Remember When The FBI & NYPD Told People To Upgrade Their iPhones To Enable Stronger Security?

from the because-it-helps-stop-crime dept

Look, let’s face facts here. For all the talk coming from the law enforcement community that they need backdoors into encryption to stop crime, they absolutely know that the reverse is true: strong encryption prevents crime. Lots of it. Strong encryption on phones makes stealing those phones a lot less worthwhile, because all the information on them is locked up. As we noted back in 2014, the FBI had a webpage advocating for mobile encryption to protect your phone’s data:

Of course, after that started to look inconvenient for the FBI, they quietly removed that page. I have a FOIA request in asking why, but the FBI has told me I shouldn’t expect an answer for another year or two.

But it’s not just the FBI. Trevor Timm alerts us to the amazing fact that just a couple of years ago, the New York City Police Department (NYPD) was literally roaming the streets, giving people fliers telling them to upgrade their iPhones to enable greater security features to protect against crime. Michael Hoffman tweeted a picture of the flier he received:

If you can’t read the flier, it says:

PUBLIC AWARENESS NOTICE
ATTENTION APPLE USERS!!!!
As of Wednesday, September 18, 2013 the new iOS7 software update available for your Apple product brings added security to your devices.

By downloading the new operating system, should your device be lost or stolen it cannot be reprogrammed without an Apple ID and Password.

The download is FREE from Apple.

In other words, law enforcement in NYC absolutely knows that stronger security on phones prevents crime. And yet, Manhattan District Attorney Cyrus Vance is running around pretending that these phones have created a crime wave in NY?

And, it appears that the data absolutely supports what the FBI and the NYPD apparently used to know, but are now pretending to forget. An article last summer by Kevin Bankston, laid out the details, noting that phone theft is a massive epidemic, with criminals swiping millions of phones — and many of them then seeking to get access to the data on those phones. While the introduction of remote kill switches has helped reduce some of that, encryption is a much better solution.

So what happened? Did the FBI and NYPD really “forget” everything they knew two and a half years ago about encryption and how it stops crime?

Filed Under: , , , , ,
Companies: apple

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Remember When The FBI & NYPD Told People To Upgrade Their iPhones To Enable Stronger Security?”

Subscribe: RSS Leave a comment
44 Comments
That One Guy (profile) says:

Isn't it obvious?

The computer that had all their pro-encryption talking points was encrypted, the only person who had the password quit or was fired, and they could no longer access anything on it as a result.

Encryption: It not only protects criminals, but it also keeps government and police agencies from remembering just why it’s so important.

Whatever (profile) says:

“In other words, law enforcement in NYC absolutely knows that stronger security on phones prevents crime. And yet, Manhattan District Attorney Cyrus Vance is running around pretending that these phones have created a crime wave in NY? “

I know it may hurt your one track mind, but have you considered that it discourages one type of crime but may encourage another? Crime isn’t a one size fits all thing.

Try invoking David Bowie instead!

That One Guy (profile) says:

Re: Re:

Absolutely right, it’s obvious that the NYPD are only in favor of ‘good guys only’ encryption, that being encryption that is installed on a device when a ‘good person’ uses it, and are totally opposed to ‘bad guys allowed’ encryption, that being encryption that is installed or switched to the second a ‘bad person’ so much as touches a device.

Given the existence of the two distinct forms of encryption, it’s perfectly logical for them to be pushing encryption one year by claiming that it prevents crime, while not two years later whining about how encryption makes their jobs harder/impossible with nary a peep about how much crime it prevents.

Whatever (profile) says:

Re: Re: Re:

“Absolutely right, it’s obvious that the NYPD are only in favor of ‘good guys only’ encryption, that being encryption that is installed on a device when a ‘good person’ uses it, and are totally opposed to ‘bad guys allowed’ encryption, that being encryption that is installed or switched to the second a ‘bad person’ so much as touches a device”

It’s not the point, is it?

The point is that of protecting your personal data. Basically, if someone steals your phone, they get nothing. It stops that secondary effect of crime from harming you more than just getting your phone stolen. The police are certainly right to encourage you to use it.

That does not preclude or stop the legitimate needs to investigate a multiple murder to it’s logical conclusion and to gain access where possible to every piece of data they can.

“while not two years later whining about how encryption makes their jobs harder/impossible with nary a peep about how much crime it prevents.”

Again, crime is not a monolithic thing. There is not “crime” as a generic one size fits all thing. A may cause B, but it can also independently cause C as well – or may impact and diminish D. It’s not a simple one thing “more crime, less crime”. That’s just a simplistic attempt to “add to the narrative” of police being confused or inconsistent.

