Use of Encryption Foiled the Cops a Record 9 Times In 2013

← Back to Stories (view on slashdot.org)

Use of Encryption Foiled the Cops a Record 9 Times In 2013

Posted by timothy on Thursday July 3, 2014 @08:24AM from the achievement-unlocked dept.

realized (2472730) writes "In nine cases in 2013, state police were unable to break the encryption used by criminal suspects they were investigating, according to an annual report on law enforcement eavesdropping released by the U.S. court system on Wednesday. That's more than twice as many cases as in 2012, when police said that they'd been stymied by crypto in four cases—and that was the first year they'd ever reported encryption preventing them from successfully surveilling a criminal suspect. Before then, the number stood at zero."

28 of 115 comments (clear)

Min score:

Reason:

Sort:

First post! by GameboyRMH · 2014-07-03 08:25 · Score: 4, Funny

Rapelcgvba SGJ!

--
"When information is power, privacy is freedom" - Jah-Wren Ryel
I smell a rat. by Anonymous Coward · 2014-07-03 08:32 · Score: 5, Insightful

There are obviously thousands of people using encryption because they have a legitimate reason to hide something, and criminals also have something to hide, so it stands to reason that they'd also use encryption.
So why aren't there more cases of encryption impeding an investigation? Possibilities:
1) Only stupid people (who don't use encryption) are caught - yeah, not with numbers /that/ low;
2) The numbers are being deliberately under-reported;
3) A lot of encryption is breakable or has backdoors;
4) Most people under investigation have software planted on computers or hardware keyloggers.
1. Re:I smell a rat. by JimFive · 2014-07-03 08:50 · Score: 5, Insightful
  
  You forgot:
  
  5) Most crimes leave evidence that is not on the criminal's computer.
  
  --
  Please stop using the word theory when you mean hypothesis.
2. Re:I smell a rat. by rogoshen1 · 2014-07-03 08:54 · Score: 5, Insightful
  
  that oblig xkcd comic about a heavy wrench defeating encryption is more likely.
  "we'll drop the sentence to 1 year in prison if you give us the keys, or you can fight us, and we'll go for 25 to life."
  (protip: the wrench can be a metaphor)
3. Re:I smell a rat. by Shakrai · 2014-07-03 09:03 · Score: 4, Informative
  
  There are obviously thousands of people using encryption because they have a legitimate reason to hide something
  My hard drives are encrypted simply because my entire life is on them and I'd rather not have everything you need to steal my identity fall into the hands of whomever broke into my house and stole my PC. I take similar precautions with physical documents that could be used to the same end. My SSA card and Passport are kept in the Safe Deposit Box except when needed, other forms of ID are always kept on or near my person, so they're not apt to be stolen in a burglary.
  I don't know or care if LUKS and Truecrypt are secure enough to resist access by a well resourced and competent government agency. They provide ample security for the threat vectors that I care about.
  
  Most people under investigation have software planted on computers or hardware keyloggers.
  This, along with other side channel attacks (social engineering, or even simply guessing the password, remembering that most people use easily guessable passwords) is the most likely explanation. If the United States Federal Government has ways of breaking modern ciphers they're not going to throw it away to secure mundane criminal convictions.
  
  --
  I want peace on earth and goodwill toward man.
  We are the United States Government! We don't do that sort of thing.
4. Re:I smell a rat. by davydagger · 2014-07-03 09:31 · Score: 4, Informative
  
  that is somewhat bullshit.
  
  9 times out of 10, someone trying to crack your encryption is not going to be someone who is able to use that amount of leverage. Most likely they are going to subversively copy your data, or
  
  As far as I am concerned, I don't need my encryption to completely uncrackable. If all encryption does is provide tamper evidence, and doesn't allow undetectable snooping I am OK.
  
  Also, ability to crack encryption in an investigation/forced to decrypt for trial, is not the same as undetectable mass survailence. If all encryption does is force cops to go back to needing warrants and subopeanas, and due proccess, I think its done its job quite well.
5. Re:I smell a rat. by Anonymous Coward · 2014-07-03 09:32 · Score: 5, Insightful
  
  >
  > have a legitimate reason to hide something
  >
  A person does not ever require a "legitimate reason" to use encryption. A person can transmit information in any way he may see fit or in any way he may simply desire without needing a reason or explanation.
  If I want to strongly encrypt a cooking recipe that I email to my grandmother, then it is my business and my business alone.
  The point is that criminal intent or any other intent cannot/should not be inferred solely from the act of encryption.
6. Re:I smell a rat. by AmiMoJo · 2014-07-03 10:27 · Score: 2
  
