Manhattan District Attorney Ratchets Up The 'Going Dark' FUD; Leaves Out Its Connection To Shady Hacking Team
from the because-those-little-details-aren't-important dept
After the FBI's James Comey, it seems that the biggest proponent of backdooring encryption for law enforcement has been Manhattan District Attorney Cyrus Vance, who has now penned a ridiculous fear-mongering opinion piece for the NY Times (along with City of London Police Commissioner Adrian Leppard, Paris Chief Prosecutor Francois Molins and Spanish chief prosecutor Javier Zaragoza). Vance has been whining about encryption for a while. And Leppard, you may recall, is the guy who recently claimed "the tor" is 90% of the internet and a "risk to society." He's not exactly credible on technology or encryption issues. But, still... he gets to team up on a NYT op-ed about encryption.While Comey has been struggling to find a dead child to use as the literal poster child of his campaign to weaken encryption, these prosecutors are now parading out a few stories, starting with a murder in Evanston, Illinois (note: not anywhere near Manhattan, Paris, London or Madrid):
In June, a father of six was shot dead on a Monday afternoon in Evanston, Ill., a suburb 10 miles north of Chicago. The Evanston police believe that the victim, Ray C. Owens, had also been robbed. There were no witnesses to his killing, and no surveillance footage either.Cool story. Totally bogus, but cool story. There are all sorts of problems with it starting with the fact that, as of last check Samsung is not requiring encryption by default, because of performance issues. Thus, if it's true that the phone was encrypted, that's not an issue with Google/Android, but the user setting up something himself -- something that anyone has been able to do for ages and has nothing to do with recent moves by Google (and it's not even entirely clear from the description by Vance if the phones were actually encrypted or just had a passcode/lockscreen).
With a killer on the loose and few leads at their disposal, investigators in Cook County, which includes Evanston, were encouraged when they found two smartphones alongside the body of the deceased: an iPhone 6 running on Apple’s iOS 8 operating system, and a Samsung Galaxy S6 Edge running on Google’s Android operating system. Both devices were passcode protected.
An Illinois state judge issued a warrant ordering Apple and Google to unlock the phones and share with authorities any data therein that could potentially solve the murder. Apple and Google replied, in essence, that they could not — because they did not know the user’s passcode.
The homicide remains unsolved. The killer remains at large.
More importantly, the idea that this is why the murder "remains unsolved" and "the killer remains at large" is ridiculous. It's not even clear why the smartphones are all that relevant in this case. But nothing in having a passcode on the phones would stop police from figuring out the phone numbers, contacting service providers for information or issuing perfectly working warrants for communications data (remember, the only issue with encryption would be stored data at rest on the phone). Indeed, the Evanston police did obtain call records related to the phone, but they didn't help the investigation. In fact, the Commander of the Evanston Police Department told The Intercept that while accessing the phones might provide some useful clues he's not sure if it would actually help solve the case -- just as the call records did not.
In other words, this is nothing but blatant factually challenged fear mongering.
And it goes on:
Between October and June, 74 iPhones running the iOS 8 operating system could not be accessed by investigators for the Manhattan district attorney’s office — despite judicial warrants to search the devices. The investigations that were disrupted include the attempted murder of three individuals, the repeated sexual abuse of a child, a continuing sex trafficking ring and numerous assaults and robberies.This is the first time anyone has actually given numbers of the times law enforcement was "stymied," but notice that none of these cases, including the "attempted murder of three individuals, the repeated sexual abuse of a child or the continuing sex trafficking ring" were described in any more detail to explain how the encrypted phones were the real problem (again: remember there is nothing stopping the police from getting other data, including communications data or any of the data backed up in the cloud, as most data on iPhones is).
Oh, and then there's this: As Kade Crockford highlights, Muckrock recently noted that the leaked emails from the Hacking Team showed that the Manhattan DA's office was a potential client of the Hacking Team, meaning that it would have had access to plenty of tools on hand to break into phones -- even those that make use of encryption.
The Vance op-ed also completely misrepresents things, arguing that because some criminals falsely believe that everything is now encrypted, it means they are:As recently as this past May, Hacking Team and an assistant district attorney with the Manhattan District Attorney’s Office emailed back and forth about a potential software “solution.” Hacking Team sales staff fielded questions about jailbreaking iPhones remotely, and discussed among themselves about how high a price to quote.
Hacking Team hosted a spyware demo in September 2013 for Manhattan district attorney staff, and again in February 2015. When the assistant DA requested a price estimate, a Hacking Team operations manager suggested a starting ask of $3 million.
"If it's totally out of budget, we can come up with a special 'deal' for them and the usual accommodations," wrote Hacking Team’s Daniele Milan on an internal email thread about discussions with the DA.
The DA’s office confirmed that it has met with Hacking Team to review their products.
