FUD: Former FBI Guy Lies, Claiming New Mobile Encryption Would Have Resulted In Dead Kidnap Subject
from the uh,-no dept
Yesterday, we wrote about law enforcement freaking out over the announcements from both Apple and Google that they’d start encrypting phones by default, better protecting data on those phones from anyone who wants it — whether government/law enforcement or hackers. We noted, oddly, that former FBI guy Ronald Hosko had showed up in articles in both the Washington Post and the WSJ spewing a bunch of FUD about it. In the WSJ:
The level of privacy described by Apple and Google is “wonderful until it’s your kid who is kidnapped and being abused, and because of the technology, we can’t get to them,” said Ronald Hosko, who left the FBI earlier this year as the head of its criminal-investigations division. “Who’s going to get lost because of this, and we’re not going to crack the case?”
In the Washington Post:
Ronald T. Hosko, the former head of the FBI?s criminal investigative division, called the move by Apple ?problematic,? saying it will contribute to the steady decrease of law enforcement?s ability to collect key evidence ? to solve crimes and prevent them. The agency long has publicly worried about the ?going dark? problem, in which the rising use of encryption across a range of services has undermined government?s ability to conduct surveillance, even when it is legally authorized.
?Our ability to act on data that does exist .?.?. is critical to our success,? Hosko said. He suggested that it would take a major event, such as a terrorist attack, to cause the pendulum to swing back toward giving authorities access to a broad range of digital information.
This is just blatant fear mongering, and not even close to realistic. But the Washington Post doubled down and let Hosko write an entire (and entirely bogus) story about how he helped save a kidnapped man from murder earlier this year and “with Apple’s and Google’s new encryption rules, he would have died.” He accurately writes about a kidnapping in North Carolina, and how law enforcement tracked down the perpetrators, including by requesting and getting “the legal authority to intercept phone calls and text messages.” Of course, here’s the thing: nothing in this new encryption changes that. Transmitted content is unrelated to the encryption of stored content on the phones. It’s the stored content that is being encrypted. It’s kind of scary that a supposed “expert” like Hosko doesn’t seem to comprehend the difference.
Either way, he insists that the encryption would have prevented this (it wouldn’t). His story originally said:
Last week, Apple and Android announced that their new operating systems will be encrypted by default. That means the companies won?t be able to unlock phones and iPads to reveal the photos, e-mails and recordings stored within.
It also means law enforcement officials won?t be able to look at the range of data stored on the device, even with a court-approved warrant. Had this technology been used by the conspirators in our case, our victim would be dead. The perpetrators would likely be freely plotting their next revenge attack.
After some people pointed out how very, very, very wrong this is, Hosko or the Washington Post “updated” the story, but still makes the same basic claims:
Last week, Apple and Google announced that their new operating systems will be encrypted by default. Encrypting a phone doesn?t make it any harder to tap, or ?lawfully intercept? calls. But it does limit law enforcement?s access to a data, contacts, photos and email stored on the phone itself.
Had this technology been in place, we wouldn?t have been able to quickly identify which phone lines to tap. That delay would have cost us our victim his life.The perpetrators would likely be freely plotting their next revenge attack.
Except, even the update is not true. As the AP’s Ted Birdis notes, the affidavit in the case shows that the FBI used phone toll records and wiretaps to figure out the case, and didn’t get access to any phones “until after [the] victim [was] safe.”
In other words, Hosko’s story is pure FUD. The new moves by these companies would not have meant the guy died. It wouldn’t have impacted the story at all.
Meanwhile, as a massive post by Julian Sanchez notes, phone encryption products have been on the market for a while and if it was such a big problem we’d already know about it, but so far it’s been pretty limited. In the entire US in 2013, there were nine cases where police claimed that encryption stymied their investigations. Furthermore, in the vast majority of cases where they came up against encryption, they were still able to crack it. So… the impact here is minimal.
But that apparently won’t stop lies from the likes of Ronald Hosko.
Update: And… it appears that the Washington Post edited the story again to now make it accurate, but which also disproves the entire point of the story. Now the basic story is “we saved this guy… and mobile encryption would have done nothing to stop it, but it’s a bad bad thing anyway.” If Hosko couldn’t get the very basics right, how could he be considered a credible person discussing this issue?
Filed Under: encryption, fbi, fud, kidnapping, mobile encryption, ronald hosko
Companies: apple, google
Comments on “FUD: Former FBI Guy Lies, Claiming New Mobile Encryption Would Have Resulted In Dead Kidnap Subject”
Fact is, if criminals want they can and will use encryption to make even the calls encrypted (which, surprise surprise, doesn’t happen at all because people are generally dumb). But then even if they do encryption has ton of legal, good uses and I’m not even talking about online banking yet. The thing is, instead of demonizing technology (and telling society upfront they are too incompetent to overcome the limitations imposed) they should be working on perfecting their investigative techniques and efforts. Even the most security-aware person will eventually leave some breadcrumbs behind (see silk road guy).
