Slashdot Mirror
Use of Encryption Foiled the Cops a Record 9 Times In 2013
realized (2472730) writes "In nine cases in 2013, state police were unable to break the encryption used by criminal suspects they were investigating, according to an annual report on law enforcement eavesdropping released by the U.S. court system on Wednesday. That's more than twice as many cases as in 2012, when police said that they'd been stymied by crypto in four cases—and that was the first year they'd ever reported encryption preventing them from successfully surveilling a criminal suspect. Before then, the number stood at zero."
Rapelcgvba SGJ!
"When information is power, privacy is freedom" - Jah-Wren Ryel
really confuses NSA.
There are obviously thousands of people using encryption because they have a legitimate reason to hide something, and criminals also have something to hide, so it stands to reason that they'd also use encryption.
So why aren't there more cases of encryption impeding an investigation? Possibilities:
1) Only stupid people (who don't use encryption) are caught - yeah, not with numbers /that/ low;
2) The numbers are being deliberately under-reported;
3) A lot of encryption is breakable or has backdoors;
4) Most people under investigation have software planted on computers or hardware keyloggers.
"UK Government / celebrated top-notch British mathematicians create encryption that's still fit for purpose decades after their death."
An encryption scheme that can be cracked by teenagers, camels, mathematicians, governments, police, military or the guy down the road? Not an encryption scheme. Certainly not one for large-scale deployment in public security projects.
Works as intended. The fact that it may, unfortunately, be a tool used by miscreants as well as law-abiding citizens is an unfortunate side-effect, like hammers being useful for smashing windows AND doing carpentry.
Public opinion needs to be turned against anything (such as the bill of rights) that could hinder the authorities.
“He’s not deformed, he’s just drunk!”
At this rate we should have full encryption in no time!
"Kill 'em all and let Root sort 'em out"
Just wait until someone tries to spin this as an increase of over 200%, and therefore is a great and looming threat that we need to crack down on.
So, in 2013 there was a record 9 cases where criminals used FOSS?
Bollocks. The only difference between today and the past is that you can easily see an encrypted file, you can know it's encrypted, surmise it's probably got something juicy, and just be unable to break in.
It has the exact same effect as a lot of low tech stuff. For instance, memorizing a secret note than burning it would also leave no trail for law enforcement to follow. As would a secret conversation a thousand years ago you can't overhear because there was no listening devices around back then.
Therefore, I would suggest that actually finding encrypted files law enforcement cannot break into is actually an improvement.
How about slashdot is getting old? or "modern" to stay on the dice roadmap
But so far, the only criminals using encryption are the smart ones who take precautions not to even become suspects in the first place. And just because the authorities were stymied by encryption, or that the suspects used encryption does not mean that the suspects were actually guilty of any crime. Personally, I'd much rather a few crimes go unsolved than live in an authoritarian Police State.
The headline is meaningless without also including the number of cases actually involving encryption. Looking at the article, that number appears to be 41.
Status: Unable to prosecute due to lack of evidence.
Reason: Suspect used full-disk encryption. Unable to persuade suspect due to lack of wrench availability.
Place nail here >+
Err quite a while. The reality is that with enough effort the police can probably get you convicted of something. There are a lot of laws and you don't know them all. The last thing you want to do is make them look more closely at you.
With 90% confidence; I estimate this is a trap. Police can defeat encryption, no problem, usually by coercing the defendant. The reports by the police themselves are geared at getting tougher anti-privacy/anti-encryption legislation and giving bad guys a false sense of security. The feds could likely have broken the encryption, no problem, the issue at hand just wasn't important enough to reveal the capability. Pretending not to have the capability gives politicians better ammunition when improving state powers for legal surveillance, and for forcing the hands of software providers to secretly include specified backdoor tech.
when police said that they’d been stymied by crypto in four cases—and that was the first year they’d ever reported encryption preventing them from successfully surveilling a criminal suspect. Before then, the number stood at zero.
what sort of encryption(s) were the cops unable to break - assuming that they were able to tell by looking at the files; failing that what were the ones that they succeeded in breaking? That might be useful as it would guide me in choosing which algorithms to use for encrypting my stuff.
