and financial information. That information may be exploited by hackers, identity thieves, advertisers or government entities.
The most basic step to smartphone security is of course a passcode. You can strengthen it by choosing a complex alphanumeric combination or a pattern that someone else could not guess easily. (None of the "12345" or "password" passwords, please.) In settings, make sure that your phone says data protection is enabled — this means your passcode works.
Apple also provides a setting to erase all the data on your iPhone after 10 failed passcode attempts. This is at the core of the California judge's request to Apple — give the FBI the chance to crack the code without the worry of destroying the phone's data.
Another step is to make sure your accounts on websites and programs are secure. Use a password manager, which will help you create and store secure passwords. You can also implement two-factor authentication, which adds an extra step to your login procedure to check that it's really you.
If you back up data to the cloud, be thoughtful about which sensitive information you store there. You can disable cloud backups entirely, or you can make sure you're using a cloud storage system that encrypts data. But use caution: If your phone is lost or stolen and it isn't backed up, that information is gone not only for prying eyes but also for you.
There are also ways to make the contents of your phone communications harder to intercept by anyone other than the person you're talking to. The Signal app, made by Open Whisper Systems, is free on iPhone or Android — and that's just one of them. A new paper headed by Schneier identified 865 encryption products on the market in 55 different countries. Other programs like Signal include CryptoCat, Jitsi and Silent Phone.
The decision to use these kinds of encryption messaging apps isn't necessarily a stance against government surveillance. "Protecting yourself against leaks today is not just about what happens today, it's also about protecting yourself from what happens tomorrow," says Daniel Kahn Gillmor, technology fellow at the American Civil Liberties Union, adding that encryption can help protect people with religious or political views that make them subject to prejudice.
And for the biggest technophobes, one of the easiest and most effective things to do — no coding chops needed — is to leave your phone in the fridge. Yeah, you read that right. While a powered-down phone can still transmit data, a refrigerator wall can block sounds and phone signals.
But if you're still not convinced, just think of these precautions as a return to normal. "People are starting to be able to have private conversations again," Gillmor says. "That's the way the world has been for a long time."
Naomi LaChance is a business news intern at NPR.
Copyright 2020 NPR. To see more, visit https://www.npr.org.