Slashdot Mirror
NY Bill Would Force Decryption of Smartphones On Demand (onthewire.io)
Trailrunner7 sends word about New York Assemblyman Matthew Titone's bill that forbids the sale of smartphones that can't be cracked by their manufacturers. On the Wire reports: "A bill that is making its way through the New York state assembly would require that smartphone manufacturers build mechanisms into the devices that would allow the companies to decrypt or unlock them on demand from law enforcement. The New York bill is the latest entry in a long-running debate between privacy advocates and security experts on one side and law enforcement agencies and many politicians on the other. The revelations of the last few years about widespread government surveillance, especially that involving cell phones and email systems, has spurred device manufacturers to increase the use of encryption. New Apple iPhones now are encrypted by default, as are some Android devices. Apple, Google, and the other major manufacturers have said that user privacy and security is their main concern. The bill that is now in committee in the New York State Assembly makes no equivocation about what it is designed to do. 'Any smartphone that is manufactured on or after January First, Two Thousand Sixteen, and sold or leased in New York, shall be capable of being decrypted and unlocked by its manufacturer or its operating system provider,' the bill says."
Matthew Titone is a useful idiot.
Just stop selling phones in New York, and sell them in every where else. Make consumers order them via Amazon.
Any smartphone that is manufactured on or after January First, Two Thousand Sixteen, and sold or leased in New York
So it looks like it will be an ex post facto law then.
Time to offend someone
I cannot even put into words how much this saddens me.
Born and raised until 13 in upstate New York.
Beautiful part of the country, the Catskills and Finger Lakes and St. Lawrence seaway....
but this......
NY is still part of America, and I know its all been slowly slipping away....
Its mine......there are many like it but this one is mine......
If this passes, I'll never enter NY state again
If you want to see an entire political organization lose their seats, refuse to sell compliant phones.
Can you imagine what would happen to NY's political apparatus after telling their constituents that they cannot buy an iPhone/Pad/Pod or Google Android device anymore? Next election would be more than fun.
Must it also be sprinkled with unicorn dust? Talking about "legal fiction"! Just because they pass a law which says secure phones must be decryptable, does not make it possible for phones to be secure and decryptable. All other issues aside, encryption which is breakable is security through obscurity. And security through obscurity, in a commercial context, is at most safe until the first disgruntled employee. In reality it's even less safe than that because of possible accidental discovery of vulnerabilities.
Any guest worker system is indistinguishable from indentured servitude.
Expect to see disclaimers on smart-phones that they are not for sale in NY.
[Insert pithy quote here]
Once again, New York proving that it belongs in North Korea rather than the United States.
I wonder how popular this politician will be when he realizes that this will ban the purchase of iPhones in the state of New York.
...it will just take a while.
...manufactured on or after January First, Two Thousand Sixteen, and sold or leased in New York, shall be capable of being decrypted and unlocked by its manufacturer...
Doesn't this part make the bill an illegal retroactive law, since "January First, Two Thousand Sixteen" was almost 2 weeks ago?
You'd think the first round of the Crypto Wars would have taught the panopticon advocates their lesson. And it's not like they don't have more than enough access now anyway. But the public is even less likely to support surveillance now, particularly this sort of "we're want to spy on YOU" surveillance.
captcha: browbeat
how the politicians feel about this when some 14 year old hacker gets into one of their phones through a manufacturer backdoor and posts EVERYTHING on the net for all to see.
Generally speaking I think if people don't know what they are talking about, they shouldn't say anything at all, this is especially true for politicians!
China would be so proud.
I looked him, called his office, and left a message reminding him that the 4th Amendment is the law of the land. I reckon a couple thousand more calls from people all over the country might make him see the error of his ways.
End-user encryption. If I make my own, it doesn't have to be particularly good, it just needs to be custom enough that "The Man" doesn't have a script-kiddie one-size-fits-all tool belt that can crack it. My shit is private, but I'm not doing anything that would make them spend big $$$ on figuring it out. Without my password, they are SOL. Oh, gee, my memory isn't so good either. Perhaps my lawyer can help me remember it?
On the one hand you take life too seriously, and on the other, you do not take playful existence seriously enough. Seth
to go to NJ to buy their phones.
