CNET también está disponible en español.

Ir a español

Don't show this again

Security

Apple, Microsoft tussle with feds over access to user data

Tech companies say that user data requested by the government is encrypted and therefore inaccessible. But the government doesn't like that response.

A Nexus 5 being encrypted. Jason Cipriani/CNET

Apple and Microsoft are at odds with the US government's attempt to obtain customer data when that data isn't easily obtainable.

In one investigation that involved guns and drugs, the Justice Department got a court order over the summer requesting that Apple hand over text messages between suspects who used iPhones, The New York Times reported on Monday. Apple told the feds that text messages in its iMessage system were encrypted, and therefore the company couldn't honor the warrant. Some in the Justice Department considered taking Apple to court over the issue but ended up dropping the request, at least for now.

Another case due to be heard Wednesday by a New York federal appeals court also involves the Justice Department, but this time with Microsoft. In December 2013, the software giant refused to obey a warrant requiring it to share emails from a suspect in drug trafficking as the emails were stored in servers in Dublin, and the DOJ would have to get such an order from an Irish court, Microsoft asserted.

The battle between tech companies and the US government over encrypted data is an inevitable consequence of the revelations made public by documents leaked by National Security Agency contractor Edward Snowden. Some of the documents allegedly showed that the government had hacked into the networks of major tech companies to obtain user data without the knowledge of the companies. In response, the tech firms have since shored up their security to guard against any further such intrusions. But now the government is complaining because the companies are pointing to encryption and other reasons as to why they can't cough up the data in response to court orders. The government is once again citing the concern that the inability to obtain such data weakens it in the fight against terrorists, drug traffickers and other criminal suspects.

Apple's iMessage software is a prime example as it uses end-to-end encryption, which makes the data unreadable to all except the actual users. Apple doesn't keep copies of the texts unless they're uploaded to iCloud, where they're no longer encrypted. In October 2014, Federal Bureau of Investigation Director James Comey said the trend to encrypt both real-time communications and stored data could hinder criminal investigations.

But rather than hacking into data networks through the back end, as the government did in the past, according to the leaked documents, Comey wants to go in legally, through the front end, requiring mobile phone providers to create "front-doors" on their devices.

"We aren't seeking a back-door approach," Comey said, citing a term for encryption that has been intentionally weakened. "We want to use the front door, with clarity and transparency, and with clear guidance provided by law."

But the tech companies argue that encryption is necessary in order to assure customers that their data is safe. Further, providing a means to circumvent the encryption would allow certain governments, such as those in Russia and China, to more easily hack into the data of US firms.

"Clearly, if the US government wins, the door is open for other governments to reach into data centers in the US," Brad Smith, Microsoft's general counsel, said in a recent interview, according to the Times.

The case between Microsoft and the Justice Department rests not so much on how the data is stored but on where it's stored. The government believes that the location of the actual data doesn't matter because Microsoft still controls it. But Microsoft's response is that the US needs to respect the laws of other countries.

"People want to know what law will be applied to their data," Smith said, according to the Times. "French want their rights under French law, and Brazilians under Brazilian law. What is the US government going to do when other governments reach into the US data centers, without notifying the US government?"