Then is occurred to me that if the cops revealed it I must assume misinformation. They surely would not make their life difficult by telling me how to defeat them -- or would they answer the question honestly ? So: I could ever trust their answer -- is there any point in even asking them the question ?
It's not obligatory.
Is like a gun of an average NRA nut - totally useless for security, while advertising to the whole world that you want to get in trouble. These encrypted files on your hard drive have been transmitted over online services and shared with other people. It's far more convenient for police to get a warrant for online data and lean on those people than tinker with your computer. On the other hand, discovery of encrypted files that you are not willing to open is an excellent clue that getting these warrants and harassing your friends is a good use of police time.
Now, when it comes to passwords, your cipher might be 64 bit, but the space of words and phrases that an average person is able to remember is much smaller. Chances are, yours can be cracked with a map reduce task running on Amazon public cloud, for a small fraction of a budget DAs would allocate for a major case. If not, it's just back to harassing your friends and family. And it's not likely you personally are trained to withstand experienced interrogators and fitted with a dental filling cyanide capsule to swallow once you have reached your limit.
Most of those 9 cases probably came from lame police departments that just were not equipped/talented enough to do old fashioned honest investigate works. At the same time, thousands of criminals have evaded capture through old fashioned guile and ingenuity. If you want to evade authorities, for good or evil reasons, it's best to stick to simple things. An iPad hidden under a neighbors door rug is more likely to evade detection than an encrypted one in your house.
Too bad they do not tell what are the resistant softwares.
I keep all my 'important' files in .JAR format on 5 1/4 floppies.
~Knowledge is knowing that a tomato is a fruit, but Wisdom is knowing not to put it in a fruit salad.
I'd think at least 99.99% of cases don't involve the suspect using their computer at all. One of the most common crimes is using a stolen checkbook or credit card, in a brick-and-mortar store. Thefts might be solved by looking at the store's security video, etc.
In the rare case where you're interested in an encrypted file, you can normally go around it. For example, if you wanted to prove child porn, the cached thumbnails that most image viewers create work just fine. Someone sending instant messages encrypted? Fine, the message log on their device is plaintext. Rarely do you need to crack the crypto.
Which, if this chain of thought is correct, leads to the conclusion that in those 9 cases, either police were NOT corrupt (and so could be foiled) or were corrupt, and wanted to be foiled.
I'm not sure that the chain of thought is correct. In some areas --Illinois for example, I would expect it to be.
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
It's 9 uncrackable cases, out of 45 encryption-cases, out of 3500 surveillance cases. Sounds pretty good to me. Mostly they would probably get the info some other way, hence not needing to crack encryption.
I've got an encrypted volume on my main box that's got stuff I'd rather not my family members/wife/friends get into. It's nothing illegal, and it's not something that would end in a divorce if she did see it, just a collection of stuff I'd rather not share with the world. Since I have people over for LAN parties and share out drives on occasion, making sure such files are in an encrypted container ensure that even if I accidentally gave them access to the wrong place, they won't be snooping around my stuff.
Given the number of personal stuff people accidentally share over P2P networks (e.g. sharing all of "My Documents" for windows users), having stuff in an encrypted file in a safe place isn't a terrible idea. If the police want to see it, bring a properly signed warrant and go ahead. They'll likely be entertained but nothing is going to end me up in a PMITAP.
Now *that* would be amusing. Dual-container encrypted volume. The easily cracked volume containing a few years worth of stuff collected from various shock sites.
Heck, no need even for dual encryption. Just make it something with an attention-getting name with an easy password stored in a place that curious inlookers could be easily trolled...
Next time one of those "This is Microsoft, your PC is sending a virus" calls come through, I should share out a VM with one of these and a container marked "banking info 2014" and a password of "12345" :-)
Before this, the number stood at zero? Wouldn't it be more accurate to say that "before this, we have no f%@#ing clue what the number stood at because there is no data"???
Just my $0.03 (At current exchange rates, my £0.02 is worth more than your $0.02)