Prosecutors Op-Ed: Phone Encryption Blocks Justice

New submitter DaDaDaaaaa writes: The New York Times features a joint op-ed piece by prosecutors from Manhattan, Paris, London and Spain, in which they decry the default use by Apple and Google of full disk encryption in their latest smartphone OSes (iOS 8 and Android Lollipop, respectively). They talk about the murder scene of a father of six, where an iPhone 6 and a Samsung Galaxy S6 Edge were found.

"An Illinois state judge issued a warrant ordering Apple and Google to unlock the phones and share with authorities any data therein that could potentially solve the murder. Apple and Google replied, in essence, that they could not — because they did not know the user's passcode. The homicide remains unsolved. The killer remains at large."

They make a case for lawmakers to force Apple and Google to include backdoors into their smartphone operating systems. One has to wonder about the legitimate uses of full disk encryption, which can protect good people from harm, and them from having their privacy needlessly intruded upon.

It's the base assumption that its invalid

[Art+Popp]

That if they knew what was on the phone they'd be able to nab the murderer.
You can leave a trail of blood all the way back to your Rockingham estate, and still get away with it.

There's significant (and mixed) legal precedent regarding someone being ordered to give a password that will decrypt data that will incriminate them. If the courts would not be entitled to this password from the phone's owner (due to Fifth amendment protections) then it's not quite just to claim they have a right to it prior to his/her capture.

This article seemed like a balanced view on the subject:
http://politicsandpolicy.org/a...

Re:It's the base assumption that its invalid

It has become necessary my friend. Until the abuses of the NSA are stopped we must strike back where we can.

Re:It's the base assumption that its invalid

[zuckie13]

And law enforcement (mainly federal) kept going after data on these devices without wanting to get a warrant, which is what led to the companies removing the ability for them to decrypt.

Re:It's the base assumption that its invalid

[Lunix+Nutcase]

This is getting ridiculous, when there is evidence that could solve multiple murders and they have it so locked down that even LEO cannot get at it.

How do you know what is on the phone would solve the murder?

That type of encryption is for the government, not for joe six-pack.

10/10. Excellent troll, good sir!

Re:It's the base assumption that its invalid

[spire3661]

People have the right to make unbreakable locks. I do not OWE my government a back door.

Re:It's the base assumption that its invalid

[johnwallace123]

Safes can be opened ... with a warrant.

Absolutely. However, I don't believe that anyone is compelled to divulge the combination to a safe; rather law enforcement hires someone to forcibly open the safe. If they can't open the safe without destroying the contents inside, that's just too bad.

There's no reason to make smartphones that can't be searched ... with a warrant.

You can absolutely search my encrypted smartphone with a warrant. How much information you'll get out of it without my key is debatable, but nobody gets to know my passwords (aka combination). If the police are able to crack the encryption, good for them. However, I'll continue to trust math to keep my secrets safe.

That type of encryption is for the government, not for joe six-pack.

The problem with that thinking is it leaves you open to spying from everyone, not just the government. Let's assume we allow some cryptosystem that has a back door / master key. To implement the system, you have to publish the specs which will be viewable to all (don't get me started on export control; it'll get out). Someone much smarter than you or I will realize the back door and exploit it to snoop on highly sensitive encrypted traffic... say online banking. Then joe six-pack gets a little pissed when he finds out that his bank account was raided and now he has no money. Oh, and since it was his password that was used to withdraw all that money, the bank won't be returning that money.

So, how does joe six-pack feel about broken encryption now?

Re:It's the base assumption that its invalid

Notwithstanding the argument is completely wide open. Okay, so I'm at a crime scene and I see a phone - I want to know everything that's on that phone, even if it's the wrong phone, and even if it contains sensitive pictures of someone's naked wife tied to a bed. No, I won't delete the pictures when I'm done. No, I don't see anything wrong with taking the pictures home if I think she's hot. Also, I see a gun safe over there - we should be able to open that. Also, I see a car over the street - we should be able to open that. I smell marijuana, let's open everything. Also, civil asset forfeiture...let's take everything that looks valuable and sell it for a slushy machine.

It's problems like these. We don't have any assurances what they do with this data once they got it. They make no assurances and we'll take what we please and we'll do it by force. What's that? I don't like the way you're looking at me, RESISTING ARREST! Oh I'm sorry I broke both your legs. No, we're not paying for medical attention. Oh, when did you lose those teeth? I don't remember punching you.

Maybe we just don't want all that data "out there"? Maybe I'm just uncomfortable with people knowing the stuff in my head. Maybe I don't trust the police. Maybe I'm already a criminal and I just don't know it yet. For a country that stands on liberty we're doing a damn fine job of restricting it or removing it for the flimsiest of reasons these days. So, no. Call this civil disobedience if you like but it's become necessary now because I have no trust in the system anymore.