Anonymous Coward says:

Re: Re: Re: Re:

That does not preclude or stop the legitimate needs to investigate a multiple murder to it’s logical conclusion and to gain access where possible to every piece of data they can.

Sure. However, until the answer becomes “they can’t get this data”, then there are holes in the “they get nothing” feature. Right now, that hole is Apple. If Apple is smart, in iOS 10 or 11, that hole will be removed, and we’re back to “they can’t get this data”.

Or, as security researcher Matt Blaze tweeted: “I’m less concerned w/ whether Apple should be compelled to comply with this order than with ensuring future products can be more secure.”

Anonymous Coward says:

Re: Re: Re: Re:

Until modern portable computing device became almost universal, police managed to solve crime without having much in the way of recorded communication to go on. What they had to do was talk to people, but that required that they were friendly towards the people that they policed, rather than the modern treat every-body as the enemy.

Gwiz (profile) says:

Re: Re: Re: Re:

That does not preclude or stop the legitimate needs to investigate a multiple murder to it’s logical conclusion and to gain access where possible to every piece of data they can.

While this may be true, it’s not a crime, in and of itself, to protect your own personal privacy, even if it makes law enforcement’s job harder.

If your goal is to make law enforcement’s job easier, then why aren’t you advocating abolishing the US Constitution? That would make the their job a whole lot easier, wouldn’t it?

Whatever (profile) says:

Re: Re: Re:2 Re:

“If your goal is to make law enforcement’s job easier”

I don’t have a goal, and I think trying to figure that at every turn there has to be a bigger goal is perhaps misleading. This is a particular case where law enforcement can gain access without Apple having to create a backdoor, they just have to remove a couple of covers off the door lock so they can try.

If there is a possibility of access by reasonable means (and brute force is reasonable, no different from using a battering ram to knock down a door) then the police should have that choice available to them.

Where Apple objects is that this sort of change exposes the weakness of their pincode approach to encryption. When you stop and realize that all of the security chip one way code hidden access means nothing if the user’s password to access the files is too short. Apple doesn’t want the code getting into the wild, at least not until they come up with a IOS patch that forces consumers to use longer passwords for encryption.

When Apple fixes the problem, the discussion will be moot. For now, Apple doth protest too much, mostly because they don’t want anyone to notice the egg on their faces.

Anonymous Coward says:

Re: Re: Re:3 Re:

“When Apple fixes the problem, the discussion will be moot. For now, Apple doth protest too much, mostly because they don’t want anyone to notice the egg on their faces.”

Apple would still need to create the problem first before they would be able to fix it.

Currently this is not a possibility as the firmware does not allow it and the firmware has to be signed with their cryptographic keys to be able to work. So in other words their security is strong and only apple have the remote possibility to be able to make a firmware that might make it easier to break.

Ninja (profile) says:

Re: Re: Re:3 Re:

It doesn’t matter how you try to frame, it is a backdoor. “You see, it’s not a door but we are leaving this ‘backcrack’ in the wall so anybody can easily break it and go inside.” Call whatever you will, it is a backdoor.

And the request is not reasonable. A whole freaking lot of people think it’s not reasonable. And nobody is mentioning how costly and complex the task would be. One TD reader described in details how forensic works and how it could be screwed up anywhere during the process.

Where Apple objects is that this sort of change exposes the weakness of their pincode approach to encryption.

Nobody said pin codes are the pinnacle of good security. It would expose a company that’s willing to screw their customers without fight AND that doesn’t provide good security as advertised. This would be catastrophic to the company considering how competitive is the smartphone market. And I’m amused by the way you talk as if the Government is always the good guys. This, if done, will have severe consequences all over the world. But entitled f* like you don’t care.

When Apple fixes the problem, the discussion will be moot.

If what the FBI asks can be done it will still be used and a whole lot of people will be put at risk along with a company with a broken trust. But I do agree and I hope Apple makes it impossible to crack in any conceivable way. Maybe then law enforcement will actually do their jobs.

That One Guy (profile) says:

Re: Re: Re: Re:

That does not preclude or stop the legitimate needs to investigate a multiple murder to it’s logical conclusion and to gain access where possible to every piece of data they can.

The encryption that protects your personal data from criminals is the very same encryption that makes it more difficult, if not flat out impossible for police to gather evidence from an encrypted device. If a company can bypass it thanks to shoddy security or as far too many have demanded a ‘golden key’ then that same vulnerability makes it easier for criminals to break in.

Encryption is one of the very few things that is black or white, secure or not secure. If police and/or government agencies are pushing for better encryption on one hand because it prevents crimes, they do not get to turn around and say that encryption needs to be weakened when it makes their jobs harder, especially given doing so might allow them to solve some cases, but it absolutely would lead to more crimes in general involving devices that aren’t as secure as they could have been.