"In order to keep pace with rapid developments in the private sector, we invite groups to demo various emerging technologies," wrote Joan Vollero, Manhattan DA spokeswoman, in an emailed statement.
Criminal defendants have caught on. Recently, a suspect in a Manhattan felony, speaking on a recorded jailhouse call, noted that “Apple and Google came out with these softwares” that the police cannot easily unlock.Except, Google and Apple have long offered the software, and (again) it's not yet default on Android phones and it only protects stored data on the phones -- while most people will likely (falsely) assume that it also protects communications data or backed up data.
The op-ed also ignores the valid reasons for protecting your own privacy, or what happens when malicious actors use backdoors to get into your data. Or how foreign states, such as China and Russia will also demand backdoors. Instead, it pretends the only criticism of backdoors is because of worries about government surveillance. This is wrong. The article falsely argues that full disk encryption only provides "marginal" benefits to users, and shouldn't be allowed because what prosecutors want to do is different than the NSA's mass surveillance efforts. Once again, this misstates the reasons for full-disk encryption and completely ignores the dangers of backdoors.
We had hoped the ridiculousness over the whole "going dark" hysteria would start to die down by now, but apparently that was being optimistic. One wonders if Cyrus Vance, Francois Molins, Adrian Leppard and Javier Zaragoza also bemoan the act that criminals can speak to each other in person and no warrant will ever reveal what they said.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: adrian leppard, cyrus vance, encryption, fud, going dark, mobile encryption
Reader Comments
The First Word
“There's also this other tidbit:
People having their lives ruined by killers and kidnappers who leave encrypted phones as the one vital clue is rarePeople having their lives ruined by police illegally searching for cause to ruin their lives is commonplace.
Subscribe: RSS
View by: Time | Thread
Which still would be justified and all that's needed to oppose weakening encryption.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Small tech note, Apple actually does encrypt data in iCloud now. Link: https://support.apple.com/en-us/HT202303
Here's the relevant part:
iCloud Keychain
iCloud Keychain encryption keys are created on your devices, and Apple can't access those keys. Only encrypted keychain data passes through Apple's servers, and Apple can't access any of the key material that could be used to decrypt that data.
Only trusted devices that you approved can access your iCloud Keychain.
Advanced settings allow you to choose an iCloud Security Code longer than four digits or have your device generate one for you.
You can choose to disable keychain recovery, which means that iCloud Keychain is kept up to date across your approved devices, but the encrypted data is not stored with Apple and cannot be recovered if all of your devices are lost.
I think this started being implemented after the fappening deal.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Trading that security for EVERYONE on this planet that encryption provides for making lazy leos easier (in rare cases) is the worst possible trade imaginable.
In the same vein of absurdness I propose that LE not be able to get warrants anymore at all, because it sometimes disrupts the citizenry in their daily lives and work. /facepalm
[ link to this | view in chronology ]
...but given how it turns out the whole notions of Crime Scene Investigation and Good Old Fashioned Detective Work are Hollywood fairy tales, investigators are therefore completely baffled due to the encryption on the phones.
[ link to this | view in chronology ]
Mission Impossible ?
Obviously in order to know that the data on the phone was vital to the case, the perpetrator had to be caught after the data was accessed, in which case the encryption had to be broken ... in which case you would argue that "you've shown that you already have all the powers you need".
I'd like to see some acknowledgement that yes, they do seem to have finally provided an example where they *might* be right that the encryption on the phone is preventing access to some vital clue that could crack the case, but that (obviously) we can't know for sure either way. Then we discuss whether the costs of the powers they're asking for are worth the benefit, i.e. whether it's better to let the occasional bad guy get away with it or to make it easier for criminals, hackers, terrorists, and the like to get at everyone's private information.
[ link to this | view in chronology ]
"they do seem to have finally provided an example where they *might* be right"
But more likely they'll be able to pin some innocuous crime on the alleged owners of the phones and give them prison time, and then be satisfied that justice was done.
Pardon me for being skeptical, but recent history has shown plenty of good cause to be skeptical.
[ link to this | view in chronology ]
Re: Mission Impossible ?
[ link to this | view in chronology ]
Re: Re: Mission Impossible ?
[ link to this | view in chronology ]
Not At All Impossible
1. Government agents find encrypted smartphone.
2. Investigation flails around in circles for a while.
3. Smartphone owner or friend thereof steps forward, "Oh, yeah, the password is...."
4. Evidence on smartphone cracks case open.
5. Profit!
Get back to us when something like that actually happens.
[ link to this | view in chronology ]
Re: Mission Impossible ?
Fair enough, let's flip it around. Law enforcement keep banging on as if they're losing something important to them, but this is a fairly recent change from Apple and Google so there must be a history they can present where having access to phones solved lots of horrible crimes. But I don't see any of those stories being talked about. Instead we get weak hypothetical scenarios that are easily shot down. Doesn't seem like they have a strong case at all.