Re:It's the base assumption that its invalid

[IamTheRealMike]

It's not just the assumptions that are invalid. Some of the statements presented as fact are also invalid.

For example:

For our investigators to conduct searches in any of our jurisdictions, a local judge or commissioner must decide whether good cause exists.

The UK routinely issues warrants rubber-stamped by the Home Secretary, not a judge. I believe in the span of just one year Theresa May is supposed to have issued several THOUSAND warrants, so obviously it's not possible that each one was actually reviewed.

we are not talking about violating civil liberties — we are talking about the ability to unlock phones pursuant to lawful, transparent judicial orders

They're talking to companies that have been repeatedly served with "lawful judicial orders" from places like the FISA Court. Guess what? Google can't pick and choose which court orders it acts on depending on the quality of that court. It's all or nothing. If these prosecutors are pissed off that they suddenly lost access to people's smartphones they need to take a long hard look at what other sections of government have been doing to trigger this.

The new Apple encryption would not have prevented the N.S.A.’s mass collection of phone-call data or the interception of telecommunications, as revealed by Mr. Snowden

This statement may be technically true, but again, it's a useless thing to say. Whilst this article seems to focus on full disk encryption, other very similar op-eds have focused on the end to end encryption provided by iMessage and WhatsApp. The strategy of these products is obvious: encrypt everything. If governments can snarf it off the wire, they will, so encrypt that. And then if they are rejected at the wire but can get it physically from the device, they will, so encrypt that too.

By attacking one piece of the strategy in isolation whilst ignoring the other components, of course they can claim it'd not solve the problem. But so what?

They're writing the wrong op-ed. Instead of getting angry at tech companies for reacting to colossal abuses of power, they should be publicly calling for the heads of Keith Alexander and his friends. It's because some government agencies pissed in the well that the water is now polluted for all of them, even the "good ones" as they see themselves. If these agencies were severely crippled or abolished, the argument for rethinking features like smartphone FDE would suddenly get a lot stronger. But they aren't asking for that because they are just too weak to endanger their own careers by attacking politicians sacred cows.

Re:It's the base assumption that its invalid

[epyT-R]

One has to wonder about the legitimate uses of full disk encryption, which can protect good people from harm, and them from having their privacy needlessly intruded upon.

Sorry, but this is basically an appeal to emotion. Backdooring crypto will make every civilian transaction less secure and would do nothing to coerce government to be more honorable. They've established quite the 'end justifies the means' track record of late. They are not the SS nor are they they the kgb, though it seems they want to be both.

What's worrying me is how quickly people are forgetting the lessons of the cold war, especially here in the US.

Re:It's the base assumption that its invalid

[Qzukk]

So you give copies of the keys to your house to the FBI, Sheriff's office, Constable, the US Marshals, the Highway Patrol, the Texas Rangers? Do you stop at the US Border? What about the Mounties? Interpol? The Hague?

Re:It's the base assumption that its invalid

[Jason+Levine]

And even if we made the HUGE assumption that all law enforcement individuals would only ever use the back doors for legitimate investigative purposes, there's still a problem with built-in back doors. Namely, if you make a back door for Mr. Policeman, then Mr. Hacker will find a way to pretend he's a police officer and will get in. Not maybe. Not possibly. Will. It's like saying that everyone should leave the back door to their house unlocked but put up a sign that says "Only Police Allowed To Enter Here." That sign's not going to stop a bugler and neither will the "police only" nature of the back door stop hackers.

Re:It's the base assumption that its invalid

[NatasRevol]

It's almost like you missed the last ten years of the rise of the US surveillance state.

Re:It's the base assumption that its invalid

[tibit]

Now be careful because you've just shot yourself in the foot.

Even 200 years ago, I could have encrypted a letter or some records using a one-time pad that may physically exist, or that I may be able to derive using my mind only. The evidence you get is the encrypted stuff. You can do with it whatever you want. That has not changed at all - you can hack at it to your heart's content. Same on an encrypted phone: you certainly have access to the encrypted contents, who told you that you don't? The encrypted data is evidence. If you can decrypt it - great. If you can't - tough luck. I'm not going to incriminate myself by giving you keys to decrypt incriminatory information.

See? You're really silly.

Phones aren't used in a vacuum

[TWX]

Phones are used to communicate. How about identifying the carrier, going to the carrier with a subpoena for the ownership information and communications logs, and go from there?

Evidence

There is no proof there is any evidence on the phones.

HOWEVER, there is a ton of evidence that authorities will abuse their legal authority and spy on innocent people.