Re: Re:
There’s everything wrong with this country in a nutshell. Elected officials and government employees should be working, but they aren’t. All the electorate does is react to events with meaningless grandstanding and pathetic attempts at useless, over-broad laws. All the intelligence agencies do is publicly complain that their jobs aren’t easy enough, and then pull stupid stunts like breaking into router shipments to install malware, then expect lawmakers to bail them out by making their actions retroactively legal. All the police agencies do is try to minimize their risk while maximizing their profits, both at the expense of the citizens. (And not just tax cost; cost of lives, as seen in Ferguson.)
Nobody does the work they’re actually supposed to be doing.
…they do realize I can encrypt my phone anyway? Apple and Google are just trying to stop cops from crapping all over your civil liberties. It seems to me as though they are trying to scare people so they will turn off encryption (saying it’s on by default suggests it can be turned off) so they open themselves up to searches,warranted or not.
Re: Re:
Sounds more to me like they’re trying to make it so that having an encrypted phone in and of itself counts as “probable cause” or something like that.
Re: Re:
They realize that if you’re John Q. Criminal, you’re almost certainly too dumb to encrypt your shit. There are outliers, but in general, criminals are fucking retarded.
Is he kidding?
“Our ability to act on data that does exist . . . is critical to our success,” Hosko said. He suggested that it would take a major event, such as a terrorist attack, to cause the pendulum to swing back toward giving authorities access to a broad range of digital information.
The pendulum to swing back? WTF? Really? These guys are out of control. The “pendulum” is so far off right now if it tips any more toward them… we can hardly call it the pendulum effect anymore. It’s meaningless. It almost as if he is wanting/wishing for another attack. Then he’d show us.
Re: Is he kidding?
How soon until they allow another terrorist attack to happen on American soil in order to get what they want? Like they did with 9/11…
He does have a point
If Hosko had encrypted his op-ed how else would he have been able to spread FUD?
Re: He does have a point
By scattering his shit on the wind?
Re: He does have a point
He can still open his mouth.
But isn’t pushing the FUD button the standard way of getting people to submit? Maybe we should all just be thankful that he didn’t resort to going nuclear (at least not yet) with a Doomsday Argument.
Headline misleading
I think the headline probably was meant to say “Dead Kidnapping Subject” rather than “Dead Kidnapping Suspect.”
I don’t know if the latter would necessarily be a bad result.
Had this technology been in place, we wouldn’t have been able to quickly identify which phone lines to tap.
So had the phone’s data been encrypted, you would not have been able to illegally access all of the information before you secured a warrant to tap the phone lines?
Because, you know, you need to know which phone you are tapping to get the warrant you asshat.
It's like seatbelts
Assume it was true, and it still doesn’t matter. It’s like people that don’t wear seatbelts because their great-aunt got killed in crash because of the seatbelt itself. It happens, but edge cases shouldn’t affect your actions.
Even if this story was true, the greater good from encryption far outweighs one bad situation.
Re: It's like seatbelts
I was thinking along the same lines in regards to our liberties. How many lives did it take just to gain them? How many more have willingly died to protect them? How many more would have to be sacrificed just to get them back if we allowed them to be taken away by idiots like Ronald T. Hosko and his ilk? Better to see one more person sacrificed on the altar of freedom and liberty than stand idly by as it is chipped away even more, something which affects everyone. My grandparents, like so may others, served in WWII and were willing to lay down their lives for the cause. Should no less be expected of anyone else, myself included?
Well If Law Enforcement and the Feds hadn’t abused their power this probably wouldn’t be an issue.
Re: Re:
My thoughts exactly. This is a reaction to their abuse of the law. (I was being nice, flagrant disregard actually came to mind.)
Hosko's just a shill
and a liar. That’s all. He’s an ignorant little man who’s being paid to push the agenda of his masters, and like the obedient toady that he is, he’s doing his best to push The Big Lie.
If Hosko couldn’t get the very basics right, how could he be considered a credible person discussing this issue?
M.O. for the govt.
I wonder if they have ever done a benefits/risk assessment?
People like Hosko probably have no clue what full disk encryption is or even how to use it, considering he doesn’t even understand CALEA laws. Really depending on how Apple/Google implement this feature will determine it’s worth. For example, Apple devices that have File Vault 2 can place the key in Apple’s hands which then could be subpoenaed and thus no change for law enforcement, yet this is the end of the world. For anyone with an ounce of intelligence, this is still just a wait and see on really how secure this will be.
Re: I wonder if they have ever done a benefits/risk assessment?
which then could be subpoenaed
Ah, but you see, when you get used to just being able to hack into any device you feel like without once involving a real judge, ‘getting a warrant’ becomes a monumental task in comparison.
Police and government agencies are used to being able to ‘peek’ without having to go through the hassle of ‘bothering’ a judge(and deal with the annoyance of providing enough evidence for a warrant), and they know that a good chunk of their fishing expeditions wouldn’t pass muster in front of a judge, so of course they’re freaking out about the possibility of such activity requiring a warrant.
Also, how many people read it and moved on thinking that encryption of phones is bad, and have missed out on the updates? Or how many people after reading it still have that as the takeaway even though encryption of the device’s contents and phone tracking are mutually exclusive?
