District Attorney Arguing Against Encryption Handed Out Insecure Keylogging 'Monitoring' Software To Parents

from the let-them-eat-post-breach-free-credit-monitoring dept

Beyond James Comey, there are still a few law enforcement officials beating the anti-encryption drum. Manhattan DA Cyrus Vance is one of those. He's been joined in this fight by some like-minded district attorneys from the other coast, seeing as New York and California both have anti-encryption bills currently working their way through local legislatures. Vance, along with Los Angeles County DA Jackie Lacey and San Diego County DA Bonnie Dumanis, penned an op-ed against encryption for the LA Times. In it, they argue that tech companies have set them up as "gatekeepers" of communications and data, which they believe law enforcement should always have access to, no matter what.

DA Dumanis goes even further in a press release issued by her office. Tech companies aren't just gatekeepers standing between law enforcement and data. They're "gatekeepers of justice," apparently standing between victims of crime and punishment of wrongdoers.

The EFF's Dave Maass has fired back, via a post of the Voice of San Diego, pointing out that Dumanis especially shouldn't be inserting herself into the encryption debate -- not with her general disdain for the security of her constituents.

It opens with this:

The last person San Diego should trust with their computers and smartphones is District Attorney Bonnie Dumanis.

And goes on to clearly articulate why Dumanis has no business attempting to legislate computer security. Dumanis spent public money acquiring and pushing a horrendously insecure piece of "parental monitoring" software.

In 2012, Dumanis spent $25,000 in public money on 5,000 copies of a piece of “parental monitoring” software called ComputerCop. This CD-ROM, which was distributed to families throughout the county for free, included a video from Dumanis promoting the program as the “first step” in protecting your children online.

This first step, however, involved parents installing keylogger software on their home computers. This type of technology is a favorite tool of malicious hackers, since it captures everything a user types, including personal information such as passwords and credit card numbers. Not only did ComputerCop store keylogs in an unencrypted file on the person’s computer, but it also transmitted some of that information over unsecured connections to a mysterious third-party server.

Two years later, Dumanis finally pulled the plug on the publicly-funded program, admitting the monitoring software was faulty and telling parents to disable the insecure keylogging function. Dumanis was hardly the only DA to recommend this terrible software, but she's one of the few who's stuck her head above the encryption parapet to offer her support of the Feinstein-Burr anti-encryption bill.

But that's not all. Dumanis and her office won't even secure their own website.

The district attorney’s website fails to use HTTPS, the protocol that has become the industry standard for secure browsing online. This means that residents, including crime victims, whistleblowers and witnesses, cannot visit her site with confidence that their browsing won’t be intercepted or manipulated by third parties.

Dumanis -- like Vance, Comey, and others -- would rather sacrifice the safety of the public for a few more criminal prosecutions. The "greater good" apparently means nothing when a very small percentage of cases might involve encrypted communications or devices.

Law enforcement has never had more access to communications and data that it does now. In the past, files were burned, papers were shredded, people passed notes and spoke in person -- all of which rendered these inaccessible to law enforcement. Now that these files and communications are conveniently stored en masse on cellphones and personal computers does not mean the government is somehow entitled to 100% access. A warrant that runs into encryption is a small price to pay for the security of millions of cellphone users. Despite maintaining the narrative that criminals are moving toward encrypted platforms, law enforcement reps and officials have yet to deliver any evidence that this is so widespread that backdooring or banning encryption is the only option. And the loudest law enforcement voices protesting tech companies and their "gates" are often those who care the least about protecting innocent people from criminals.

[Dave Maass pointed out on Twitter that Suffolk County (MA) District Attorney Dan Conley -- who spent a lot of time displaying his ignorance during the Congressional hearing about device encryption -- has also stumped for the insecure monitoring software.]

