Manhattan DA Cy Vance Wraps Up 2016 With Another Call For Gov't-Mandated Encryption Backdoors
from the stay-the-course dept
Manhattan DA Cyrus Vance is still riding James Comey's anti-encryption coattails. Another year passes and Vance still comes to the same conclusions about phone encryption: it's bad for law enforcement and something (legislative) needs to be done to keep the criminal apocalypse at bay.
His opening remarks at a recent cybercrime symposium set the tone:
In my Office alone, 423 Apple iPhones and iPads lawfully seized since October 2014 remain inaccessible due to default device encryption. Approximately 10% of our warrant-proof devices pertain to homicide or attempted murder cases, and 9% to sex crimes. And while we’ve been locked out of approximately 34% of all Apple devices lawfully recovered since October 2014, that number jumped to approximately 42% of the devices recovered in the past three months.
With over 96% of all smartphones worldwide operated by Apple and Google, and with devices running older operating systems rapidly aging out, the trend is only poised to continue. In other words, the risks associated with warrant-proof encryption remain, and are growing.
This is all just Vance's pitch for the 2016 edition of his "Phone Encryption is Bad" report. It's available at the DA's website but you'll have to dig around for it. (Or simply download it using this link.) It's the same things Vance said last year, only with some added bold print surrounding his pitch for legislated backdoors. (All emphasis in the original.)
As illustrated by the San Bernardino domestic terrorist attack in December 2015, as well as by the ever-increasing number of smartphones lawfully seized by law enforcement that cannot be accessed by law enforcement or by Apple, the threat to public safety is increasing rapidly.
This isn't much of a pitch. The FBI fought a long battle seeking a favorable precedential ruling before turning the phone over to a foreign company. The FBI likely believed the phone was as useless as it ended up being (it was a work-issued phone -- hardly the sort of place someone stores incriminating communications), but it wanted something it could take to the next legal battle over encrypted data. The presumed increase to "public safety threats" is never more than a theory -- one that presumes every locked phone contains a wealth of usable evidence.
Vance's push for anti-encryption legislation continues, even as he notes there's very little in terms of precedent for what he's proposing.
Several foreign nations, often spurred by the fear of terrorism, have addressed the question of whether manufacturers and software providers can be compelled to extract data from smartphones that they manufacture or for which they provide software. These nations’ efforts in this endeavor have been halting.
The few legislative efforts he can name are all dead in the water, including a few state efforts that have seen little forward momentum. This leads Vance to the conclusion that the only way to fix this is to make it a federal effort, something that still seems to have little chance of success.
Federal legislation is required to address the problem of smartphones whose contents are impervious to search warrants. Two proposed bills, the Compliance with Court Orders Act, drafted by Senators Richard Burr and Dianne Feinstein, and a bill drafted by our Office, would adequately address the problem.
Elsewhere in the report, Vance details other law enforcement agencies' struggles with encrypted devices. Then he throws out this statement, which makes it clear those fighting device encryption are still unwilling to provide accurate numbers about how often locked phones thwart investigations.
These figures [number of locked devices] are almost certainly artificially low, because law enforcement agents who encounter a locked device in the field often do not have the time to make note of the device before moving on to the next investigative step.
You would think that law enforcement agencies -- those presumably interested in the possibility of legislated backdoors -- would be tracking each and every instance in which encryption is encountered. But Vance's speculation seems to indicate that other law enforcement agencies aren't nearly as troubled by encryption as he is... or that they're just generally kind of sloppy when handling potential evidence.
The entire report presents a world where ever-growing encrypted "darkness" is turning law enforcement agencies into useless extensions of the government. A world where even the best-funded agencies with the access to a variety of tech solutions can be beaten by a consumer communication product. It's not exactly apocalyptic, but it does present the situation as being wholly untenable without the federal government stepping in and kicking open a backdoor.
Vance -- like others who only see mandated backdoors/encryption bans as workable -- also claims tech and law enforcement should work together to create solutions -- a statement that really means tech companies should be more willing to compromise their principles for the greater good of the government.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoors, cy vance, encryption, going dark
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
So a smart criminal will get away with homicide, attempted murder, or sex crimes by NOT using smart phone at all? After all, the police can't figure out any crime unless the offender records it all on a electronic device, nope. =/
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Tough.
[ link to this | view in thread ]
[ link to this | view in thread ]
Vance: henceforth, everyone must shave his/her head
I think this paranoia explains why "Not Wittingly" Clapper is completely bald. But at least Clapper isn't a hypocrite.
If Vance is really serious, perhaps he should start by shaving his head?
https://en.wikipedia.org/wiki/Steganography
The first recorded uses of steganography can be traced back to 440 BC when Herodotus mentions two examples in his Histories. Histiaeus sent a message to his vassal, Aristagoras, by shaving the head of his most trusted servant, "marking" the message onto his scalp, then sending him on his way once his hair had regrown, with the instruction, “When thou art come to Miletus, bid Aristagoras shave thy head, and look thereon."
[ link to this | view in thread ]
Working Together
A phone is either secure, or it is not. If it is secure, then it is impervious to search warrants. Otherwise it is insecure. If the government can get into that phone, then so can others.