Whats next, getting rid of trials because the law knows that some guilty people have been found innocent, and the few innocent who have been found guilt are just collateral damage.

How did they solve crimes before Smart phones??

[dav1dc]

I find it hard to believe that invasive access to a smart phone is the only way to solve a crime, murder 1 or otherwise.

Re:How did they solve crimes before Smart phones??

[gstoddart]

It's like "won't someone think of the children" or "because terrorism".

They want to present a bogeyman argument which says "if we can't spy on everything people do there will be unsolved murders, child porn, and terrorists" and make it out like only people in favor of those things would oppose outlawing encrypted phones.

Any US prosecutor who wants that is a clueless idiot with no concept of the 4th amendment, and should be disbarred and charged criminally -- or simply shot.

Because he doesn't give a damn about the law.

Governments and law enforcement want a police/surveillance state so they can do anything they want. But it's time to tell them we don't trust them, and don't wish to live in that kind of world.

This shit is fundamentally incompatible with a free society.

Give me your fucking papers, comrade.

Freedom sometimes hinders justice: deal with it

[ravenscar]

Lots of things "hinder" justice. The fact that we don't all wear trackers that inform the government of where we are at all times hinders justice. The fact that all financial transactions aren't conducted electronically hinders justice. The fact I can go wherever I want without first obtaining permission from the government hinders justice.

The fact that I don't have to submit to those intrusions is part of my freedom. I appreciate my freedom and am willing to forgo or more efficient justice system in order to maintain my freedom - especially given the fact that once freedom is sufficiently curtailed those doing the curtailing tend to lose their concern for justice.

Blame the NSA

[nine-times]

I think I might have some small sympathy for the idea that law enforcement should have some recourse to access the contents of a cell phone, provided they first get a warrant. However, in light of what we've learned about the NSA spying, I don't see how anyone could trust that such a back door won't be abused. Really, building any kind of backdoor is a serious security risk, since any backdoor that the "good guys" can use also carries a risk that the "bad guys" will discover it. But beyond all the normal security risks, we now know that our this kind of access has been abused by various forms of law enforcement in ways that are ethically questionable if not illegal.

So... sorry. You no longer deserve the benefit of the doubt. If you wanted our good faith, you shouldn't have secretly abused the system.

Re:It's the base assumption that is invalid

Encryption, in and of itself, is for everyone. The government is neither entitled to better encryption than Joe Sixpack, nor is the government entitled to backdoors that can be used by criminals to break in as soon as they're known...which, given the black-hat hacker community, won't take very long.
If the government *gets a warrant*, they can coerce the owner of the phone to unlock it for use as evidence. As it is, "stingrays" and NSA taps on our communications allow the government to intercept private communications *without* a warrant.
If we're not allowed to encrypt our phones, tablets, and hard drives because it makes it harder for law enforcement, then pretty soon it will be illegal to own front doors that can't be knocked down with a LEO battering ram, or locks that can't be opened by LEO at the push of a button...and criminals will soon have the button (hackers have already broken the security of garage door openers, wireless car starters, and hacked into car control systems; I suppose you say that we can't put better encryption on *those* because of LEO?)
We need to curtail the government's intrusion, not make it bigger. 9/11 started a dangerous trend of fighting terrorism by shackling law-abiding citizens, bit by bit.

Same logic says fingerprints and DNA for all

[gurps_npc]

The lack of a state record of every single fingerprint, DNA sample, iris picture, etc. foil more crimes than the lack of a back door on secure phones. Similarly, the lack of cameras inside people's homes foils more crimes than the proposed phone back door.

Security and privacy are opposites. The more we have of one, the less we have of the other. Any mother tempted to look inside their teenager's diary knows this.

The question is not and never has been, could we obtain more security by giving up some privacy.

Instead the question is, what issues are so substantial that an invasion of privacy is required - and how large an invasion would that be.

The proposed invasion of privacy - a back door in every single phones - where like it or not, people keep nude photos, sexy text messages, GPS data, contact information, etc. etc. is HUGE. The proposed security enhancement is minor.

It Doesn't Matter

[Jaime2]

Even if he had proof that the murderer would be caught if they got into the phone, it wouldn't change anything. We could also prove that the murderer would be caught if every human was issued a body-cam and the penalty for not maintaining it properly was death. Just because something catches murderers doesn't mean it should be done.

Re:It Doesn't Matter

[93+Escort+Wagon]

There's also a good chance that there is nothing on these phones leading to the murderer.

You're ignoring the Muderers' Code of Conduct (MCC).

The MCC obliges someone about to commit murder to pose for a picture taken by the intended victim, if said victim requests it prior to completion of the murder.