District Attorney Arguing Against Encryption Handed Out Insecure Keylogging 'Monitoring' Software To Parents
from the let-them-eat-post-breach-free-credit-monitoring dept
Beyond James Comey, there are still a few law enforcement officials beating the anti-encryption drum. Manhattan DA Cyrus Vance is one of those. He's been joined in this fight by some like-minded district attorneys from the other coast, seeing as New York and California both have anti-encryption bills currently working their way through local legislatures. Vance, along with Los Angeles County DA Jackie Lacey and San Diego County DA Bonnie Dumanis, penned an op-ed against encryption for the LA Times. In it, they argue that tech companies have set them up as "gatekeepers" of communications and data, which they believe law enforcement should always have access to, no matter what.
DA Dumanis goes even further in a press release issued by her office. Tech companies aren't just gatekeepers standing between law enforcement and data. They're "gatekeepers of justice," apparently standing between victims of crime and punishment of wrongdoers.
The EFF's Dave Maass has fired back, via a post of the Voice of San Diego, pointing out that Dumanis especially shouldn't be inserting herself into the encryption debate -- not with her general disdain for the security of her constituents.
It opens with this:
The last person San Diego should trust with their computers and smartphones is District Attorney Bonnie Dumanis.
And goes on to clearly articulate why Dumanis has no business attempting to legislate computer security. Dumanis spent public money acquiring and pushing a horrendously insecure piece of "parental monitoring" software.
In 2012, Dumanis spent $25,000 in public money on 5,000 copies of a piece of “parental monitoring” software called ComputerCop. This CD-ROM, which was distributed to families throughout the county for free, included a video from Dumanis promoting the program as the “first step” in protecting your children online.
This first step, however, involved parents installing keylogger software on their home computers. This type of technology is a favorite tool of malicious hackers, since it captures everything a user types, including personal information such as passwords and credit card numbers. Not only did ComputerCop store keylogs in an unencrypted file on the person’s computer, but it also transmitted some of that information over unsecured connections to a mysterious third-party server.
Two years later, Dumanis finally pulled the plug on the publicly-funded program, admitting the monitoring software was faulty and telling parents to disable the insecure keylogging function. Dumanis was hardly the only DA to recommend this terrible software, but she's one of the few who's stuck her head above the encryption parapet to offer her support of the Feinstein-Burr anti-encryption bill.
But that's not all. Dumanis and her office won't even secure their own website.
The district attorney’s website fails to use HTTPS, the protocol that has become the industry standard for secure browsing online. This means that residents, including crime victims, whistleblowers and witnesses, cannot visit her site with confidence that their browsing won’t be intercepted or manipulated by third parties.
Dumanis -- like Vance, Comey, and others -- would rather sacrifice the safety of the public for a few more criminal prosecutions. The "greater good" apparently means nothing when a very small percentage of cases might involve encrypted communications or devices.
Law enforcement has never had more access to communications and data that it does now. In the past, files were burned, papers were shredded, people passed notes and spoke in person -- all of which rendered these inaccessible to law enforcement. Now that these files and communications are conveniently stored en masse on cellphones and personal computers does not mean the government is somehow entitled to 100% access. A warrant that runs into encryption is a small price to pay for the security of millions of cellphone users. Despite maintaining the narrative that criminals are moving toward encrypted platforms, law enforcement reps and officials have yet to deliver any evidence that this is so widespread that backdooring or banning encryption is the only option. And the loudest law enforcement voices protesting tech companies and their "gates" are often those who care the least about protecting innocent people from criminals.
[Dave Maass pointed out on Twitter that Suffolk County (MA) District Attorney Dan Conley -- who spent a lot of time displaying his ignorance during the Congressional hearing about device encryption -- has also stumped for the insecure monitoring software.]
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: bonnie dumanis, dianne feinstein, encryption, going dark, richard burr, sand diego
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
And the barbarians are at the gate.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
BRILLIANT!!!! Bravo!!!
Seems like an Enlightenment age for LEO's rather than "going dark."
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Phone encryption software that stores the key on a microSD,(sorry iPhone users)and does not let the user know the key. In times of peril you remove the mSD and toss it.
Judge orders you to produce the key and you can't because you never knew it. Worst that could happen is you getting charged with tampering with evidence rather than being detained indefinitely.
Anyone?
[ link to this | view in chronology ]
Re:
This does, however, open another security hole in that anyone who gets their hands on the SD card has the private key and can duplicate it. So someone with physical access to your phone but no access code could quickly duplicate your key while you aren't looking. Do we just depend on the fact that it's password protected, so hard to crack even if someone grabs the encrypted private key? In which case, if someone gets their hands on the mSD card or a copy of its data, we're back where we've started, with the protection depending on a memorized passcode.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Need to develop the next generation of felons, else
[ link to this | view in chronology ]
Re: Need to develop the next generation of felons, else
Same general problem with cops not being able to get high-level drug distributors off the street: without their big-money purchases, the flow of cars leaving town filled with bales of forfeiture-ripe cash would slow to a trickle. Without all the seized cash, what's the point of becoming a cop in the first place?
[ link to this | view in chronology ]
Matches
[ link to this | view in chronology ]
Surely thats a typo
[ link to this | view in chronology ]
The only way to make sure your children stay arguably safe is through responsible parenting. Whether done in person or by proxy (hired tutor), education goes a long way towards preventing both "actually bad" and "socially bad" behavior.
Stopping teenage boys from occasionally spanking the monkey (porn or no porn) is an absolutely futile endeavor.
Try to focus on real damage areas like preventing teen pregnancies, sexual infections and predatory behavior.
[ link to this | view in chronology ]