Manhattan DA's Office Serves Up Craptastic White Paper Asking For A Ban On Encryption
from the and-just-a-couple-of-backdoors,-maybe-FOR-SAFETY! dept
Manhattan DA Cyrus Vance may not know what the fuck he's talking about when he discusses encryption, the internet and other tech-related issues. But that's certainly not going to keep him from talking about them.
A just-published "white paper" from the Manhattan DA's office (h/t Matthew Green) offers up all sorts of stupidity in its attempt to justify anti-encryption legislation.
It starts with lofty ideals…
This Report is intended to:… before throwing most of these out completely, starting with the "open discussion" with the affected stakeholders.
1) Summarize the smartphone encryption debate for those unfamiliar with the issue;
2) Explain the importance of evidence stored on smartphones to public safety;
3) Dispel certain misconceptions that many privacy advocates hold about law enforcement’s position related to encryption, including the myth that we support a “backdoor” or government-held “key;”
4) Encourage an open discussion with technology companies, privacy advocates, and lawmakers; and
5) Propose a solution that protects privacy and safety.
Vance's office doesn't want to burden the nation's tech companies with "golden keys" or "good guy-only" backdoors. The paper admits such a "solution" would be complicated and expensive. (But not impossible, notably.)
His solution? Something that doesn't burden tech companies, but simply leaves their customers unprotected. No backdoors will be needed because there will be nowhere to install one.
The federal legislation would provide in substance that any smartphone manufactured, leased, or sold in the U.S. must be able to be unlocked, or its data accessed, by the operating system designer. Compliance with such a statute would not require new technology or costly adjustments. It would require, simply, that designers and makers of operating systems not design or build them to be impregnable to lawful governmental searches.That's the big idea: a ban on encryption, presented disingenously as "Not A Ban." For all the paper's supposed "discussion" of the issues and contemplation of concerns expressed by companies and their customers, this is the DA's office's brilliant cure-all: federal legislation that would prevent companies from deploying encryption -- at least not without holding onto a set of keys for government use.
Offered in support of these arguments are the horrendous laws being contemplated/passed in other countries like the UK and France. If they can do it, we can do it! Vance's office argues any resulting harm to human rights civil liberties will be minimal. Undiscussed is the resulting harm to innocent users whose phones' contents are no longer encrypted.
The paper also discusses various workarounds that have been suggested, like accessing the unencrypted contents of cloud storage services connected to users' phones. The DA's office says that just isn't good enough. For one thing, not every user utilizes the cloud services offered by Google and Apple. The office's argument against seeking other routes to communications and data is astoundingly terrible.
[S]martphone users are not required to set up a cloud account or back up to the cloud, and therefore, many device users will not have data stored in the cloud. Even minimally sophisticated wrongdoers who use their devices to perpetrate crimes and who have cloud accounts will likely take the relatively simple steps necessary to avoid backing up those devices, or data of interest, to the cloud. In most instances, only one or two selections must be made in the device’s settings to turn off the back-up function or to remove certain types of content from the back up.There's a huge problem with this paragraph. It makes the assertion that criminals are more likely to avoid utilizing cloud backup services while simultaneously noting that this process is entirely optional and will not be used by most people. Using this logic, an average user may also be a "minimally sophisticated wrongdoer," at least as far as law enforcement can tell from what it finds stored in the cloud.
The underlying point is that lots of data and communications still reside within the phone itself and law enforcement will not be able to access this without Apple or Google leaving a door open for it.
The office does further damage to its own arguments for banning encryption by highlighting a string of successful prosecutions utilizing evidence recovered from cell phones. It uses this list to highlight the amount of "probative evidence" obtained from cell phones while simultaneously (and inadvertently) pointing out that law enforcement really hasn't been stymied by encryption, despite Vance's FUD-filled imaginations to the contrary.
And, finally, let's take a look at one more bogus analogy made by Vance's office, in which he tries to equate phones with houses.
The Fourth Amendment dictates that search warrants may be issued only when a judge finds probable cause to believe that a crime has been committed and that evidence or proceeds of the crime might be found on the device to be searched. The warrant requirement has been described by the Supreme Court as “[t]he bulwark of Fourth Amendment protection,” and there is no reason to believe that it cannot continue to serve in that role, whether the object that is to be searched is an iPhone or a home.A more honest analogy would compare phones to computers, which is basically what they are. While a warrant may give cops access to someone's computer -- allowing them to seize it -- it does not guarantee they'll be able to access its contents. Vance wants to compare opening a phone to opening a door, but it's not a true comparison. If people could make their houses as impregnable as their phones and computers, some very likely would -- and not just the theoretical "minimally sophisticated criminals." A house that cops can't get into is a house criminals can't get into. But there's no way to encrypt a door or window.
