Remember When The FBI & NYPD Told People To Upgrade Their iPhones To Enable Stronger Security?
from the because-it-helps-stop-crime dept
Look, let's face facts here. For all the talk coming from the law enforcement community that they need backdoors into encryption to stop crime, they absolutely know that the reverse is true: strong encryption prevents crime. Lots of it. Strong encryption on phones makes stealing those phones a lot less worthwhile, because all the information on them is locked up. As we noted back in 2014, the FBI had a webpage advocating for mobile encryption to protect your phone's data:But it's not just the FBI. Trevor Timm alerts us to the amazing fact that just a couple of years ago, the New York City Police Department (NYPD) was literally roaming the streets, giving people fliers telling them to upgrade their iPhones to enable greater security features to protect against crime. Michael Hoffman tweeted a picture of the flier he received:
Four uniformed NYPD officers were at my subway stop tonight asking me to upgrade to iOS 7. Not a joke! pic.twitter.com/CGdR2RqtKJ
— Michael Hoffman (@Hoffm) September 21, 2013
In other words, law enforcement in NYC absolutely knows that stronger security on phones prevents crime. And yet, Manhattan District Attorney Cyrus Vance is running around pretending that these phones have created a crime wave in NY?PUBLIC AWARENESS NOTICE As of Wednesday, September 18, 2013 the new iOS7 software update available for your Apple product brings added security to your devices.
ATTENTION APPLE USERS!!!!
By downloading the new operating system, should your device be lost or stolen it cannot be reprogrammed without an Apple ID and Password.
The download is FREE from Apple.
And, it appears that the data absolutely supports what the FBI and the NYPD apparently used to know, but are now pretending to forget. An article last summer by Kevin Bankston, laid out the details, noting that phone theft is a massive epidemic, with criminals swiping millions of phones -- and many of them then seeking to get access to the data on those phones. While the introduction of remote kill switches has helped reduce some of that, encryption is a much better solution.
So what happened? Did the FBI and NYPD really "forget" everything they knew two and a half years ago about encryption and how it stops crime?
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: encryption, fbi, iphone, nypd, security, theft
Companies: apple
Reader Comments
Subscribe: RSS
View by: Time | Thread
Isn't it obvious?
Encryption: It not only protects criminals, but it also keeps government and police agencies from remembering just why it's so important.
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
I know it may hurt your one track mind, but have you considered that it discourages one type of crime but may encourage another? Crime isn't a one size fits all thing.
Try invoking David Bowie instead!
[ link to this | view in thread ]
Re:
Given the existence of the two distinct forms of encryption, it's perfectly logical for them to be pushing encryption one year by claiming that it prevents crime, while not two years later whining about how encryption makes their jobs harder/impossible with nary a peep about how much crime it prevents.
[ link to this | view in thread ]
Re:
Ok, I get that it discourages phone theft, but what crime is being encouraged here? The "crime" of protecting your own personal privacy? The "crime" of being able to have private conversations with other people? The "crime" of not wanting to be geo-tracked wherever you go? What "crimes" are you talking about?
[ link to this | view in thread ]
Re: Re:
It's not the point, is it?
The point is that of protecting your personal data. Basically, if someone steals your phone, they get nothing. It stops that secondary effect of crime from harming you more than just getting your phone stolen. The police are certainly right to encourage you to use it.
That does not preclude or stop the legitimate needs to investigate a multiple murder to it's logical conclusion and to gain access where possible to every piece of data they can.
"while not two years later whining about how encryption makes their jobs harder/impossible with nary a peep about how much crime it prevents."
Again, crime is not a monolithic thing. There is not "crime" as a generic one size fits all thing. A may cause B, but it can also independently cause C as well - or may impact and diminish D. It's not a simple one thing "more crime, less crime". That's just a simplistic attempt to "add to the narrative" of police being confused or inconsistent.
[ link to this | view in thread ]
They didn't really change their minds....
It's only a problem now because, hey, they didn't really expect the public to do it!
[ link to this | view in thread ]
Re: Re: Re:
Sure. However, until the answer becomes "they can't get this data", then there are holes in the "they get nothing" feature. Right now, that hole is Apple. If Apple is smart, in iOS 10 or 11, that hole will be removed, and we're back to "they can't get this data".
Or, as security researcher Matt Blaze tweeted: "I'm less concerned w/ whether Apple should be compelled to comply with this order than with ensuring future products can be more secure."
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Isn't it obvious?
"They couldn't access the site cause it didn't have a backdoor to it." Is that right?
[ link to this | view in thread ]
Re: Re: Re:
While this may be true, it's not a crime, in and of itself, to protect your own personal privacy, even if it makes law enforcement's job harder.
If your goal is to make law enforcement's job easier, then why aren't you advocating abolishing the US Constitution? That would make the their job a whole lot easier, wouldn't it?
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re:
The encryption that protects your personal data from criminals is the very same encryption that makes it more difficult, if not flat out impossible for police to gather evidence from an encrypted device. If a company can bypass it thanks to shoddy security or as far too many have demanded a 'golden key' then that same vulnerability makes it easier for criminals to break in.
Encryption is one of the very few things that is black or white, secure or not secure. If police and/or government agencies are pushing for better encryption on one hand because it prevents crimes, they do not get to turn around and say that encryption needs to be weakened when it makes their jobs harder, especially given doing so might allow them to solve some cases, but it absolutely would lead to more crimes in general involving devices that aren't as secure as they could have been.
[ link to this | view in thread ]
Re:
Even if you consider it the benefits far outweigh the problems. There are two phones that Farook destroyed. The data on them is inaccessible. But it may not really be a problem since part of the data can be obtained via carriers, victims phones etc. There are more paths than the absurd they are asking.
