This case involves a smartphone company’s announcement that its new device came equipped with hard disc encryption enabled by default. It was further announced that phone users would not keep the key to decrypt these devices. It was alleged that consumers could not even unlock a locked phone of these types. An expert in encryption was sought to determine if the assertion had any merit and whether information could be obtained from devices without the user inputting the password to unlock the phone. The expert was also asked to discuss the relative increase in consumer privacy and security resulting from this.
Question(s) For Expert Witness
- 1. Are you familiar claims that new smartphones have encryption enabled by default that they will be unable to decrypt?
- 2. Do you have an encryption background in this space as applied to manufacturing and engineering?
- 3. Can you discuss the relative impact on security and privacy if this is true?
Expert Witness Response E-009721
I’m an engineer with 30 years in developing the cell phone system worldwide. I hold 29 patents and 4 trade secrets with a prominent service provider. Part of the work we developed involved encryption schemes used to encrypt phone calls. Our work also involved the information that goes back and forth across the air when you make a phone call. We spent a lot of time developing this because people would clone phones by capturing the unencrypted information out of the air. This is fairly straight forward, and this type of encryption has been around forever. What’s happening here is not new and is easy to understand. Using a double key method, smartphone companies can claim that they have very good security and that they cannot open a user’s phone because they do not have the ability to get the security code. That is true. Only the user has the combination to the lock. There are other methods too (public/private keys). There are simple examples of this I could convey that a jury could understand.