In fact, what makes full-disk encryption schemes remarkable is that they provide greater protection to one’s phone than one has in one’s home, which, of course, has always been afforded the highest level of privacy protection by courts. Apple and Google should not be able to alter this constitutional balance unilaterally. Every home can be entered with a search warrant. The same should be true of devices.
The paper tries to portray this as somehow making phones more private than houses in terms of the Fourth Amendment. But encrypted phones have nothing to do with a heightened expectation of privacy. Encryption makes phones more secure than houses, not more private than houses. The Fourth Amendment considerations aren't being shifted. It's only the level of instant access that's being changed. Vance's office -- being part of the law enforcement community -- should welcome efforts that make citizens more secure. Instead, all it's doing is bitching loudly and disingenously about all the power it imagines encryption will strip away from it.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoors, cyrus vance, encryption, encryption backdoors, going dark, ny
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
He's probably about as honest as most of them too.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
what a fucking tool
This is our answer... after enough fucktards like this spew their considerable bullshit all over the place people are already frothing out of the mouth by the time they come for them, they have already had enough to the point where only ruthless bloody murder will quench their rage.
[ link to this | view in chronology ]
*I still use TrueCrypt 7.1a, by golly.
[ link to this | view in chronology ]
bad analogies
/sarcasm
[ link to this | view in chronology ]
Anyone in law enforcement with an ounce of integrity ought to be able to recognize the hypocrisy on display with all of this hand-wringing.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
So not a ban on encryption, but just a ban on having it installed by default? So the average users can't have security, but no law against installing it yourself, so the motivated can?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
"government's principal responsibility to keep its residents safe"
No. No, man. Shit no man. I believe you get your ass kicked for saying something like that.
the governments principal responsibility is to UPHOLD THE CONSTITUTION at all costs
THIS GUY swore an oath:
"I do solemnly swear (or affirm) that I will support the constitution of the United States, and the constitution of the State of New York, and that I will faithfully discharge the duties of the office of ......, according to the best of my ability;"
https://www.dos.ny.gov/info/constitution/article_13_public_officers.html
[ link to this | view in chronology ]
Not just wrong, fractally wrong
If the primary responsibility of the government is to keep it's resident's safe, then the absolute last thing they should be trying to do is undermine the public's safety, which destroying encryption absolutely would do. No matter which way you look at it, he's absolutely wrong.
[ link to this | view in chronology ]
Re: Not just wrong, fractally wrong
[ link to this | view in chronology ]
Preemption
Could at least be some silver lining there....
[ link to this | view in chronology ]
Re: Preemption
[ link to this | view in chronology ]
* OK I know there is no such thing as white ink, but they don't know that. Besides, just distributing blank white paper would be faster, cheaper, and more able to have said whatever they want it to have said after the fact, a prosecutors dream.
[ link to this | view in chronology ]
Re:
For what it's worth, I heard that people in Hollywood regularly pay hookers to help them extract their white ink. Jim Hood probably knows.
[ link to this | view in chronology ]
Let me fix that for you
[ link to this | view in chronology ]
Let me fix that for you
Let me fix that for you:
[ link to this | view in chronology ]
Re: Let me fix that for you
[ link to this | view in chronology ]
Re: Let me fix that for you
[ link to this | view in chronology ]
This guy may as well be trying to ban AIR at this point, he looks absurd.
These people in government are simply not smart enough to decide anything anymore. They are too stupid (literally) and too corrupt.
[ link to this | view in chronology ]
Wait til anonymous gets done with his sorry ass...
[ link to this | view in chronology ]
Re: Wait til anonymous gets done with his sorry ass...
or he a Fng idiot.
[ link to this | view in chronology ]
Whose devices? Their devices.
The report is very confused: the devices belong to the end user, not to Google or Apple.
[ link to this | view in chronology ]
Re: Whose devices? Their devices.
[ link to this | view in chronology ]
Re: Whose devices? Their devices.
seriously - wtf!
[ link to this | view in chronology ]
Re: Whose devices? Their devices.
Unfortunately, due to the abomination known as "copyright", quite a bit of those systems still belong to Google and Apple, not the poor fools who think they actually own the whole thing they paid for.
Abolish copyright.
[ link to this | view in chronology ]
Won't a keylogger/screenlogger be required?
But what if the data was encrypted by an app installed on the phone? It's unlikely that Apple could decrypt that app's data.
So is the DA going to *require* that every phone include a keylogger & screenlogger to capture the data going in/out of every app?
So, there would then be a honeypot of keylogger & screenlogger data to attract criminals. These data would include bank account passwords and other bank account data.
These data would then be vulnerable to exfiltration by both physical access and remote access.
