Slashdot Mirror
FBI Couldn't Access Nearly 7,000 Devices Because of Encryption (foxbusiness.com)
Michael Balsamo, writing for Associated Press: The FBI hasn't been able to retrieve data from more than half of the mobile devices it tried to access in less than a year, FBI Director Christopher Wray said Sunday, turning up the heat on a debate between technology companies and law enforcement officials trying to recover encrypted communications. In the first 11 months of the fiscal year, federal agents were unable to access the content of more than 6,900 mobile devices, Wray said in a speech at the International Association of Chiefs of Police conference in Philadelphia. "To put it mildly, this is a huge, huge problem," Wray said. "It impacts investigations across the board -- narcotics, human trafficking, counterterrorism, counterintelligence, gangs, organized crime, child exploitation." The FBI and other law enforcement officials have long complained about being unable to unlock and recover evidence from cellphones and other devices seized from suspects even if they have a warrant, while technology companies have insisted they must protect customers' digital privacy.
apples new face unlock will make it easy!
Or, they're saying that they can't access these devices to lull criminals into a false sense of complacency.
Proud neuron in the Slashdot hivemind since 2002.
Encryption works as designed.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
On how many of those devices did they have a warrant to even try to access them?
I think we've pushed this "anyone can grow up to be president" thing too far.
The FBI can't beat confessions out of thousands and thousands of suspects, making it harder to get convictions from criminals hiding critical evidence in their encrypted (non-cleartext) brains.
Sorry, but some sacrifices are needed to keep democracies from becoming police states. Especially when it is always the police asking for more an more power over citizens they are supposed to protect.
Does anyone have a list of devices the FBI can't decrypt? I'd like to make sure my next phone is one on the list, but I'm not sure which Android devices pass that test.
Basically they got greedy. They wanted dragnet-like capabilities, and they were like "well fuck these civilians". They went too far, and now found out about that Dutch saying that says: "trust arrives walking, and departs on horseback".
And now nobody trusts these three letter agencies anymore. And now they're whining like toddlers, saying "this is a huge, huge problem" when in fact they created the problem themselves.
8 of 13 people found this answer helpful. Did you?
I wonder how the FBI scored prosecutions before mobile devices were invented? I guess they must not have solved any crimes at all?
I understand the need for law enforcement, but I also understand the need for personal privacy and sanctity of one's personal property (home, things, so on).
I understand if I drop a cigarette or cigar butt or even a soda cap that it might have my DNA or fingerprints on it. I know that my cell phone might radiate identifying information about me.
My point is this:
The line between what the government can legally pry into and what requires a search warrant has always been and will forever be "blurry" in the USA.
I would rather the laws err on being more cautious and protective of people's rights rather than making everyone's life an open book for law enforcement.
Ok. Some /. snark is going to come along and say, "Think about the children?" or the "Think about those slave of human-trafficing".
Yeah, I get that and all, but would you rather be considered "guilty before being proven innocent"? Seriously think about that. Thrown into jail without a phone call or chance to contact anyone outside to fight on your behalf. In some countries that is called "disappearing people" and those people are never seen or heard from again. Do you really want that fate hanging over your head for the slightest infraction? It can't get that serious you say? Think again, history has proven to all of us that human beings can be exceptionally cruel and uncaring towards other human beings.
So you snark and say on /. "Well I am not a human being." Ok. In that case you would not mind if someone squeezed off a few clips at you and killed you? It would probably be legal to do so if you can claim and prove you are not a human being.
All I want anyone in the USA to really really carefully consider is this:
Be very very careful of the rights that you give up to your government because you might not get them back for a long long time, if ever. And then if you do get any rights back, it may only happen after major revolutions within the country that tear it apart and leave it on "the slag heap of history".
And then where are you and your rights??
To put it mildly, this is a huge, huge problem,"
Hey, FBI?
No, it isn't, but do you remember this? The absolutely massive violations of the 4th amendment by the USGov? THAT is a "huge, huge problem". The intrusion into the personal life of billions of ordinary, peaceful, law abiding citizens around the world (not just in the USofA). No-warrant, mass surveillance, like we used to blame the USSR and GDR for.
