Slashdot Mirror
Prosecutors Op-Ed: Phone Encryption Blocks Justice
New submitter DaDaDaaaaa writes: The New York Times features a joint op-ed piece by prosecutors from Manhattan, Paris, London and Spain, in which they decry the default use by Apple and Google of full disk encryption in their latest smartphone OSes (iOS 8 and Android Lollipop, respectively). They talk about the murder scene of a father of six, where an iPhone 6 and a Samsung Galaxy S6 Edge were found.
"An Illinois state judge issued a warrant ordering Apple and Google to unlock the phones and share with authorities any data therein that could potentially solve the murder. Apple and Google replied, in essence, that they could not — because they did not know the user's passcode. The homicide remains unsolved. The killer remains at large."
They make a case for lawmakers to force Apple and Google to include backdoors into their smartphone operating systems. One has to wonder about the legitimate uses of full disk encryption, which can protect good people from harm, and them from having their privacy needlessly intruded upon.
"An Illinois state judge issued a warrant ordering Apple and Google to unlock the phones and share with authorities any data therein that could potentially solve the murder. Apple and Google replied, in essence, that they could not — because they did not know the user's passcode. The homicide remains unsolved. The killer remains at large."
They make a case for lawmakers to force Apple and Google to include backdoors into their smartphone operating systems. One has to wonder about the legitimate uses of full disk encryption, which can protect good people from harm, and them from having their privacy needlessly intruded upon.
Phones are used to communicate. How about identifying the carrier, going to the carrier with a subpoena for the ownership information and communications logs, and go from there?
Do not look into laser with remaining eye.
There is no proof there is any evidence on the phones.
HOWEVER, there is a ton of evidence that authorities will abuse their legal authority and spy on innocent people.
Whats next, getting rid of trials because the law knows that some guilty people have been found innocent, and the few innocent who have been found guilt are just collateral damage.
It has become necessary my friend. Until the abuses of the NSA are stopped we must strike back where we can.
I find it hard to believe that invasive access to a smart phone is the only way to solve a crime, murder 1 or otherwise.
Lots of things "hinder" justice. The fact that we don't all wear trackers that inform the government of where we are at all times hinders justice. The fact that all financial transactions aren't conducted electronically hinders justice. The fact I can go wherever I want without first obtaining permission from the government hinders justice.
The fact that I don't have to submit to those intrusions is part of my freedom. I appreciate my freedom and am willing to forgo or more efficient justice system in order to maintain my freedom - especially given the fact that once freedom is sufficiently curtailed those doing the curtailing tend to lose their concern for justice.
This is getting ridiculous, when there is evidence that could solve multiple murders and they have it so locked down that even LEO cannot get at it.
How do you know what is on the phone would solve the murder?
That type of encryption is for the government, not for joe six-pack.
10/10. Excellent troll, good sir!
I can store encrypted data in my safe. I can send encrypted data through the mail. I could keep encrypted data in my vehicle. What's your point?
I think I might have some small sympathy for the idea that law enforcement should have some recourse to access the contents of a cell phone, provided they first get a warrant. However, in light of what we've learned about the NSA spying, I don't see how anyone could trust that such a back door won't be abused. Really, building any kind of backdoor is a serious security risk, since any backdoor that the "good guys" can use also carries a risk that the "bad guys" will discover it. But beyond all the normal security risks, we now know that our this kind of access has been abused by various forms of law enforcement in ways that are ethically questionable if not illegal.
So... sorry. You no longer deserve the benefit of the doubt. If you wanted our good faith, you shouldn't have secretly abused the system.
Encryption, in and of itself, is for everyone. The government is neither entitled to better encryption than Joe Sixpack, nor is the government entitled to backdoors that can be used by criminals to break in as soon as they're known...which, given the black-hat hacker community, won't take very long.
If the government *gets a warrant*, they can coerce the owner of the phone to unlock it for use as evidence. As it is, "stingrays" and NSA taps on our communications allow the government to intercept private communications *without* a warrant.
If we're not allowed to encrypt our phones, tablets, and hard drives because it makes it harder for law enforcement, then pretty soon it will be illegal to own front doors that can't be knocked down with a LEO battering ram, or locks that can't be opened by LEO at the push of a button...and criminals will soon have the button (hackers have already broken the security of garage door openers, wireless car starters, and hacked into car control systems; I suppose you say that we can't put better encryption on *those* because of LEO?)
We need to curtail the government's intrusion, not make it bigger. 9/11 started a dangerous trend of fighting terrorism by shackling law-abiding citizens, bit by bit.
Safes can be opened ... with a warrant.
Absolutely. However, I don't believe that anyone is compelled to divulge the combination to a safe; rather law enforcement hires someone to forcibly open the safe. If they can't open the safe without destroying the contents inside, that's just too bad.