[ link to this | view in chronology ]
You know, this crusade against encryption is so full of bullshit that they often put their own arguments against each other. If the benefit is so marginal then it shouldn't be an issue for law enforcement of the alleged most powerful nation in the world.
One wonders if Cyrus Vance, Francois Molins, Adrian Leppard and Javier Zaragoza also bemoan the act that criminals can speak to each other in person and no warrant will ever reveal what they said.
Cameras with ambient mics everywhere? Don't underestimate these people.
[ link to this | view in chronology ]
Yet another article that firmly places NYT into the category of State Propaganda
And your recently SWATted neighbor had it coming.
[ link to this | view in chronology ]
There's also this other tidbit:
People having their lives ruined by police illegally searching for cause to ruin their lives is commonplace.
[ link to this | view in chronology ]
A Particularly Blatant Bit Of Nonsense
This is a piece of brazen misrepresentation on a par with the "increase" of the chocolate ration to twenty grams (from a previous thirty) in 1984. Obviously, the new system (in which Apple or Google do not have access to the user's passcode) protects the user from institutional data breaches, since no data breach can expose data that the target does not possess.
I notice that this editorial, unlike most of the others, has no comment section. It's a damning admission that Vance et al know perfectly well that they have nothing but easily refuted lies and bullshit.
[ link to this | view in chronology ]
Claiming the high ground
These lies become the truth sufficiently enough to win the argument. Sadly it is endemic in our world today.
[ link to this | view in chronology ]
Those phones contained two pieces of valuable information. Unfortunately, due to the incredibly complex and sophisticated pass code protection known as the "4 Digit PIN" (that has nothing to do with encryption at all), we can only guess at the last words of the perpetrator and his victim.
"Google, tomorrow at 2 pm remind me to kill the guy that just spilled his drink on me."
"Siri help me, that crazy guy from the bar last night is @#$% shooting at me!"
[ link to this | view in chronology ]
Translation?
[ link to this | view in chronology ]
In that case, I must be a hardened criminal cause I don't want a cell phone. Don't have to worry about encryption nor data on the damn thing. Break that data storage!
[ link to this | view in chronology ]
Re:
It is a poor assumption, but not impossible. At one time Japan had a television show that solved mysteries on the basis of train schedules. When I first heard that I thought it was nuts. Then I found out Japan's rail system is far more efficient and far more on-time accurate than anything the US has or ever had. Their on-time accuracy sometimes beats the airlines. So while the idea sounds outlandish it's still probable.
But you bring up a valid question: are there any crimes that can only be solved by looking at the data on a cel phone? AFAIK such data makes solving quicker or adds to the evidence.
[ link to this | view in chronology ]
Re: Re:
An obviously true statement. Failure to come up with a crime that can only be solved by "x" is a statement about the limits of your creativity. And yet, at no time has "no physical law prevents the existence of a crime that we cannot solve without x" ever been considered as reason for x.
Because if that argument was true, then it would be necessary to have cameras everywhere. In your house, your car, every few feet along roads, in the forests, on your clothes. The internet would have to be permanently shut down, phones eliminated, ability to travel at all severely curtailed if not eliminated completely, language redesigned to prevent even the ability to communicate in the terms needed to plan a crime. And of course, your Japanese television show would need to be wiped from historical records. Among other things.
But we don't do any of this. Because the question we actually ask is simple: are the crimes that can only be solved using x common enough and severe enough to overcome the benefits derived from x?
And considering that crimes achieved through a failure to properly secure electronics, networks etc. are both more common and capable of greater overall damage, and especially in light of the fact that nobody can find a crime that would have been solved with backdoors (rather than might have been)...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
You can encrypt the SD card as well in Lollipop
For phones that are simply locked, most municipal precincts have a software kit to unlock them and sift through the onboard data including recent phone calls and SMS. I assume that gives access to passwords to web services such as email, calendar and contacts.
[ link to this | view in chronology ]
Re: You can encrypt the SD card as well in Lollipop
[ link to this | view in chronology ]
"web services"
[ link to this | view in chronology ]
Re: "web services"
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Lollipop devices
Dunno the rate of adoption by Android end users though.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Chasing the Wet Dream
[ link to this | view in chronology ]
Just A Thought...
...were encouraged when they found two smartphones alongside the body of the deceased: an iPhone 6 running on Apple’s iOS 8 operating system, and a Samsung Galaxy S6 Edge running on Google’s Android operating system.
Maybe robbery wasn't the motive.
[ link to this | view in chronology ]
Wondering . . .
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Going Dark
https://medium.com/@sweis/when-curtains-block-justice-142cbd0f3f34
[ link to this | view in chronology ]
To The New York Crimes - Op Ed Dept.
I'm betting the response would be hugely informative, and probably quite entertaining. :)
---
[ link to this | view in chronology ]