The problem as I see it.
This sure makes it sound like the times it’s legally authorized are the exception.
Even if it’s not the exception, anytime it’s not legally authorized it’s a crime.
We are simply getting a little more protection from criminals even when the criminals are working for the government.
NSA/FBI want only one type of breakable encryption
The whole point of the Apple announcement — in conjunction with Apple’s dead warrant canary — is an attempt to head off a multiplicity of *real* end2end encryption schemes in favor of a single Apple-approved encryption scheme that the NSA/FBI NSL can control & crack.
This NSA push for a single *beakable* encryption scheme has been done before — e.g., “DES” — in order to avoid a nightmare of hundreds of different encryption apps — some of which might actually be strong enough to resist the NSA.
FUD
If only the dinasours had representation like this; they’d still be walking the streets.
Uncorrected Article still being published
The uncorrected article is being pushed in other places, and is still uncorrected at this news site:
http://www.northjersey.com/opinion/opinion-apple-android-privacy-moves-could-be-deadly-1.1094531
“It also means law enforcement officials won’t be able to look at the range of data stored on the device, even with a court-approved warrant. Had this technology been used by the conspirators in our case, our victim would be dead. The perpetrators would likely be freely plotting their next revenge attack.”
He Knows
“It’s kind of scary that a supposed “expert” like Hosko doesn’t seem to comprehend the difference.”
I think he probably knows the difference quite well. But as a law enforcement officer he just got used to lying and always getting away with it.
Very few people read corrections.
I’d say this disinfo skirmish still accomplished its goal.
Lying is what the FBI does best.
Nothing new
There is nothing groundbreaking in Apple’s announcement.
We have had full disk encryption for years, and when properly implemented there is nothing law enforcement can do about it.
Proper implementation means that the software must take into account current Fifth Amendment law by permitting the owner of the computer to only divulge the partial truth.
Fifth Amendment law is very odd in that if the government can prove you know a truth, it can sometimes force you to divulge it, but if the government only knows a half truth or doesn’t know anything at all, you can plead the Fifth provided the whole truth is stored in your mind.
If Apple really was interested in protecting privacy, they should have implemented full end to end voice communication along with plausibly deniable full device encryption.
Full disk encryption is useless without the power to divulge two different passwords, one decrypting innocent pictures and another really private stuff.
Weird, when I heard Apple was going to encrypt their OS I just assumed it was to make jailbreaking harder and a criminal beach of the CFAA rather than a civil violation of the DMCA. Because the OS was encrypted they could argue that the users “exceeded authorized access” by breaking the encryption.
If they’re encrypting the data that’s much better; I just figured it would be the operating system. Heaven forbid users improve the product they bought…that would be stealing or something!
This just shows, they dont know or care what it is, they just want surveilance……….their ignorant to the world their creating…….their the very people their trying to create
Same lie as used to force tracking devices in cell phones.
Back before tracking devices were included in cell phones the feds needed an excuse to require them. The excuse was the little old lady that rolled her car. She called the emergency number but paramedics could not find her. That was the excuse the feds used to mandate that all cell phones must include a tracking device. The feds claimed the tracking device would be activated only after the user dialed 911. Typical fed fraud. Now tracking device cannot be shut off. On the other hand a little old lady was run off an elevated section of I-595 in Fort Lauderdale about five years after tracking devices were required. She could not reach 911 because her cellphone signal was blocked. The only reason she survived was that a road crew saw her wrecked car when they repaired the damage her accident caused.
Mike – You do realize, don’t you, that you’re making the exact same mistake that Hosko did of mixing up encryption of handsets and encryption of communications? Hosko’s column complains about Apple/Google’s new policies about encrypting the data stored on their handsets, and illustrates it with a horror story that involves interception of communications (wiretapping) sent through a wireless carrier. Hosko falsely suggests (and originally he outright claimed) that the policy about handset encryption will prevent police from doing legal interception, thus leading to FUD.
You, on the other hand, claim that Apple/Google’s handset encryption policies are no big deal for police – “In the entire US in 2013, there were nine cases where police claimed that encryption stymied their investigations.” – and you cite the same 2013 report from the US courts that Julian Sanchez cited. But that report (with the “9 cases” stat) was talking about wiretaps, not encrypted handsets. That’s a pretty important difference.
Look, I’m as appalled as you are about the sleight of hand in Hosko’s column. He’s either being intentionally dishonest, sloppy, or he doesn’t understand the technologies he’s writing about. But I know you understand the technologies, and I trust you’re not deliberately conflating those two things, either.
false sense of security anyone?
Just because that FBI guy complains does not mean they actually have a problem breaking the encryption.
The encryption on phones is on only when the phone is turned off as it is. while on a fast chase I don’t see the unsub stopping to turn off his phone while typing a complex pass code that he has if he cares about security.
It is more likely disinformation more targeted to give us false sense of security.
encryption has nothing to do with the metadata and the call recording or tapping.
Also you can use third party folder encryption to hide sensitive data on the phone.
Phone records and texts are stored by the carrier too.
Strange
This is a strange strange thinks…