Manhattan DA Cy Vance Says The Only Solution To Device Encryption Is Federally-Mandated Backdoors

from the picking-up-the-torch-the-FBI-accidentally-dropped dept

Fri, Nov 9th 2018 10:46am — Tim Cushing

Because no one has passed legislation (federal or state) mandating encryption backdoors, Manhattan DA Cy Vance has to publish another anti-encryption report. An annual tradition dating back to 2014 -- the year Apple announced default encryption for devices -- the DA's "Smartphone Encryption and Public Safety" report [PDF] is full of the same old arguments about "lawful access" and evidence-free assertions about criminals winning the tech arms race. (h/t Riana Pfefferkorn)

You'd think there would be some scaling back on the alarmism, what with the FBI finally admitting its locked device count had been the victim of software-based hyperinflation. (Five months later, we're still waiting for the FBI to update its number of locked devices.) But there isn't. Vance still presents encryption as an insurmountable problem, using mainly Apple's multiple patches of security holes cops also found useful as the leading indicator.

The report is a little shorter this year but it does contain just enough stuff to be persuasive to those easily-persuaded by emotional appeals. Vance runs through a short list of awful crime solved by device access (child porn, assault) and another list of crimes unsolved (molestation, murder) designed to make people's hearts do all their thinking. While it's certainly true some horrible criminal acts will directly implicate device encryption, the fact of the matter is a majority of the locked phone-centric criminal acts are the type that won't make headlines or motivate lawmakers.

More than a third of these cases involve minor crimes like theft and check kiting. Another 20% is comprised of "sex crimes," which encompasses prostitution -- a crime where law enforcement sometimes chooses to believe the device itself is an "instrument of crime," never mind what other evidence might be hidden inside it.

So, more than half the crime involving locked phones isn't the sort of stuff that suggests encryption backdoors are the key to making New York City a safer place to reside. The stuff Vance throws in about unlocked devices producing exonerating evidence is a dodge. It's meant to show how granting law enforcement carte blanche access would be a net benefit for the public. But the examples given use stuff like cell site location info and social media app data -- things that could be obtained from third parties without having to go through the locked phone.

Then there's the other part of this argument Vance leaves completely undiscussed: if someone's phone contains exonerating evidence, it's very likely they'll provide officers with this evidence voluntarily, either by unlocking the device or handing over the relevant info/files. Using the very small percentage of cases where exonerating evidence may be recovered from locked phones as an argument for mandated backdoors is incredibly disingenuous.

And that's all this "report" is: a petition for federally-legislated encryption backdoors.

III. Federal Legislation Remains the Only Answer

[...]

For the reasons advanced in each of our prior Reports, national legislation of the sort we have proposed remains the most rational and least intrusive means to require device manufacturers to comply with lawful court orders in serious criminal cases upon a finding of probable cause.

"Most rational and least intrusive." I guess creating new security holes in millions of personal devices isn't "intrusive." And if this wasn't enough of a laugher, Vance ends his report with this sentence:

[O]ur Office stands willing to assist Congress and all relevant stakeholders in the effort to find a more rational balance among the interests of device makers, consumers and law enforcement in the regulation of smartphone encryption.

When your conclusion is that the only solution is federally-mandated encryption backdoors, you cannot honestly assert you're seeking to "balance" the interests of everyone involved. The only interest served by mandated backdoors is law enforcement's. Portraying device encryption as a threat to public safety is intellectually dishonest. Vance's own numbers undercut his threat level claims and his repeated failure to even generate serious discussion among federal legislators shows it's probably time for the Manhattan DA to retire his annual alarmism.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: backdoors, cy vance, encryption, going dark, law enforcement, moral panic, privacy, security

22 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 9 Nov 2018 @ 10:55am

What is his stance on the public's rights to monitor the state, instant response to FOI requests, or stalling as much a possible.

