MIT Tech Review Tries To Blame Apple Encryption For Wrongful Arrest
from the innocent-people-getting-locked-up-because-of-encryption,-etc. dept
Brian Bergstein should know better. As the executive editor of the MIT Technology Review with fifteen years of technology journalism under his belt, he really shouldn’t be asking “What if Apple is Wrong?” — at least not in the way he does.
Bergstein glosses over the security implications of requiring phone manufacturers to hold the decryption keys for devices and services and instead presents his argument as an appeal to emotion. Those on Apple’s side — including Apple CEO Tim Cook — are given only the briefest of nods before alarmists like Manhattan District Attorney Cy Vance are given the stage.
Bergstein does at least ask an interesting question: what if exonerating evidence is locked up in a phone? But his test case for “What if Apple is wrong?” doesn’t apply as well as he seems to hope it does.
Devon Godfrey was killed in his apartment in 2010 — and police arrested the wrong person. Somehow, Bergstein wants to blame the police screwing up on Apple. Investigators had only a week to pull evidence together to present to a grand jury. Some of that evidence happened to be located on a passcode-locked iPhone. But the evidence ultimately compiled and used has nearly nothing to do with that locked phone.
Cell phones had been found in Godfrey’s apartment, including an iPhone that was locked by its passcode. Arnold recalls doing what he always did in homicides back then: he obtained a search warrant for the phone and put a detective on a plane to Cupertino, California. The detective would wait in Apple’s headquarters and return with the data Arnold needed. Meanwhile, investigators looked more closely at the apartment building’s surveillance video, and Arnold examined records sent by Godfrey’s wireless carrier of when calls and texts were last made on the phones.
With this new evidence in hand, the case suddenly looked quite different. From the wireless carrier, Arnold saw that someone—presumably Godfrey—had sent a text from the iPhone at a certain time. But the recipient of that text had used a disposable “burner” phone not registered under a true name. So who was it? The iPhone itself had the crucial clue. Arnold could see that Godfrey referred to the person by a nickname. People who knew Godfrey helped police identify the man who went by that nickname. It was not the man who was originally arrested. It was Rafael Rosario—who also appeared in the apartment surveillance footage. Rosario confessed and later pleaded guilty.
A text message and a contact list, both of which are usually backed up to cloud storage, where they can be accessed without cracking the phone or breaking its encryption. As James Comey himself has pointed out while making an argument against Apple’s stance in several ongoing All Writs-involved cases, law enforcement can access iCloud contents without breaking phone encryption.
“Today, Apple encrypts the iCloud but decrypts it in response to court orders,” he said. “So are they materially insecure because of that?”
Comey later reiterated this point, saying, “I see Apple today encrypting the iCloud and decrypting it in response to court orders. Is there a hole in their code?”
The frequency of the backups will vary from person to person, but this still gives investigators access to plenty of information supposedly “stored” in an uncrackable phone.
From there, the argument against Apple only gets worse, as the arguments themselves are sourced from the sort of people who’d rather see insecure devices than face obstacles when prosecuting suspects. Cy Vance, of course, has argued for outright encryption bans.
Vance also loves a good appeal to emotion.
Vance makes no dramatic claims about “going dark,” preferring a measured, lawyerly form of argument. When I tell him that his statistics on inaccessible iPhones don’t yet impress many computer scientists, he makes a facial expression equivalent to a shrug. “Some people have made the determination that not being able to do the kinds of work we do is an acceptable collateral damage,” he says. “I’m not sure how the individual would respond if someone close to him or her were the victim of a crime and the case might depend on the ability to access a phone. Easy to say, unless it’s you. We deal with a lot of victims. We talk to the people it’s actually happened to.”
The assumption is that everyone loves locking cops out of phones until they’re a crime victim. But this assertion is just as false as Comey’s exaggerated laments about “going dark.” But even in the most famous case involving a locked iPhone — one that involved an apparent act of terrorism manifesting itself as a mass shooting — the relatives of victims were far from unanimous in their support of the FBI’s efforts. Two people who lost close relations in the shooting — including a mother who lost her son — spoke out against the FBI’s efforts to undermine cell phone security.
Her son was killed in the San Bernardino, Calif., massacre — but Carole Adams agrees with Apple that personal privacy trumps the feds’ demands for new software to break into iPhones, including the phone of her son’s killer.
The mom of Robert Adams — a 40-year-old environmental health specialist who was shot dead by Syed Rizwan Farook and his wife — told The Post on Thursday that the constitutional right to privacy “is what makes America great to begin with.”
Then there’s the belief — offered by Vance, Comey and others — that law enforcement should have access to communications simply because they have a warrant. But what isn’t acknowledged is that this is unprecedented access. Texting/messaging has largely replaced telephone calls and face-to-face conversations.
Prior to the advent of texting, these conversations could not have been recorded without a wiretap warrant, which is a last resort effort that has to be carried out in real time. What law enforcement has access to now — if not walled off by encryption — are hundreds or thousands of conversations it never would have had access to before, even with a search warrant, which does not cover the interception of communications. And it’s a technique that would be almost completely useless to investigators after a criminal act like a murder has been committed. The fact that a murder victim had a phone in the house would have prompted detectives to look at call records — something they can still do without breaking a phone’s encryption. What was said during those phone calls would still remain a mystery, warrant or no. So, law enforcement isn’t as far behind technology as it likes to pretend it is.
Bergstein, along with Lawfare’s Susan Hennessey (who Bergstein quotes), both claim a corporation can’t possibly decide what’s best for Americans.
So is Apple ultimately fighting to uphold personal privacy and civil liberties? Or is it fighting for the right to sell any kind of phone it thinks its customers want while other people deal with the negative consequences? If it’s the latter, that’s understandable; like any public company, Apple is obligated to maximize its value to its shareholders. But society is not necessarily best served by letting Apple make whatever phones are optimal for its chosen business strategy, which is to create a shiny mobile vault that people will trust with every aspect of their lives.
But somehow they both feel it’s perfectly acceptable for another party with a vested interest in total access to make that same decision for Americans.