The euphemism of "work together with government" really means to do as I say.
How about if government would "work together" with reality?
[ link to this | view in thread ]
Re: Working Together
== "stronger together"
== "man-in-the-middle-diddle"
[ link to this | view in thread ]
Day Dream Believers
Manhattan DA Cyrus Vance is still riding James Comey's anti-encryption coattails.
If Vance/Comey want to live in a "glass house" where everyone under the sun can potentially exploit their most private thoughts or personal financial data they are free to begin doing so immediately.
But when these two tax feeding ignoramuses and their ilk use the bully-pulpit of their authority to espouse their anti-encryption fantasies while attempting to ram their vile agenda down the collective throats of John/Jane Q Public under the guise of being a law enforcement necessity they need to be shouted down at every opportunity with the absolute stone cold fact that using encryption is one of the key actions a person can take to protect their private data from being exploited.
[ link to this | view in thread ]
Close, but not close enough
As illustrated by the San Bernardino domestic terrorist attack in December 2015, as well as by the ever-increasing number of smartphones lawfully seized by law enforcement that cannot be accessed by law enforcement or by Apple, the threat to public safety is increasing rapidly.
The funny thing is the last line is right, the 'threat to public safety is increasing rapidly', what he gets completely and utterly wrong is the source of the threat.
Put bluntly, it's him. Him and those like him that are bound and determined to usher is a digital disaster by crippling the very same encryption that protects against criminals from having easy access to massive amounts of personal and valuable information located on phones and other systems.
Because he's too gorram lazy and/or so entitled that he believes that he's owed instant access to anything he wants he's willing to threaten public safety on a scale that makes a few 'unsolved due to encryption' crimes look like minuscule blips on the radar. He and his incredibly stupid crusade against encryption are a bigger threat to public safety than encryption could ever be, even if you take his claims of investigations blocked by encryption as totally true.
[ link to this | view in thread ]
Hahahahaha
[ link to this | view in thread ]
Open-source
[ link to this | view in thread ]
Worth Repeating
This level of surveillance has been tested before.
From The Risks:
We in the U.S. have just completed one of the largest case studies of what happens when every individual in an industry has all of its e-mail and financial records available to regulators. The Securities and Exchange Commission (SEC) already requires every person in the financial industry to make every e-mail, cellphone text and financial record available to the SEC in order to enforce insider trading and other financial rules.
The result: NADA! NOTHING! With thousands of bankers involved in fraud on the U.S. taxpayer running into the trillions of dollars, not one has been prosecuted; not one has gone to jail. If this level of surveillance of the financial community has produced zero convictions in the largest ripoff of tax dollars in history, there is no reason to expect that any increased level of surveillance of non-financial citizens will produce any better results.
[ link to this | view in thread ]
TEST RUN..
Lets open up all his computer devices to FULL net access..
Lets open all his wifi and BT to ANYONE that wants it..
NOW, the gov DOES have access to most corp info, and can DEMAND more..but there isnt a chance that they wont CHEAT.
[ link to this | view in thread ]
Utterly futile
Encrypt while in transit. Encrypt while at rest. Manage you own keys.
[ link to this | view in thread ]
Re:
We went through this whole battle 20 years ago and the whole Clipper Chip. What you end up with if you have a Backdoor is criminals getting in. If there's a Backdoor that the U.S. Governmetn can get into any iPhone, what country would allow the phones to be sold in their country where the U.S. Government can spy on their Citizen's? Maybe some places will say fine, we want the same access also. Imagine China now with backdoor access to American user phones now!!! That's a disaster waiting to happen.
So you have a Back door that now effects MILLIONS of people, because you can break into less then 500 iPhones. Oh My GOD!!!! It's the end of the world.
The simple fact is most Encryption is done Outside of of the U.S. and U.S. control. Anyone could just install 3rd party encryption software with no back doors and now the only people protected are the Criminals. These people really just don't seem to get it.
[ link to this | view in thread ]
Excellent
"And while we’ve been locked out of approximately 34% of all Apple devices lawfully recovered since October 2014, that number jumped to approximately 42% of the devices recovered in the past three months."
Excellent! This proves the security message is starting to sink through to the general non-technical populace.
[ link to this | view in thread ]
[ link to this | view in thread ]
Tiny difference
Bankers are 'big people', they've got money, connections, and would make for difficult targets.
The 'little people' on the other hand would be essentially a massive number of people wearing targets on their backs, just ripe for the prosecution in order for a DA to drum up some 'tough on crime' PR, or a cop to teach some uppity citizen what happens when they talk back to their betters, because the 'little people' don't have money, and don't have connections, making for trivially easy targets.
[ link to this | view in thread ]
Hackers it Seems Can Overcome All Security Holes
Furthermore, the contention is made that backdoor are necessary to get those evil criminals. Two quick points.
1. The backdoor proponents seem to ignore the obvious fact that there a perfectly legitimate uses for unbreakable encryption.
2. In the name of "security and fighting crime", the encryption proponents ignore civil rights on the pretext of making it "easier" for law enforcement to do its job. We should not give-up civil rights to make life easier for law enforcement.
[ link to this | view in thread ]