  What is the punishment for refusing to hand over keys? In the UK it is only 2 years, so if you are accused of anything with a longer sentence or some other punishment like being on the sex offenders register you might as well take the two years. Also, "I forgot" is supposed to be a valid defence, unless they have evidence beyond reasonable doubt that you didn't forget, but I wouldn't rely on that.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
7. Re:I smell a rat. by roc97007 · 2014-07-03 10:30 · Score: 4, Insightful
  
  > 6) The encrypted cellphone is thrown into the evidence bag and never looked at again because the arresting officer couldn't get it open.
  Beat me to it. I'd put it more generally as "the police were stymied by encryption 2,316 times last year, but only recognized the fact nine times".
  
  --
  Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
8. Re:I smell a rat. by roc97007 · 2014-07-03 10:31 · Score: 3, Informative
  
  > 9 times out of 10, someone trying to crack your encryption is not going to be someone who is able to use that amount of leverage.
  It's not about having that kind of leverage. In an interrogation, a cop is not required to tell you the truth. Never forget that.
  
  --
  Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
9. Re:I smell a rat. by roc97007 · 2014-07-03 10:32 · Score: 2
  
  I think relying on "I forgot" is probably a good strategy if you have nothing to lose.
  
  --
  Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
10. Re:I smell a rat. by roc97007 · 2014-07-03 10:34 · Score: 2
  
  I read somewhere of a type of safe called a "burn safe". If opened improperly, it destroys the contents. Apparently used for very sensitive physical documents.
  Of course, you should probably have backups somewhere, probably in a different burn safe geographically distant.
  
  --
  Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
11. Re:I smell a rat. by nospam007 · 2014-07-03 10:51 · Score: 3, Insightful
  
  "It's not about having that kind of leverage. In an interrogation, a cop is not required to tell you the truth. Never forget that."
  It doesn't matter what the cop says, YOU have to shut your mouth.
  Don't talk to the police, ever!
  It can only hurt you.
12. Re:I smell a rat. by CharlieG · 2014-07-03 12:42 · Score: 2
  
  Well, How about (for real) a body was dumped in front of my house. They asked "Hey, we know that at 10:30ish this body was dumped in front of your house, did you happen to see the car?" (there were whiteness to the kidnapping a few miles away). Of course I told them what I knew "Nope officer, didn't hear/see a thing till I looked out the window and saw a bazillion flashing lights, sorry" "OK, Thanks"
  
  --
  -- 73 de KG2V For the Children - RKBA! "You are what you do when it counts" - the Masso
13. Re:I smell a rat. by SpzToid · 2014-07-03 21:37 · Score: 2
  
  Here's the legal argument for not talking to the police: https://www.youtube.com/watch?...
  
  --
  You can't be ahead of the curve, if you're stuck in a loop.
14. Re:I smell a rat. by L4t3r4lu5 · 2014-07-03 22:09 · Score: 2
  
  This only applies for the US, where anything they say "... can be used against them..." Sworn testimony, or evidence given under caution or arrest, in the UK for example, can be used by both prosecution and defense.
  
  Still, you're definitely supposed to talk to a legal representative prior to talking to Police in any jurisdiction.
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
15. Re:I smell a rat. by L4t3r4lu5 · 2014-07-03 22:15 · Score: 3, Insightful
  
  Your "burn safe" is vulnerable to denial of service. Say you lose the key, or the keypad is damaged; How do you get your documents? What if someone just hits it with a hammer until the system is activated, just to piss you off?
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
The headline should really read: by ledow · 2014-07-03 08:39 · Score: 2

"UK Government / celebrated top-notch British mathematicians create encryption that's still fit for purpose decades after their death."
An encryption scheme that can be cracked by teenagers, camels, mathematicians, governments, police, military or the guy down the road? Not an encryption scheme. Certainly not one for large-scale deployment in public security projects.
Works as intended. The fact that it may, unfortunately, be a tool used by miscreants as well as law-abiding citizens is an unfortunate side-effect, like hammers being useful for smashing windows AND doing carpentry.
Scare tactics by fustakrakich · 2014-07-03 08:40 · Score: 5, Insightful

Public opinion needs to be turned against anything (such as the bill of rights) that could hinder the authorities.