Interesting, but maybe a bit short sighted.
Fuck it. Apple and Google should just accept market share loss and tell NY to go fuck itself. Maybe then the locals would complain and and fight to have the bill abolished. Just accept the fact that money is a casualty of this war (for privacy) and that it's all part of the deal.
Life is not for the lazy.
There value of old smartphones will go up if the bill passes.
Corporate & business users who want safe communications will seek out those old phones.
What's this? The post says, "The revelations of the last few years about widespread government surveillance, especially that involving cell phones and email systems, has spurred device manufacturers to increase the use of encryption."
Really? THAT'S why we increase the use of encryption? POLITICS? I wonder if the Mr. Fisher believes that as a fact, or is just writing copy.
Cloudiot: A person who does not see offsite storage as a way to lose control over access to his or her own data.
I would assume that the manufacturer only has to be able to decrypt the phone AT SALE TIME.
In other words, it would prevent encryption from being setup default when the phone arrived, but once the consumer has the phone they could immediately initiate PRIVACY MODE.
To me, this would just be annoying, and would be a step which the less technical might miss (which is why it is better by default), but would be similar to the situation where totally-free Linux distros still let you download Flash, dvd decryption, etc even though they can't include the items *directly*.
Or similar to Prohibition-era products which warned you "Do not add water to this otherwise you will make beer" (at least in NY)
If I had access to the backdoor, I could sell it, for more money than I would make in my entire career, by orders of magnitude. Repeatedly.
Why would I not sell it? How could they ever catch me?
If passed, New York Assemblyman Matthew Titone's smartphone should be the first phone to be unlocked and decrypted on demand for the whole world to see (LIVE on CNN).
"New York Assemblyman Matthew Titone"
Let's see, no "R", "Republican", etc., so I guess we know which one it is.
Do you have ESP?
If it goes after the manufacturers of the phones, then this bill will have absolutely no clout. Can you name a single smartphone that is made in the US? No, neither can anyone else. They'll never be able to enforce this bill on the Chinese and Korean manufacturers, it could just as well demand that the CEOs all release the phone numbers of their mistresses in their next press releases.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Here's the instructions for decrypting:
Try all keys.
Regulatory requirement fulfilled.
Buy your cell phones from Amazon and have them shipped by drone from NJ to NY.
Problem solved.
-- Tigger warning: This post may contain tiggers! --
That's easy, all they have to do is legislate that smart phone manufacturers must also make them jailbreak proof. I expect that'll be the next step.
Between this and the SAFE act NY has turned into a group of paranoid and fearful people willing to stamp out rights for some perceived security.
It makes no difference - if you outlaw guns and encryption, only outlaws will have them - and you will be even less secure than before.
I thought Congress gave exclusive authority to regulate the communications spectrum and communications devices to the FCC. States have been trying to regulate some apps, but this bill mentions 'devices'.
If your keys are between your ears, the 5th amendment protects you from "witnessing against yourself". You simply need to shut up and invoke the protections of the 5th amendment when asked for your encryption keys.
So, from now on all cell phones in NY are free, not sold or leased, and are not subject to the law as worded.
Of course, cell phone plans will go up to $100 per month/line, but you can get a small discount by selecting a formerly expensive phone, or a larger discount by selecting a formerly cheap phone. Oh, and don't forget more heinous early termination fees...
I wonder if companies would willingly pull their products off the shelves, sit back, and wait with crossed arms. Would Apple release the newest iPhone everywhere but New York just to watch voters squirm and demand it be fixed? Samsung and Galaxy whatever? Or would they cave just because it's a huge market?
I doubt they have the true resolve to follow through.
Thats the equivalent of what they are asking for in the world of physical security, and slightly less secure than a zip tie.
Presumably, this is a first step.... advocates of the bill will be pushing for nation-wide legislation, while also make them illegal to import.
File under 'M' for 'Manic ranting'
I eagerly await all manufacturers to not provide waivers to government or LE officials.
I'm thinking the law would last about three days if the manufacturers didn't ship backdoored phones, meaning it would be illegal to sell a modern smartphone in NYC. Every customer wanting to buy a phone would be told:
The city council made it illegal to sell modern smartphones in NYC. If you want to complain, here are the phone numbers of the council members you can call.