You violated the spirit and the letter of the law on such a scale that the world pushed back. You were given our trust, and you violated it. Not just here and there, exceptionally. No, you violated it systemically and constantly, for decades. And you are still doing so. No one who violated those laws has seen their day in court, a single day in prison, a single dollar of fine. You turned yourselves into a surveillance state.
So yes, we are pushing back and we will KEEP pushing back, harder than ever. We will reclaim the rights you stole from us, with or without your permission. Because that's how things work in a free society - something you wouldn't understand.
Sincerely,
The rest of us who aren't tyrannical fucks.
*points finger* Ha ha!
FBI confirmed for whiny crybabies who want to be spoonfed everything instead of doing the jobs they were hired to do.
Let's face the facts. There can only be two choices when it comes to encryption: Ban ALL encryption for consumer devices (which would be a gigantic leap backwards and create a massive security issue for everyone) or leave encryption alone. Compromising encryption algorithms IS A NON-STARTER.
Of course if they banned encrytion, then of course the rich, and politicians would still manage to have it, as would EVERY SINGLE CRIMINAL AND TERRORIST with the means and wherewithal to find and use it, so banning encryption is also a NON-STARTER. The Djinn is already out of the bottle, we do not have time travel machines, you can't go back in time and prevent encryption from being invented, fucking DEAL WITH IT, LAW ENFORCEMENT!
Do you use bold and all-caps because you only want me to read those bits, or is it because you want me to read those bits more intensely than the non-bold-or-all-caps bits?
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
You're preaching to the choir, and our so-called 'law enforcement' doesn't care about little trifles like facts and logic and reason, they just want total and complete control over every citizen at all times, and FUCK THE CONSTITUTION. Also it's not like this hasn't been the problem with any law enforcement since such a thing was ever invented, law enforcement attracts a certain mindset that wants power over people, and the ability to bully them into doing whatever they're told, right or wrong, good or bad, fair or not, with utter impunity. There are some police who are fair and reasonable but they're few and far between, and once the more typical types rise to power within their respective organizations, the ones who are most like them feel free to stop hiding who they really are. Also doesn't help that the law enforcement lifestyle attracts extremists like white supremacists and neo-nazis/neo-nazi sympathizers and other types of racists and bigots. That's why we have checks and balances built into law enforcement, to keep them from running rampant. Lately they're being encouraged from various quarters to feel free to do as they please, therefore we see the problems we're having today. As usual we need to institute reforms (again) and weed out the worst of them (again) to show that The People are what count here and who (should) have the real power in this country, not jackbooted thugs with guns and badges.
If I were the FBI, I'd keep the actual cell phone of a suspect, but give them back an identical looking cell phone. It wouldn't have their original data on it, but instead a key logger, which would keylog the password once the phone is booted up and then send it on to FBI HQ.
People have a right to privacy and encryption is important to allow them to retain that right. I don't agree though that any law against it would be ineffective. For a start encryption would disappear from most consumer products and the encryption that remained would eventually be easier to detect. I think that, were it outlawed, the total amount of crypto would reduce.
Anyone caught using crypto illegally (whether is can be unencrypted or not) would stand to be be arrested and stopped from committing crime on that basis, at least it gives them one more charge to face, after all prison is prison no matter what got you there (ask Al Capone).
The rich being above the law might be a more difficult issue, it would depend on the penalties for getting caught, 1% of net worth would be quite a sting, as would adding 50% to the jail sentence of any other crime being committed.
So no, crypto should not be outlawed, but yes, if it were banned the ban could be effective, what's with all you people saying laws don't work ?
Nullius in verba
There's a handful of law enforcement people who want backdoors. Everyone else says no. You need a few more participants on the other side before it qualifies as a 'debate'.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
You're right. I usually traffic my drugghumans with pickup trucks.
If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
> Let's face the facts. There can only be two choices when it comes to encryption: Ban ALL encryption for consumer devices ... or leave encryption alone. Compromising encryption algorithms IS A NON-STARTER.
Non techies don't think this way though. They are forever convinced that they can do this, or that they can claim they aren't doing this while actually doing this. The belief in backdoored encryption seems pervasive, because we have people clamoring for it constantly.
When the govenrment is working for the people to strengthen the products they use, the people are more willing to go along with its recommendations. And to trust it when it says it needs a backdoor and will only use it with a warrant in cases of criminal or national security importance.