There's no reason to make smartphones that can't be searched ... with a warrant.
You can absolutely search my encrypted smartphone with a warrant. How much information you'll get out of it without my key is debatable, but nobody gets to know my passwords (aka combination). If the police are able to crack the encryption, good for them. However, I'll continue to trust math to keep my secrets safe.
That type of encryption is for the government, not for joe six-pack.
The problem with that thinking is it leaves you open to spying from everyone, not just the government. Let's assume we allow some cryptosystem that has a back door / master key. To implement the system, you have to publish the specs which will be viewable to all (don't get me started on export control; it'll get out). Someone much smarter than you or I will realize the back door and exploit it to snoop on highly sensitive encrypted traffic... say online banking. Then joe six-pack gets a little pissed when he finds out that his bank account was raided and now he has no money. Oh, and since it was his password that was used to withdraw all that money, the bank won't be returning that money.
So, how does joe six-pack feel about broken encryption now?
Security and privacy are opposites. The more we have of one, the less we have of the other. Any mother tempted to look inside their teenager's diary knows this.
The question is not and never has been, could we obtain more security by giving up some privacy.
Instead the question is, what issues are so substantial that an invasion of privacy is required - and how large an invasion would that be.
The proposed invasion of privacy - a back door in every single phones - where like it or not, people keep nude photos, sexy text messages, GPS data, contact information, etc. etc. is HUGE. The proposed security enhancement is minor.
excitingthingstodo.blogspot.com
Safes can be accessed with a warrant only because it is beyond our ability to make an uncrackable safe. If someone could make one, they certainly would.
The fact we can actually make smartphones that can't be searched (or law enforcement has not yet figured out how to search) is a good thing.
The reason to make smartphones that can't be searched is that humans (law enforcement and otherwise) cannot be trusted to be responsible with the power. It's been repeated many times here, but if *anyone* can search your phone, *everyone* can search your phone. There's no "backdoor" that only the trusted can use (assuming you happen to actually trust someone) no matter how cleverly you try to set it up.
Again, the assertion that there is evidence on the phones that would help solve the crime is bullshit. They don't know what's on the phone, and they want to use this as an argument for a power grab.
The fact is, if a backdoor into your phone can help law enforcement to solve a crime, it can also help someone else (or even law enforcement) ruin your life just as easily.
Notwithstanding the argument is completely wide open. Okay, so I'm at a crime scene and I see a phone - I want to know everything that's on that phone, even if it's the wrong phone, and even if it contains sensitive pictures of someone's naked wife tied to a bed. No, I won't delete the pictures when I'm done. No, I don't see anything wrong with taking the pictures home if I think she's hot. Also, I see a gun safe over there - we should be able to open that. Also, I see a car over the street - we should be able to open that. I smell marijuana, let's open everything. Also, civil asset forfeiture...let's take everything that looks valuable and sell it for a slushy machine.
It's problems like these. We don't have any assurances what they do with this data once they got it. They make no assurances and we'll take what we please and we'll do it by force. What's that? I don't like the way you're looking at me, RESISTING ARREST! Oh I'm sorry I broke both your legs. No, we're not paying for medical attention. Oh, when did you lose those teeth? I don't remember punching you.
Maybe we just don't want all that data "out there"? Maybe I'm just uncomfortable with people knowing the stuff in my head. Maybe I don't trust the police. Maybe I'm already a criminal and I just don't know it yet. For a country that stands on liberty we're doing a damn fine job of restricting it or removing it for the flimsiest of reasons these days. So, no. Call this civil disobedience if you like but it's become necessary now because I have no trust in the system anymore.
It's not just the assumptions that are invalid. Some of the statements presented as fact are also invalid.
For example:
The UK routinely issues warrants rubber-stamped by the Home Secretary, not a judge. I believe in the span of just one year Theresa May is supposed to have issued several THOUSAND warrants, so obviously it's not possible that each one was actually reviewed.
They're talking to companies that have been repeatedly served with "lawful judicial orders" from places like the FISA Court. Guess what? Google can't pick and choose which court orders it acts on depending on the quality of that court. It's all or nothing. If these prosecutors are pissed off that they suddenly lost access to people's smartphones they need to take a long hard look at what other sections of government have been doing to trigger this.
This statement may be technically true, but again, it's a useless thing to say. Whilst this article seems to focus on full disk encryption, other very similar op-eds have focused on the end to end encryption provided by iMessage and WhatsApp. The strategy of these products is obvious: encrypt everything. If governments can snarf it off the wire, they will, so encrypt that. And then if they are rejected at the wire but can get it physically from the device, they will, so encrypt that too.
By attacking one piece of the strategy in isolation whilst ignoring the other components, of course they can claim it'd not solve the problem. But so what?