I ask, because formally the public have the right to monitor the government, but the government does not have the right to monitor the public. Meanwhile government are reversing this relationship, which is the basis of democracy.
[ link to this | view in thread ]
Anonymous Coward, 9 Nov 2018 @ 10:56am

Apple and Google need to open up API access for 3rd party apps to perform the encryption/decryption function using independently sourced certs. The gov't can't mandate backdoors in foreign-supplied or locally generated certs.
[ link to this | view in thread ]
Rick Shaw, 9 Nov 2018 @ 11:07am

I think it is a great idea
I think we should have mandated backdoors. With this we can read everything that Vance writes. Of course when he realizes that he will write an exemption for himself because why should he have to follow the rules.

I would say someone should explain the math to Vance on why this is dumb but I doubt he would understand it.
[ link to this | view in thread ]
Annonymouse, 9 Nov 2018 @ 11:08am

He wants a single key backdoor to everyone's lives.
So someone please oblidge him with a single key backdoor to his life.
He has nothing to hide so there should be no protest right.
[ link to this | view in thread ]
Anonymous Coward, 9 Nov 2018 @ 11:08am

Re:
However, encryption via a central control is potentially liable to man in the middle attack. This can be mitigated by by signing the messages, assuming you and the others end have managed to obtain each others public keys. Doing that requires that keys are exchanged and/or verified over a different communication channel to that used to exchange messages. If the key exchange and messages pass through common servers, you can be man in the middled.

As ever, convenience always introduces a weakness into a crypto system, by increasing the parties that need to be trusted.
[ link to this | view in thread ]
Anonymous Coward, 9 Nov 2018 @ 11:24am

Don't Worry Cy
Australia is working on it.
[ link to this | view in thread ]
BentFranklin (profile), 9 Nov 2018 @ 11:25am

"It was reported here last week that, in 2012, Vance ordered his prosecutors to drop a promising criminal-fraud investigation against Ivanka Trump and Donald Trump, Jr., who were suspected of misleading potential buyers of condos in the Trump SoHo building; the order came after their father’s attorney, Marc Kasowitz, paid Vance a visit. Soon after Vance’s office dropped the investigation, Kasowitz donated and raised a combined total of more than fifty thousand dollars for Vance’s reëlection campaign."

https://www.newyorker.com/news/news-desk/why-didnt-manhattan-da-cyrus-vance-prosecute-the- trumps-or-harvey-weinstein
[ link to this | view in thread ]
Christenson, 9 Nov 2018 @ 11:39am

Backdoors: You first, Mr Vance
Dear Mr Vance:
Since criminality is running rampant in the NYC government, we will believe in the need for a backdoor when you open yours first, along with every new york city cop, both on the beat and in the office.

If its good for the goose, the gander needs to show us first!
[ link to this | view in thread ]
Anonymous Coward, 9 Nov 2018 @ 12:00pm

Back doors are great if your target is unaware, unprepared or unable to enact counter measures. This group of people, typically, are those who are not a threat but will be the most affected by this draconian measure.

Meanwhile, back at the ranch, the nefarious bad guys are putting together a system to thwart said back door silliness. This is not difficult and their communications will continue unabated and un decrypted. This is a bad idea for many reasons but their main rational for it is bullshit.
[ link to this | view in thread ]
Anonymous Coward, 9 Nov 2018 @ 12:32pm

prostitution -- a crime where law enforcement sometimes chooses to believe the device itself is an "instrument of crime,"

Well, of course. There's an app for everything, so of course there's an app for using the phone to commit prostitution related crimes.
[ link to this | view in thread ]
That One Guy (profile), 9 Nov 2018 @ 12:48pm

'Let's sabotage security', anything BUT a 'rational balance'
[O]ur Office stands willing to assist Congress and all relevant stakeholders in the effort to find a more rational balance among the interests of device makers, consumers and law enforcement in the regulation of smartphone encryption.

He forgot a few words at the end there.

'... so long as that balance is entirely in our favor, as anything less is simply not acceptable.'

Device makers have a vested interest in having secure devices.

Consumers have a vested interest in having secure devices.

Fear-mongering by someone acting like an idiot aside, even the police have a vested interest in the public having secure devices, because I can all but guarantee you that it prevents vastly more crimes than it enables.

Funny how he claims that he wants to hold a conversation and weigh the interests of all relevant stakeholders, yet the only interests he's actually paying attention to are his.

