Opinion The best device to reduce road deaths, suggested economist Gordon Tulloch, would be a large steel spike in the center of every car’s steering wheel. Focuses the mind.
The IT security equivalent is an “Assume This Device Is Tapped” sticker on every phone, tablet and computer. Absent that, the best we can do is pay attention when those with legal access to all our data abuse those powers and help themselves.
Last week, repeat offender, the FBI, served this important public service. It has been caught using its power to hoover up communications without a warrant, ostensibly to monitor foreign threats, to plunder the privacy of many thousands of US citizens whose revulsion at a brutal killing of a Black man by white cops marked them as activists.
This is nothing new. Search for “FBI abuse of powers” – replacing FBI with other state agencies to taste – and you’ll be scrolling for a year. It’s actually quite cheering that democracies still have safeguards to bring this stuff to light, and yet it keeps happening. If you live in a part of the world where such protection is diluted or absent, you won’t need telling how bad it can get.
Feds ‘persistently’ abused snoop powers. What’s next?
Leaving aside the ethics, legality and politics, it’s important to make a practical evaluation of state agencies as advanced persistent threats in the communications stack. Spies are gonna spy. It’s also important to consider the whole threat matrix, and to identify the most effective way to minimize risk as an ordinary user. What can you do to protect against undue surveillance while keeping the utility of your devices?
The most interesting and important area is mobile. It’s where we have least control combined with most reliance, where our most personal day-to-day use is matched by the fearsome battery of sensors and vendor lockdown.
There are four major classes of threat vector in your phone. Hardware, OS, apps and malware. Apple has an impressive record on device hardware security; its OS is closed, though, so your trust in the company is your basis for risk assessment. All classes of attacker want your data. What data is sent from your device into the demonstrably compromised cloud is dependent on how well permissions work, and whether there’s stuff going on under the bonnet that bypasses user control.
Android is the most dazzling set of contradictions here. Its market dominance and ease of porting – both technically and commercially – means you can find it on a huge range of handsets, reflecting a huge range of approaches to trust and data. There are plenty of cases where Android has been used to hide all manner of OEM naughtiness, not least from Chinese manufacturers who are legally beholden to Chinese state security. That’s just how it is – and the OEMs notice.
Or you can buy a top brand like Samsung, if you’re happy with the bloatware and the recent deal with Meta – details not revealed, but it’s safe to assume Zuck’s hummingbird will be slipping its tongue into your sweet data nectar somewhere along the line. That may not end well.
Then there’s Google itself, which uses its platforms to collect an astonishing amount of data, harvesting its own set of multimillion-dollar fines along the way.
So if you can’t prevent devices from taking your data and sending it out to places where state actors or privacy vampires can illegally or indecently do what they like with it, what options are there? Google and Android. No, really.
Start with the hardware. Google’s Pixel series has grown some impressive device security, arguably in the same grade as Apple’s secure crypts. Obviously, that doesn’t help much if once the device has fully authenticated you, the OS and its privacy management rolls over to get its tummy tickled by its giant overlord. That’s where Android can actually help.
- Firmware is on shaky ground – let’s see what it’s made of
- The UK’s bad encryption law can’t withstand global contempt
- China crisis is a TikToking time bomb
- FOSS could be an unintended victim of EU crusade to make software more secure
Android, famously, is open source. You can de-Google it and still have a working mobile OS where you know nothing is sneaking on you. And, famously, that’s not much good because all the things that make Android actually useful are wrapped up in Google Play services and the app store. You want those, you’re back in Mountain View’s sights.
That is until you take all the Play stuff and move it out of its tight integration with the low level system and into userland, where it can be sandboxed. That gives you back granular control over all the resources Play Services wants to use, and what data it and the app which use it want to send back. That’s the approach GrapheneOS takes, a Pixel-only open source Android distro – OK, ROM – that by many reports hits the sweet spot of maximum control over security with minimal impact on the daily Android experience.
Teamed with a second-hand last-but-one generation Pixel, GrapheneOS raises the seemingly oxymoronic possibility that the most data-tight and user-configurable mobile platform costs less than $200, has negligible environmental impact, and is powered by the data ogre Google itself.
It doesn’t matter how badly the FBI, NSA, GCHQ or the dictatorships behave, they can’t have your data if you never send it. You’ll still have to take care of what you do online and how you do it, but at least you can build that castle on a halfway decent rock. ®