They're writing the wrong op-ed. Instead of getting angry at tech companies for reacting to colossal abuses of power, they should be publicly calling for the heads of Keith Alexander and his friends. It's because some government agencies pissed in the well that the water is now polluted for all of them, even the "good ones" as they see themselves. If these agencies were severely crippled or abolished, the argument for rethinking features like smartphone FDE would suddenly get a lot stronger. But they aren't asking for that because they are just too weak to endanger their own careers by attacking politicians sacred cows.
when there is evidence that could solve multiple murders
Or maybe they're just saying that they think there is evidence but all they really want to do is go fishing. There have been unsolved crimes in the past, before cell phones existed. There have also been solved crimes in the past. Therefore a cell phone should not make the only difference when solving a case.
Seven puppies were harmed during the making of this post.
One has to wonder about the legitimate uses of full disk encryption, which can protect good people from harm, and them from having their privacy needlessly intruded upon.
Sorry, but this is basically an appeal to emotion. Backdooring crypto will make every civilian transaction less secure and would do nothing to coerce government to be more honorable. They've established quite the 'end justifies the means' track record of late. They are not the SS nor are they they the kgb, though it seems they want to be both.
What's worrying me is how quickly people are forgetting the lessons of the cold war, especially here in the US.
Even if he had proof that the murderer would be caught if they got into the phone, it wouldn't change anything. We could also prove that the murderer would be caught if every human was issued a body-cam and the penalty for not maintaining it properly was death. Just because something catches murderers doesn't mean it should be done.
"An Illinois state judge issued a warrant ordering Apple and Google to unlock the phones and share with authorities any data therein that could potentially solve the murder. Apple and Google replied, in essence, that they could not — because they did not know the user's passcode. The homicide remains unsolved. The killer remains at large."
They could probably solve even more cases if they had the ability to remotely decrypt and access the contents of everyone's cell phone. They could solve *even more* cases if they were able to search anyone's property without a warrant.
What if we just put everyone in prison. It'll be pretty hard for anyone to commit crimes from inside a jail cell.
I suppose it's easy for some people to fall into the mindset that crime prevention is the *only* thing that matters.
So you give copies of the keys to your house to the FBI, Sheriff's office, Constable, the US Marshals, the Highway Patrol, the Texas Rangers? Do you stop at the US Border? What about the Mounties? Interpol? The Hague?
If I have been able to see further than others, it is because I bought a pair of binoculars.
And even if we made the HUGE assumption that all law enforcement individuals would only ever use the back doors for legitimate investigative purposes, there's still a problem with built-in back doors. Namely, if you make a back door for Mr. Policeman, then Mr. Hacker will find a way to pretend he's a police officer and will get in. Not maybe. Not possibly. Will. It's like saying that everyone should leave the back door to their house unlocked but put up a sign that says "Only Police Allowed To Enter Here." That sign's not going to stop a bugler and neither will the "police only" nature of the back door stop hackers.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
It's almost like you missed the last ten years of the rise of the US surveillance state.
There are two types of people in the world: Those who crave closure
We need to curtail the government's intrusion, not make it bigger. 9/11 started a dangerous trend of fighting terrorism by shackling law-abiding citizens, bit by bit.
Because that was the real reason behind 9/11. The gummint tried to sell their bill-of-goods with the Oklahoma City "Terrorist Attack"; but Congress didn't bite. But they sure bit, and bit hard on 9/11.
Don't get me started... 2000+ pages of the USAPATRIOTACT supposedly written, proofread, and voted-on in less than two weeks?!? Yeahrightsure. I couldn't mash on the keyboard and get 2,000 pages of asdfjkl; typed in that much time!
They didn't have that all ready-to-go before those planes ever left the ground. No. Of course not...
GPS location based on cell towers, actual sms messages, phone calls to and from the phone and probably a bunch of other stuff that the cellco is only too happy to provide. I'm sorry if the police can't do their job without accessing the users actual private data (such as game scores and alternate non-cell tower gps, and iMessages and app data) but there's nothing to suggest that the encrypted data would hold anything useful. not every murder is a Robert Ludlum plot.
Now be careful because you've just shot yourself in the foot.
Even 200 years ago, I could have encrypted a letter or some records using a one-time pad that may physically exist, or that I may be able to derive using my mind only. The evidence you get is the encrypted stuff. You can do with it whatever you want. That has not changed at all - you can hack at it to your heart's content. Same on an encrypted phone: you certainly have access to the encrypted contents, who told you that you don't? The encrypted data is evidence. If you can decrypt it - great. If you can't - tough luck. I'm not going to incriminate myself by giving you keys to decrypt incriminatory information.
See? You're really silly.
A successful API design takes a mixture of software design and pedagogy.