Ten thousand complaint calls per day should get the council's attention pretty damn fast.
If this passes, I'll never enter NY state again
Just don't buy, order while in, or take delivery of, a phone there. Get your non-backdoored phone with all aspects of the transaction occurring out-of-state. Let "The Invisible Hand" slap them up alongside the head when it comes time to collect sales taxes. B-)
If they try make non-backdoored phones contraband (like drugs or untaxed cigarettes), THEN don't set foot there anymore.
(Of course not setting foot there - or, more importantly, spending any money there or with companies based there - will also help to get the message across. B-) )
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
And here I thought that the standard was "If a technology has a substantial legal use, it's considered legal even if some people use it for illegal purposes."
I look forward to the ban on automobiles. After all, "even though cars may help some people get around, they are used by some criminals to outrun police pursuing them on foot and thus the criminals will act with impunity."
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
Let "The Invisible Hand" slap them up alongside the head when it comes time to collect sales taxes. B-)
They'll want use tax for that. Doesn't mean they'll get it or have a good way to enforce it, but it doesn't strictly exempt you from tax: https://www.tax.ny.gov/pubs_an...
On the other hand, you get to credit any sales tax paid in the other state against your use tax owed. So they won't get much anyway.
Just enumerating the possible keys, let alone apply them to see if something intelligible appears, with sufficiently advanced quantum computers, would take more than just the total resources of the Solar System.
Actually, the whole POINT of quantum computers is that "enumerating" them all only takes one pass - because the computation does them all simultaneously, with only the "right answer" surviving the wave function collapse when the computation is complete and you read the result.
It's non-quantum computers where a large key space maps into "the program is still running at the heat-death of the universe".
However, the algorithm of the AES-256 is complex enough that it would take a VERY advanced quantum computer to manipulate the qbits through the necessary transitions (without losing the result to noise). So I don't think we need to sweat that for a while. B-)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Only lawmakers will have iPhones...?
Are they required to have easy ways to open them also?
4th Amendment: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Perhaps, as an American I would rather die than comply, rather than give up my rights.
https://www.youtube.com/c/BrendaEM
So all they need to do is ship all the phones with a preprogrammed private key, this way its decryptable when its sold. Then give the user the option to generate a new key during the setup process. Still secure and does not violate the text of the "law".
It sold books, it'll sell phones.
https://en.wikipedia.org/wiki/...
If the bill does not have an abuse of authority clause it is an opportunity for
reckless abuse at multiple levels.
All of these side doors, secret court orders and other paranoia driven legislation
lack a sturdy counterbalance to keep their use legal.
Sailing ships have a keel often tons of lead or in the old days layers of ballast
rock at the lowest level of the hold. Without the counterbalance sailing ships
are too easy to blow over and the same is true for laws. Without counterbalancing
legislation to deter abuse the bad guys win.
Drug laws come to mind... 10-20 years for possession is not counterbalanced
with a 40-80 year penalty for planting false evidence on someone to make a quota
or a simple abuse of power comes to mind.
Without counterbalance in the law there is no push back that allows or encourages
abuse.
My personal worry about pervasive surveillance is the ease of generating "parallel constructions"
that prove a crime. https://en.wikipedia.org/wiki/... These abuses nulify
laws that exclude evidence from the poison tree. Worse juries now demand air tight
presentations from prosecutors.
Jury instructions should begin with a disclosure. You will be told stories by master storytellers
on both the prosecution and defense. If you do not have the ability or at least the inclination
to sort out facts from fiction as presented by master storytellers you may not be able to serve
with a clear conscience. The expectations of the CSI effect and the storyteller effect supported
by parallel constructions makes justice seriously difficult but not impossible.
I listened to the findings of one of the internet famous cop vs. toy gun findings.
In the presentation it was stated that the office could expect a weapon to be fired
against him in 1/3 of a second and thus the policy is to fire first and not die.
I looked and 1/3 of a second is a number associated with a seriously trained individual.
I looked at the video multiple times and it is clear the officers were reckless in the way
they drove up, exited their squad car and killed the individual inside of 2-5 seconds of
arriving.