With how much people do with their phones these days solid encryption could very easily be the difference between a stolen/lost phone meaning you're out a phone and need to buy another one, and having your bank, medical records, private conversations and so on in the hands of people who would love to have access to it.

The police have never had access to everything, and if the current ones can't do their jobs without employing measures which leave the public vastly more vulnerable then they're clearly too damn incompetent for the jobs and need to be replaced as soon as possible.
[ link to this | view in thread ]
Kitsune106, 9 Nov 2018 @ 2:45pm

Sooo
The cops are okay with all their gear having said backdoor too? For internal affairs. After all, it's not like bad actors will steal or crack it. Its only way to make sure everyone has it. And if it is to produce exonerating evidence, surely the police will be okay with having their cameras and locations broadcasts for the safety. Of course.
[ link to this | view in thread ]
Anonymous Coward, 9 Nov 2018 @ 3:03pm

Re: Backdoors: You first, Mr Vance
That right, put your data where your mouth is Vance old man.

Show everyone how you trust the backdoor security and put your full confidence behind it, embrace the backdoor in your department first!
[ link to this | view in thread ]
That One Guy (profile), 9 Nov 2018 @ 3:46pm

Re: Re: Backdoors: You first, Mr Vance
Confidence, bank account, personal email account, any phone and/or computer he has...

I might be willing to accept that he actually believes that crippling security will be a net gain for society should he put his own security and livelihood on the line first, say for a solid year at least. He wants to put everyone else at risk, great then he can lead by example or expose his hypocrisy.
[ link to this | view in thread ]
any moose cow word, 9 Nov 2018 @ 6:35pm

If backdooring encryption is such a grand idea, I'm sure he's cool with his bank accounts getting backdoored? Unfortunately, he won't be the only one.
[ link to this | view in thread ]
Anonymous Coward, 10 Nov 2018 @ 6:47am

It's funny how some people think they can fix the world's problems by simply enacting legislation, elbow grease not included.
[ link to this | view in thread ]
Anonymous Coward, 11 Nov 2018 @ 6:08am

Scaling Alarmism
"You'd think there would be some scaling back on the alarmism..."

No; no, I wouldn't. Have you seen the examples set by our Federal Executive and Legislative Branches...oh, and newest additions to the Supremes? Howzabout the corresponding state and local authorities? I expect further upscaling.
[ link to this | view in thread ]
Bergman (profile), 11 Nov 2018 @ 11:17am

The true nature of legislating against reality
Problem: Tide keeps rolling in.
Solution: Have the King wade out and order it to stop.
Result: Tide keeps rolling in, but now the water is a traitor.

Mandating back doors by law won't stop people from encrypting things without those back doors if they want real security (and I bet there will be a nice fat exemption for government secrets in any such law), and it won't protect the security of people who comply with the law -- and I bet anyone trying to sue the government as a party to any resulting security breaches won't get anywhere due to sovereign immunity.

Why an employee of the people who merely represents them rather than owning them (as a noble or king does) has sovereignty against their complaints of malfeasance has always eluded me.
[ link to this | view in thread ]
Anonymous Coward, 11 Nov 2018 @ 7:45pm

Re: Scaling Alarmism
The only thing that gets them to scale back alarmism is consequences. They'll keep on sounding the alarm until they get proverbially punched in the face and told to shut the fuck up.
[ link to this | view in thread ]
Some Idiot, 12 Nov 2018 @ 10:00am

Re: The true nature of legislating against reality
“Tide goes in, tide goes out. Never a miscommunication. You can’t explain that. You can’t explain why the tide goes in.”
[ link to this | view in thread ]
Anonymous Coward, 13 Nov 2018 @ 8:22am

Re:
It could come down to this at some point. There's open source software that can be used with Android that the U.S. Government has zero control over.
[ link to this | view in thread ]
Phil, 21 Nov 2018 @ 3:10pm

Re: Don't Worry Cy
australia is not working on it. Politicians have proposed legislation but there has been nothing produced by industry. It's legislation which does not have the tools and probably will never have the tools.
[ link to this | view in thread ]