Hey, Beltway Denizens: Spies Are Tracking Your Phones, So Maybe Don't Ruin Encryption

The Department of Homeland Security has acknowledged that there are unauthorized devices in our nation's capital that crooks or foreign governments may be using to track and possibly even access the contents of people's phones.

They're talking about "Stingray" devices, cell site simulators that law enforcement agencies have used to secretly track location data of cell phones in the possession of crime suspects.

The news that there are devices in the U.S. not under domestic government control came in the form of a letter to Sen. Ron Wyden (D-Ore.), who sent a bunch of questions to Homeland Security to find out what the agency knows.

You'd have to be an idiot to work in D.C. and not assume that this is going on, and the Associated Press coverage does not assume people are idiots. The letter confirms what everybody knows is happening. But it's good to see this information publicly acknowledged as the media report that the Department of Justice is once again trying to require tech and communication companies to provide them with ways to work around encryption.

From The New York Times:

Justice Department officials are convinced that mechanisms allowing access to the data can be engineered without intolerably weakening the devices' security against hacking.

Against that backdrop, law enforcement officials have revived talks inside the executive branch over whether to ask Congress to enact legislation mandating the access mechanisms. The Trump White House circulated a memo last month among security and economic agencies outlining ways to think about solving the problem, officials said.

Even those solutions that don't utterly destroy our cybersecurity altogether come fraught with risks. One approach involves a separate key in the phone itself that only the manufacturer would be able to access and use with a court order. But employees at each of these companies would be able to access the keys, increasing the potential for theft or abuse or just getting your out into the public somehow. (We've already seen this happen with Microsoft.)

This push to force access into phones comes at odds with the cybersecurity needs of everyone in D.C. who works in politics. You'd think their own sense of self-preservation would put a damper on these efforts, but no.

In fact, the Associated Press notes that the feds don't seem that interested even in doing something about the cell tower simulators being operated in their own backyard by people or governments unknown. Why? Because "there was no political will to tackle the issue against opposition from the intelligence community and local police forces that were using the devices 'willy-nilly.'"

That's the encryption fight in a nutshell. Cops and spies don't care about your data security if it makes it harder for them to access whatever they want. And that position seems implacable, even if it increases the likelihood that Americans will become victims of criminal hacking.