[ link to this | view in thread ]
[ link to this | view in thread ]
So...I'm fairly certain
I believe that the feature being pushed here is that the phone can't even be factory-reset and used by someone else. Prior to 7, if you stole an iPhone, you could just wipe it and use it as brand-new. In 7, the phone would not register to another user unless it was first released by the original user (by some mechanism - the IMEI or something was actually bound to the specific iTunes user account).
[ link to this | view in thread ]
Re: Re: Re: Re:
Kind of hard to interrogate your allies when you're metaphorically already aiming a taser or gun at them.
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re:
Nobody would become a terrorist without encryption.
No child would be molested without encryption.
Crime and violence never existed before encryption!
Oh wait...
[ link to this | view in thread ]
On the plus side, Fall 2016 is coming up fast...
[ link to this | view in thread ]
Re: Re: Re: Re:
Not really true. You can have very secure encryption which is ruined by having user friendly short pincodes to open the files. Apple's encryption is in theory very strong, in practice perhaps less so.
Remember: no matter what, encryption by it's nature needs decryption to have value. That means there is always a key, and it's strictly how good that key is that makes all the difference. Good encryption with a weak key isn't any better than a big steel door with a 99 cent padlock on it.
[ link to this | view in thread ]
Re: Re: Re: Re:
I don't have a goal, and I think trying to figure that at every turn there has to be a bigger goal is perhaps misleading. This is a particular case where law enforcement can gain access without Apple having to create a backdoor, they just have to remove a couple of covers off the door lock so they can try.
If there is a possibility of access by reasonable means (and brute force is reasonable, no different from using a battering ram to knock down a door) then the police should have that choice available to them.
Where Apple objects is that this sort of change exposes the weakness of their pincode approach to encryption. When you stop and realize that all of the security chip one way code hidden access means nothing if the user's password to access the files is too short. Apple doesn't want the code getting into the wild, at least not until they come up with a IOS patch that forces consumers to use longer passwords for encryption.
When Apple fixes the problem, the discussion will be moot. For now, Apple doth protest too much, mostly because they don't want anyone to notice the egg on their faces.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
Apple would still need to create the problem first before they would be able to fix it.
Currently this is not a possibility as the firmware does not allow it and the firmware has to be signed with their cryptographic keys to be able to work. So in other words their security is strong and only apple have the remote possibility to be able to make a firmware that might make it easier to break.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
And the request is not reasonable. A whole freaking lot of people think it's not reasonable. And nobody is mentioning how costly and complex the task would be. One TD reader described in details how forensic works and how it could be screwed up anywhere during the process.
Where Apple objects is that this sort of change exposes the weakness of their pincode approach to encryption.
Nobody said pin codes are the pinnacle of good security. It would expose a company that's willing to screw their customers without fight AND that doesn't provide good security as advertised. This would be catastrophic to the company considering how competitive is the smartphone market. And I'm amused by the way you talk as if the Government is always the good guys. This, if done, will have severe consequences all over the world. But entitled f* like you don't care.
When Apple fixes the problem, the discussion will be moot.
If what the FBI asks can be done it will still be used and a whole lot of people will be put at risk along with a company with a broken trust. But I do agree and I hope Apple makes it impossible to crack in any conceivable way. Maybe then law enforcement will actually do their jobs.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
This is not an issue with encryption. And pin codes can be fairly secure if you take steps to prevent brute force attacks like introducing a hardware enforced delay for instance.
Remember: no matter what, encryption by it's nature needs decryption to have value. That means there is always a key, and it's strictly how good that key is that makes all the difference. Good encryption with a weak key isn't any better than a big steel door with a 99 cent padlock on it.
Again, not a problem of weak encryption. Using good keys only helps if, say, FBI goons can go through the rest of the security measures (such as the delay previously mentioned). He is right, either an encryption system is secure or it is not. How you employ that system (ie: using pin codes or long phrases) is not an issue with the system itself.
[ link to this | view in thread ]
Ironically
[ link to this | view in thread ]
Let's talk about the gas pump
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
I disagree, security is a matter of degrees. If you want to use a black and white definition, then a system is either totally unbreakable or it isn't. And there aren't any systems that are totally unbreakable*, so all systems are insecure. It's much more useful (but harder) to discuss how secure a system is, and what its weaknesses are, because they all have weaknesses.
* OTP encryption is unbreakable, but a communication system using it can be generally be compromised in other ways
[ link to this | view in thread ]
Re: Let's talk about the gas pump
The oil companies are in charge of immigration now?
[ link to this | view in thread ]
Re: Re: Let's talk about the gas pump
[ link to this | view in thread ]
Re: Re: Re: Let's talk about the gas pump
Do you just choose to believe in everything until you see evidence it's not true? How do we know the YMCA isn't in charge of immigration? Or video game publishers? Or the car wash owners association of America?
[ link to this | view in thread ]
Re: Re: Re: Re: Let's talk about the gas pump
Maybe they are!
[ link to this | view in thread ]
Re: Re: Re: Re: Let's talk about the gas pump
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Let's talk about the gas pump
[ link to this | view in thread ]
Inferring I have more than one brain from my name
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Let's talk about the gas pump
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Let's talk about the gas pump
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Re: Let's talk about the gas pump
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re:
In general in life, there is no such thing as 100% security. With almost all crypto, this is even more true. To take a binary "secure/insecure" viewpoint is, itself, a security problem because it prevents you from accurately evaluating your security situation.
[ link to this | view in thread ]