My 2-5 second viewing of the tape is that this was an execution. Procedure for a
code "priority 1" clearly is code for a process indistinguishable from an execution order.
I looked at it again and again... vastly more than the seconds the officers took to decide
to execute the individual and it is still clear that the officers arrived with an intent
to kill the individual.
Judge... caller made a judgement that there was a problem called 911.
Jury... dispatcher ruled this a "priority 1" withheld "might be a kid with a toy"
Executioner... officer arrives and kills the kid inside of seconds.
The only way the officer is off a hook is for the authors and signators of the
department policy to be placed under arrest and prosecuted for murder.
We did execute war crime criminals for following orders so perhaps a different hook.
Departmental policy and training cannot violate the law.
Loss of standing under the law cannot be eliminated by a policy change (IMO).
Truth is stranger than fiction, but it is because Fiction is obliged to stick to possibilities; Truth isn't. Mark Twain.
Most people except old people don't know of CB radios. You can use CB for communications without concern others monitoring your conversations since many don't know it exists (yes security through obscurity has it's issues), and there is no texting, contacts, and location info database that can be mined for later nefarious purposes. You can DF the signals but then most are clueless about RF below 800 MHz. Downside is antennas are big and clunky, gets lots of RFI, fidelity is not so great, propagation is limited.
mfwright@batnet.com
That won't stop them, maybe they figure since Wall St is in NYC then they trump federal laws.
mfwright@batnet.com
“The fact is that, although the new software may enhance privacy for some users, it severely hampers law enforcement’s ability to aid victims. All of the evidence contained in smartphones and similar devices will be lost to law enforcement, so long as the criminals take the precaution of protecting their devices with passcodes. Of course they will do so. Simply stated, passcode-protected devices render lawful court orders meaningless and encourage criminals to act with impunity.”
Lawful requests are not automatically meaningful -- fetch me the moon, explain love, find the last digit of pi, relocate this unmovable rock... You can always ask, you can punish those who resist the order, but in the end you either need to learn to accept failure, or think twice before asking for the impossible.
The argument is that at some point, law enforcement or a court might want some piece of information, but face embarrassment when naively requesting that which is inaccessible? Cry me a river! Just because information "exists", or is believed to exist, it does not necessarily follow that it should be possible (nor easy) for a judge or detective to fetch it.
A judge may someday want to know where I was, yesterday at 3:14am. Does that mean it would make sense to require me to keep a sufficiently precise diary, or wear an ankle monitor, just to enable that possible future discovery request, so the poor slob doesn't have to face disappointment? Law enforcement has always been a cat-and-mouse game, where it's expected you won't be able to get information the easy way; bills requiring it to be easy won't change that.
Bill Nye is great. But, his evil doppleganger from the 25th century, NY Bill, sounds fucking horrible.
Would this pass muster under challenge regarding the interstate commerce clause? Can New York restrict what phones are allowed for a manufacturer in a different state to sell in its state, based on these reasons?
I imagine this bill would fail for a number of reasons, before and after legislative passage...
Apple can easily read the contents of any iPhone, iPod or iPad. The user just has to enter their passcode.
The Bill should have another clause that sets pi = 3.2 exactly and e = 2.7 exactly.
Encryption is just applying mathematical functions to strings of numbers. As long as pi and e are irrational and transcendental, no universally applicable "backdoor" can exist.
The solution is for the legislature of New York to declare that pi = 3.2 exactly and e = 2.7 exactly.
In the land of the blind, the one-eyed man is king.
I wonder if there is a legitimate law suit against phone manufacturers (or any manufacturer for that matter) that produces a product that says it has encryption but has a back door knowingly built into it. Wouldn't that be false advertising? Its not really encryption anymore. Its a sieve that leaks information to ANYONE that has the key to the back door, law enforcement or not.
When the only tool you have is a claw hammer every problem starts to look like the back of someone's skull.
You can't teach a moron anything. Stop trying.
Let's say this thing passes. First of all, fuck anyone who votes for it. But that aside, all that has to happen is Apple alone has to say "ok, fine, no iPhones can be sold in NY." Shut down the Apple store there.
I'd bet this bill is reversed inside a week.
I don't mean to put it all on Apple of course, but it really only takes them. If the Samsung's and HTCs and LG's of the world do it too then that's even better. But it really just takes Apple.