The OPM hack compromised 22 million people. The DA's plan would compromise a billion people.
I'm going to cut this whitepaper into 4" wide rolls and use it for its intended purpose. I just wish I had printed it out on softer paper.
[ link to this | view in chronology ]
I say put a wall around it like the Kurt Russell movie.
[ link to this | view in chronology ]
He has one point
[ link to this | view in chronology ]
Re: He has one point
should be compelled to self destruct.
ftfy
[ link to this | view in chronology ]
Re: He has one point
I think he's saying they should not be allowed to make end-to-end encryption that they are not able to access.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Multiple layers of encryption
Encrypted while in local storage, (with keys only yourself knows), another layer while data is in transit or hosted in the Cloud somewhere.
[ link to this | view in chronology ]
A home owner could turn his house into a fortress -- complete with 10 foot thick walls and a moat with alligators. While that might make it impregnable to normal attacks the police would eventually get in using brute force, i.e. dynamite, etc.
So let the police just brute force the encryption.
[ link to this | view in chronology ]
Impregnable?
[ link to this | view in chronology ]
Re: Impregnable?
[ link to this | view in chronology ]
Re: Impregnable?
[ link to this | view in chronology ]
"Guns don't kill people, encryption does" is a thing
[ link to this | view in chronology ]
New Product Announcement
Is this guy an Asshat or does he just play one in real life.
[ link to this | view in chronology ]
Lanny dont-get-between-me-and-a-TV-camera Davis chimes in:
http://thehill.com/opinion/lanny-davis/260664-lanny-davis-combating-terrorism-time-to-re-b alance-privacy-and-security
"go to Congress in support of requiring such back-door keys in all such apps"
[ link to this | view in chronology ]
Here's a funny thing
Over 3,600 people were killed and thousands more injured. Communities totally destroyed. Kids growing up living in fear. Families wrecked by terrorism on both sides - and it should not be forgotten the Army sent in to control the situation didn't exactly help.
Anyway, enough of the sad history. My point is that people wanting to do harm to others did it perfectly well without the internet back then. It didn't even fuckin` exist.
So what is the point of banning encryption? Even if the whole world turned off the entire internet the bad actors would find a way to communicate - just as they did in 1979.
The whole idea is just mental.
[ link to this | view in chronology ]
Re: Here's a funny thing
[ link to this | view in chronology ]
Re: Re: Here's a funny thing
[ link to this | view in chronology ]
Re: Here's a funny thing
Hint: The actual purpose is not what they're claiming.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Cloud users typically don't have informed consent anyway.
Cloud users, 90% of the time, have NO idea what their exposure level is and thus no informed consent. The idea that turning off a cloud account is tantamount to terrorism, is quite inverted. ANY indexing of a cloud account is an act of corporate espionage. Securing that service to automated federal surveillance is a crime against the Constitution.
It is like saying: "Severe Genocide is bad." Isn't pretty much ANY genocide bad? You'd like to chalk it off to ignorance, but it probably isn't.
He's attempting to validate one evil by making it appear as if it's already conceded, while arguing for some other evil. It is the same as calling FISC a "court". (unless there is habeas corpus, there is no court. Using a word doesn't make it so.) Mainstream journalists fall for this all the time. Fucking English lit majors. I swear they'll be the death of us all.
As a citizen, I can assure him, these points are most certainly NOT conceded. But I imagine he's already found that out. Perhaps the paper was written in service of a "leveraged" request, by a particular intelligence agency? Maybe because of something found on HIS cloud account?
Overturn Citizens United. Reinstate Glass Steagall. Bust the Trusts.
[ link to this | view in chronology ]
He wants to compare something I share every waking moment with 4 other people with, to something I alone have access to and use of.
Brilliant.
[ link to this | view in chronology ]
Statewide Organization Openly Advocates Use of Full-Disk Encryption
Source: New York State Information Technology Standard No: NYS-S14-007, IT Standard: Encryption (last accessed Nov. 18, 2015).
[ link to this | view in chronology ]
Totally different
However, members of the public neither need nor deserve protection for their private data and communications, as only criminals try and hide what they say and do. After all, 'If you've done nothing wrong, then you have nothing to hide'.
(If you can read both of the above statements and see no conflict or double-standards, congrats, you have a promising career in politics and/or police work waiting for you)
[ link to this | view in chronology ]
to hack list
[ link to this | view in chronology ]
But hey, don't take my word for it. With a ban on encryption, we would join other proud nations like North Korea and Pakistan in our self-unaware idiocy.
Attention Terrorists: Feel the full power of our denial.
[ link to this | view in chronology ]
what's next
[ link to this | view in chronology ]
Re: what's next
[ link to this | view in chronology ]