Whatever (profile) says:

Re: Re: Re:2 Re:

“Encryption is one of the very few things that is black or white, secure or not secure.”

Not really true. You can have very secure encryption which is ruined by having user friendly short pincodes to open the files. Apple’s encryption is in theory very strong, in practice perhaps less so.

Remember: no matter what, encryption by it’s nature needs decryption to have value. That means there is always a key, and it’s strictly how good that key is that makes all the difference. Good encryption with a weak key isn’t any better than a big steel door with a 99 cent padlock on it.

Ninja (profile) says:

Re: Re: Re:3 Re:

Not really true. You can have very secure encryption which is ruined by having user friendly short pincodes to open the files.

This is not an issue with encryption. And pin codes can be fairly secure if you take steps to prevent brute force attacks like introducing a hardware enforced delay for instance.

Remember: no matter what, encryption by it’s nature needs decryption to have value. That means there is always a key, and it’s strictly how good that key is that makes all the difference. Good encryption with a weak key isn’t any better than a big steel door with a 99 cent padlock on it.

Again, not a problem of weak encryption. Using good keys only helps if, say, FBI goons can go through the rest of the security measures (such as the delay previously mentioned). He is right, either an encryption system is secure or it is not. How you employ that system (ie: using pin codes or long phrases) is not an issue with the system itself.

nasch (profile) says:

Re: Re: Re:4 Re:

He is right, either an encryption system is secure or it is not.

I disagree, security is a matter of degrees. If you want to use a black and white definition, then a system is either totally unbreakable or it isn’t. And there aren’t any systems that are totally unbreakable*, so all systems are insecure. It’s much more useful (but harder) to discuss how secure a system is, and what its weaknesses are, because they all have weaknesses.

* OTP encryption is unbreakable, but a communication system using it can be generally be compromised in other ways

Gwiz (profile) says:

Re: Re:

I know it may hurt your one track mind, but have you considered that it discourages one type of crime but may encourage another? Crime isn’t a one size fits all thing.

Ok, I get that it discourages phone theft, but what crime is being encouraged here? The “crime” of protecting your own personal privacy? The “crime” of being able to have private conversations with other people? The “crime” of not wanting to be geo-tracked wherever you go? What “crimes” are you talking about?

Ninja (profile) says:

Re: Re:

So? In person conversations also create bonds that discourage crime and strengthen the community. But it also allow criminals to fly under the radar because such conversations aren’t trackable. Shall we ban all in person conversations?

Even if you consider it the benefits far outweigh the problems. There are two phones that Farook destroyed. The data on them is inaccessible. But it may not really be a problem since part of the data can be obtained via carriers, victims phones etc. There are more paths than the absurd they are asking.

Dismembered3po (profile) says:

So...I'm fairly certain

So, I’m thining that the iOS 7 update wasn’t being pushed because of encryption.

I believe that the feature being pushed here is that the phone can’t even be factory-reset and used by someone else. Prior to 7, if you stole an iPhone, you could just wipe it and use it as brand-new. In 7, the phone would not register to another user unless it was first released by the original user (by some mechanism – the IMEI or something was actually bound to the specific iTunes user account).

nasch (profile) says:

Re: Let's talk about the gas pump

Maybe the fbi finally got the volumes of lists of foreigners who have come to America and bought gas stations around the country from the oil companies who let these people come to America through a lottery system in which these foreigners applied and won.

The oil companies are in charge of immigration now?

nasch (profile) says:

Re: Re: Re: Let's talk about the gas pump

But, how do we know the oil companies AREN’T in charge of immigration, anyway?

Do you just choose to believe in everything until you see evidence it’s not true? How do we know the YMCA isn’t in charge of immigration? Or video game publishers? Or the car wash owners association of America?

Using what's left of my Brains says:

Re: Re: Re:2 Let's talk about the gas pump

It was a rhetorical I was answering when you asked about oil companies being in charge of immigration when I asserted that the oil companies agreed to let them come to America in the first place. It was semantically wrong of me to not clarify that the foreigners were only preselected before they came to America by the oil companies who also may have helped them get financing as well, perhaps as a helpful precondition of their visas. Stop busting my balls..

Using MY Brain says:

Re: Re: Re:5 Let's talk about the gas pump

There is growing dissadent sentiment from certain foreign governments that I won’t mention that have received less money from the US than they were before. I’m just supposing that if a large number of the owners of these gas stations were from some of those countries were so directed, what would stop them from going full on ape shit with America’s gasoloine and diesel supplies. Finally getting to the crux of the question.. It does put America in another vulnerable position or at least it seems conceiveable.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...