Sure, they'd lose some income, but like I said, I'd bet good money it's so brief a period they don't even notice the loss. People would be ALL OVER the pricks that pushed for that shit they'd have no choice but to undo it quickly.
If a pion (n-) collides with a proton in the woods & noone is there to hear it, does lamdba decay into the source pa
then, using that logic how are copyright laws able to apply to works published before the extension?
Then I wondered how many other people visit New York State each year, and came up with this
That's potentially millions of people who would be breaking the law just by visiting New York (and yes I know the figures are for New York City, not the State, the point's the same).
The whole idea is a really weird one. Too stupid to even get traction surely?
With current encryption techniques, nope. And here's the kicker. Let's say it's theoretically possible to do that. Say like master locks. Any bad actor can buy a copy of the phone. They can then do a brute force attack to get a key that will unlock all phones. In theory, it's computationally expensive.
Now imagine someone writes a script that tells them whenever someone accidentally uploads their aws keys into an open source repo in GitHub, and then uses that to spin up a bunch of VPS's. That's a bunch of free computation power. This scam has been used to generate bitcoins. How much do you think people will pay for a key that unlocks every Android phone in the state of New York?
Or here's a simpler one... Bribe or blackmail someone who has access to the master key. It could just be someone in IT with admin access. Or a janitor who can access any room.
it's just that in some cases it takes a very, very long time.
"In 2016, the crime rate in the United States rises four hundred percent. The once great city of New York becomes the one maximum security prison for the entire country. A fifty-foot containment wall is erected along the New Jersey shoreline, across the Harlem River, and down along the Brooklyn shoreline. It completely surrounds Manhattan Island. All bridges and waterways are mined. The United States Police Force, like an army, is encamped around the island. There are no guards inside the prison, only prisoners and the worlds they have made. The rules are simple: once you go in, you don't buy an iPhone."
I always wondered what it would sound like if 20 million New Yorkers all suddenly went to New Jersey to buy a phone at once?
by Mike Buddha -- Someday the mountain might get him, but the law never will.
If the Supreme Court has held in Riley v. California that a much less intrusive law is unconstitutional, then shouldn't their reasoning apply here? If the requirement for obtaining any private information held in a phone is a search warrant, and an owner can be compelled to provide access when that search warrant is presented, then just do that. The most likely application of this proposed law is a way to avoid obtaining a search warrant. And wouldn't any argument that timeliness of access is important require probable cause, which, again, the likely application of this law would not have?
To be honest, no matter how much they claim the inability to break or bypass smartphone encryption, I can't bring myself to believe it.
All this posturing and publicity designed to push the idea that they're currently incapable of obtaining the contents of any targeted phone is very likely just bullshit.
I treat my phone as if it is fully compromised. No apps loaded, never log into any website that requires a login, don't check email with it. If I ever snap, you can be sure my Evil Plan won't reside on my phone. . . lol
No matter how much Apple / Google or even the Government claim otherwise, I will never put enough trust into their products to use them as they are intended.
My next phone will very likely be a simple flip phone. Dumb as a rock and does one thing: makes calls.
OK, buy your backdoored phone. Then install my encryption/locking app for $1.
Your key, your secret, NY's problem. I can already count my MILLION$.
What's to stop people from going to another state, buying a cell phone, and then coming back to NY?
Nothing, but very, very few New Yorkers will do that. Most NYers like authoritarianism, and like having combat troops stationed around their city.
As soon as the first (legal) wire taps started yielding results, police have gotten lazier and increasingly addicted to doughnut-friendly investigation techniques.
Technology has caught up, plugged the phreaking and now wiretapping holes. Lazy investigators should be following suspects, working leads, and building cases, not whining about the technology.
Bad guys aren't caught by peppering the entire world with script kiddie cracking vulnerabilities.
Do your job.
Well, I guess New Yorkers will just have to go to Jersey to buy any smartphone, then. NYC is a big market, sure, but I'm doubtful that Apple would really bow to this, especially for just one state.
Examine even your most deeply held beliefs. Nobody is always right.
This shit will not end until there are politicians hanging from every streetlight and the gutters are filled with the bodies of the police.