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: bonnie dumanis, dianne feinstein, encryption, going dark, richard burr, sand diego


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Ed (profile), 18 May 2016 @ 6:40am

    Waiting for the inevitable doxxing of these DAs by someone like Anonymous or the like. Would be so sweet to see the DAs hoisted by their own petards.

    link to this | view in chronology ]

  • icon
    DOlz (profile), 18 May 2016 @ 7:11am

    "DA Dumanis goes even further in a press release issued by her office. Tech companies aren't just gatekeepers standing between law enforcement and data. They're "gatekeepers of justice," apparently standing between victims of crime and punishment of wrongdoers. “

    And the barbarians are at the gate.

    link to this | view in chronology ]

  • icon
    SteveMB (profile), 18 May 2016 @ 7:17am

    Given that it's the tech companies who put cameras in millions of people's pockets with which to catch Cops Behaving Badly, then they've earned the title "gatekeepers of justice", and a damn good thing, too.

    link to this | view in chronology ]

  • identicon
    I.T. Guy, 18 May 2016 @ 7:44am

    "Law enforcement has never had more access to communications and data that it does now. In the past, files were burned, papers were shredded, people passed notes and spoke in person -- all of which rendered these inaccessible to law enforcement. Now that these files and communications are conveniently stored en masse on cellphones and personal computers does not mean the government is somehow entitled to 100% access."

    BRILLIANT!!!! Bravo!!!

    Seems like an Enlightenment age for LEO's rather than "going dark."

    link to this | view in chronology ]

    • icon
      SteveMB (profile), 18 May 2016 @ 9:34am

      Re:

      The reality is that LEOs aren't "going dark", it's that they're getting blinded by the light. The Boston Marathon bombing case (where the Feds blew of clear and specific warnings about the Tsarnaev brothers) is a classic example of the real information-overload problem.

      link to this | view in chronology ]

  • identicon
    I.T. Guy, 18 May 2016 @ 7:52am

    It may exist, but I have not seen it. Think of this:
    Phone encryption software that stores the key on a microSD,(sorry iPhone users)and does not let the user know the key. In times of peril you remove the mSD and toss it.
    Judge orders you to produce the key and you can't because you never knew it. Worst that could happen is you getting charged with tampering with evidence rather than being detained indefinitely.

    Anyone?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 18 May 2016 @ 12:35pm

      Re:

      What you really want is a public/private keypair, where the private key is stored on the mSD. The user still has the decryption code for that key, and the public key is available for encryption purposes (both on the device, and anyone else who wants to send information to the device). Pull the mSD, and information can still be sent/written to the device due to the public key, but no decrypted data can be read off of it, unless the private key has already been copied.

      This does, however, open another security hole in that anyone who gets their hands on the SD card has the private key and can duplicate it. So someone with physical access to your phone but no access code could quickly duplicate your key while you aren't looking. Do we just depend on the fact that it's password protected, so hard to crack even if someone grabs the encrypted private key? In which case, if someone gets their hands on the mSD card or a copy of its data, we're back where we've started, with the protection depending on a memorized passcode.

      link to this | view in chronology ]

    • icon
      nasch (profile), 18 May 2016 @ 3:16pm

      Re:

      That relies on having the opportunity to dispose of the card without the police noticing, which is not guaranteed.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 May 2016 @ 8:17am

    Need to develop the next generation of felons, else

    there won't be anything for us LEO's to do.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 18 May 2016 @ 7:55pm

      Re: Need to develop the next generation of felons, else

      And the loudest law enforcement voices protesting tech companies and their "gates" are often those who care the least about protecting innocent people from criminals.
      If cops and prosecutors started caring about protecting people and preventing crime, they wouldn't have as many victims of crime. It gets hard to justify MRAPs and surveillance balloons (and Stingrays and grenade launchers and mentally augmented combat-ready battlegoats, ...) when the crime rate is low.

      Same general problem with cops not being able to get high-level drug distributors off the street: without their big-money purchases, the flow of cars leaving town filled with bales of forfeiture-ripe cash would slow to a trickle. Without all the seized cash, what's the point of becoming a cop in the first place?

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 May 2016 @ 10:57am

    Matches

    Can you imagine if 50 years ago law enforcement voices were calling for matches to be banned because criminals were sometimes using them to set evidence afire and destroy it?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 May 2016 @ 1:13pm

    Surely thats a typo

    I think you misspelled her name, its gotta be DA Dumanus

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 May 2016 @ 4:50am

    Piss poor security from a government sponsored app. No surprise here. Also completely useless app.

    The only way to make sure your children stay arguably safe is through responsible parenting. Whether done in person or by proxy (hired tutor), education goes a long way towards preventing both "actually bad" and "socially bad" behavior.

    Stopping teenage boys from occasionally spanking the monkey (porn or no porn) is an absolutely futile endeavor.
    Try to focus on real damage areas like preventing teen pregnancies, sexual infections and predatory behavior.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.