--
“He’s not deformed, he’s just drunk!”
Yay exponential growth! by MRe_nl · 2014-07-03 08:48 · Score: 2

At this rate we should have full encryption in no time!

--
"Kill 'em all and let Root sort 'em out"
Correction...That you know of... by KingOfBLASH · 2014-07-03 08:54 · Score: 2

Bollocks. The only difference between today and the past is that you can easily see an encrypted file, you can know it's encrypted, surmise it's probably got something juicy, and just be unable to break in.
It has the exact same effect as a lot of low tech stuff. For instance, memorizing a secret note than burning it would also leave no trail for law enforcement to follow. As would a secret conversation a thousand years ago you can't overhear because there was no listening devices around back then.
Therefore, I would suggest that actually finding encrypted files law enforcement cannot break into is actually an improvement.
1. Re:Correction...That you know of... by geniice · 2014-07-03 09:47 · Score: 2
  
  No but I'm also going to be somewhat surprised if someone has a bunch of 1,024 MB blocks of /dev/random on their hard drive. Well I guess a few statisticians might.
  In practice odds are I simply don't care. Most criminals leave far more evidence than the police actually need to get a conviction. If I can't open a file with one click I'm going to go back to looking at your bank statements for interesting payments.
2. Re: Correction...That you know of... by nospam007 · 2014-07-03 10:58 · Score: 2
  
  "This is a big reason why I think SETI-type programs are doomed to fail. If it would be hard to tell the difference between encrypted data and random data, how much harder would it be to tell the difference between an alien encryption scheme and random noise?"
  If aliens want to communicate with us, they won't use encryption. They'll make it as easy as possible. (The'y'll probaly send a .DBF :-)
  Or we just watch their 'I love Lucy'.
  SETI isn't trying to break encrypted files from Space Nazis.
3. Re:Correction...That you know of... by wiredlogic · 2014-07-03 13:28 · Score: 3, Funny
  
  I prime all my drives with GNU shred since its PRNG is faster than /dev/random and good enough for creating background noise. I've considered writing a program that exhibits statistical anomalies such as Benford's law or randomized MPEG blocks for kicks. Or maybe even valid MPEG encoded noisy frames of Goatse zooming in repeatedly.
  
  --
  I am becoming gerund, destroyer of verbs.
They'd be stumped more often by l0ungeb0y · 2014-07-03 08:55 · Score: 4, Interesting

But so far, the only criminals using encryption are the smart ones who take precautions not to even become suspects in the first place. And just because the authorities were stymied by encryption, or that the suspects used encryption does not mean that the suspects were actually guilty of any crime. Personally, I'd much rather a few crimes go unsolved than live in an authoritarian Police State.
From the police report... by MasterOfGoingFaster · 2014-07-03 09:46 · Score: 2

Status: Unable to prosecute due to lack of evidence.
Reason: Suspect used full-disk encryption. Unable to persuade suspect due to lack of wrench availability.

--
Place nail here >+
ItsATrap by mysidia · 2014-07-03 10:12 · Score: 3, Insightful

With 90% confidence; I estimate this is a trap. Police can defeat encryption, no problem, usually by coercing the defendant. The reports by the police themselves are geared at getting tougher anti-privacy/anti-encryption legislation and giving bad guys a false sense of security. The feds could likely have broken the encryption, no problem, the issue at hand just wasn't important enough to reveal the capability. Pretending not to have the capability gives politicians better ammunition when improving state powers for legal surveillance, and for forcing the hands of software providers to secretly include specified backdoor tech.
when police said that they’d been stymied by crypto in four cases—and that was the first year they’d ever reported encryption preventing them from successfully surveilling a criminal suspect. Before then, the number stood at zero.
Personal content by phorm · 2014-07-04 03:10 · Score: 2

I've got an encrypted volume on my main box that's got stuff I'd rather not my family members/wife/friends get into. It's nothing illegal, and it's not something that would end in a divorce if she did see it, just a collection of stuff I'd rather not share with the world. Since I have people over for LAN parties and share out drives on occasion, making sure such files are in an encrypted container ensure that even if I accidentally gave them access to the wrong place, they won't be snooping around my stuff.
Given the number of personal stuff people accidentally share over P2P networks (e.g. sharing all of "My Documents" for windows users), having stuff in an encrypted file in a safe place isn't a terrible idea. If the police want to see it, bring a properly signed warrant and go ahead. They'll likely be entertained but nothing is going to end me up in a PMITAP.