But the last two decades has seen multiple revelations that the government is working against the people - violating the 4th Amendment under the veil of secrecy. When the public gets a whiff of that, they start to distrust the government. Not only do they refuse to put in backdoors, they start implementing security measures that even they cannot bypass if they lose the key. "Just to be on the safe side."
The U.S. government has nobody to blame but themselves for letting things to get to this point. Once you lose the people's trust, the people stop going out of their way to make things easier for the government, and in fact will start doing things to make things harder for the government.
Incidentally, that was a PR snowjob by Apple. The cell phone in that case didn't belong to the terrorists. It actually belonged to the San Bernardino County government. It was assigned to one of the terrorists as a work phone. Apple was basically arguing that they should not be compelled to give the owner of a phone access to information on the phone in the case of a (potential) dire emergency. If you follow through on their argument, employers would not have access to company phones they provided to employees, parents would not have access to phones they bought for their kids, you could not authorize police to pull GPS data from a phone you lent to a friend when they went hiking and got lost. It's an argument which weakens the concept of ownership (right of the owner to know what their property is being used for, vs the user's right to privacy).
Face ID can't be tricked by showing it an image, not even a 3D image, because it doesn't work using optical imaging.
> Apple was basically arguing that they should not be compelled to give the owner of a phone access to information on the phone in the case of a (potential) dire emergency.
Apple had several arguments, the most powerful of which was that the government had not proven that Apple was the only party which had sufficient expertise to crack the phone--the law only gives the government authority to force a company to aid in this type of situation when there's no reasonable alternative.
But if it makes you feel better about yourself to concoct some sort of anti-Apple fiction, then please do. Maybe you won't need to kick a puppy on the way home then.
Give them this and in 10 years they'll be whining about how unfair it is that they need a warrant to read your mind.
You laugh, but this has been tried.
In the case cited, fMRI scans were used to determine whether the plaintiff's "intent". IOW, they were using the scans to determine whether the doctor has "intent" to defraud the insurance agencies.
Okay, this is an argument I haven't considered. I think what most people mean by "won't work" is that with the existing tools and suggested methods, there would be nothing stopping someone who wished to use cryptographically secure tools on top of, or beyond the consumer level system. (See http://www.phantomcode.com/com...)
What you suggest is that we would mandate all encryption without government access illegal. Banks and large corporations would get a registration for their crypto/certificates and then just add software to their servers to log/transmit the unencrypted data at government requirement. Other encryption, like iPhone system level encryption, could still be legal (see http://www.phantomcode.com/com...) with access available to government requirement and, otherwise, with no discernible change to the security to the average voter.
Then the government could snoop on streams of data and servers and have just cause to arrest anyone using encryption that isn't authorized and accessible. The result would be that most data streams would be monitored by programs essentially looking for data streams that aren't authorized. It'd be tricky to kill off all the non-US certificates, but a MITM with certs issued by someone like Symantec or Google could do effectively the same thing.
I think this is the ultimate goal of the great firewall of China. They haven't been successful. Yet. I'm not confident they won't be mostly successful in the long run though. I'm not confident the US won't get to the same place eventually.
Carriers don't have access to text message *contents
Yeah they do. I used to work for a carrier. I have pulled the exact contents that you are talking about for law enforcement. There is nothing on your phone that they need to send your ass to jail they can't get from the carrier. The reason they want access to the device is because it's simpler. Carriers have deep pockets and can fight to keep the data private. It is in the best interested of the carrier to fight such requests.
I read at +2. If your post doesn't reach that level I will not see or respond to it.
Now that I think about it I remember one instance where I pushed out a rom update OTA to one particular MDN sitting on my desk.
Think about the implications of that.
I read at +2. If your post doesn't reach that level I will not see or respond to it.
Probably the biggest problem with this idea is that most people won't have anything to hide and the FBI would find nothing of value for that effort, and those who were even slightly serious about hiding stuff would immediately toss the device that had been out of their control in the trash, and the FBI would again get nothing and would lose a device.
I think dumpster diving is part of their job description.
In the free world the media isn't government run; the government is media run.
If the CIA can't keep their secrets (think Edward Snowden) then why should we trust them with ours? The more people who have access to a secret, the more likely it will leak.