Last week, The New York Times suggested the National Security Agency (NSA) could beat your encryption with a little help from supercomputers, court orders, arm twisting and technical prowess. Now, Spiegel Online International, a German news outlet, is suggesting the NSA can spy on smartphone data from all leading manufacturers, including Apple iPhones, Android devices and even hardened BlackBerry phones.
Spiegel claims it has seen top secret NSA documents that reveal it's possible for the agency to see even the most private data on your smartphone, including contact lists, SMS traffic, notes and location information about where you've been. NSA has also reportedly set up specific working spy groups for each operating system.
Not intending to cause widespread panic, the media outlet noted that: "The material viewed by Spiegel suggests that the spying on smartphones has not been a mass phenomenon. It has been targeted, in some cases in an individually tailored manner and without the knowledge of the smartphone companies."
Should We Be Concerned?
Tim Worstall, a fellow at the Adam Smith Institute in London, reiterated that this is not a mass surveillance scheme. In other words, he explained, this is not akin to the agency's habit of trying to read all the Internet traffic it can lay its hands on.
"Rather, this is much more like dedicated surveillance of named individuals," Worstall said. "It's that they are now capable of doing this across the various different operating systems in a manner akin to the sort of thing the FBI might do if it had a warrant to allow it."
We turned to Joseph Lorenzo Hall, a senior staff technologist at the Center for Democracy & Technology, to get his thoughts on the latest NSA news. He told us part of the problem with "Snowden" revelations is that there aren't a lot of details. The Spiegel story is no different.
"There are certainly cases that we've known about for a while where law enforcement can get access to information on smartphones as long as they have the physical device," Hall said. "That's not necessarily new and the reporting wasn't clear as to whether or not this is a remote access capability. It's hard to know if there's a reason to be concerned."
What's New Here?
There are existing concerns with iPhone and Android devices. Hall explained that enabling a PIN, for example, encrypts the iPhone -- but it's easy enough to break through that encryption. In fact, Hall said law enforcement can crack a four-digit pin in about 13 minutes.
"We know there's a forensic waiting list at Apple where you can send in a device and when they get to it they will somehow bypass the pin setting and encryption. There are similar stories related to Android platforms. It's hard to know what new revelation is in this report," Hall said.
"If the NSA could gain remote access or if they could grab stuff off your iCloud that would be new. What would also be new is seeing in real time what you are doing on your device over the air," Hall said. "There is particularly sensitive information on phones and in the next year or so you will be able to download medical records to your phone."