District Attorney Arguing Against Encryption Handed Out Insecure Keylogging 'Monitoring' Software To Parents
from the let-them-eat-post-breach-free-credit-monitoring dept
Beyond James Comey, there are still a few law enforcement officials beating the anti-encryption drum. Manhattan DA Cyrus Vance is one of those. He’s been joined in this fight by some like-minded district attorneys from the other coast, seeing as New York and California both have anti-encryption bills currently working their way through local legislatures. Vance, along with Los Angeles County DA Jackie Lacey and San Diego County DA Bonnie Dumanis, penned an op-ed against encryption for the LA Times. In it, they argue that tech companies have set them up as “gatekeepers” of communications and data, which they believe law enforcement should always have access to, no matter what.
DA Dumanis goes even further in a press release issued by her office. Tech companies aren’t just gatekeepers standing between law enforcement and data. They’re “gatekeepers of justice,” apparently standing between victims of crime and punishment of wrongdoers.
The EFF’s Dave Maass has fired back, via a post of the Voice of San Diego, pointing out that Dumanis especially shouldn’t be inserting herself into the encryption debate — not with her general disdain for the security of her constituents.
It opens with this:
The last person San Diego should trust with their computers and smartphones is District Attorney Bonnie Dumanis.
And goes on to clearly articulate why Dumanis has no business attempting to legislate computer security. Dumanis spent public money acquiring and pushing a horrendously insecure piece of “parental monitoring” software.
In 2012, Dumanis spent $25,000 in public money on 5,000 copies of a piece of “parental monitoring” software called ComputerCop. This CD-ROM, which was distributed to families throughout the county for free, included a video from Dumanis promoting the program as the “first step” in protecting your children online.
This first step, however, involved parents installing keylogger software on their home computers. This type of technology is a favorite tool of malicious hackers, since it captures everything a user types, including personal information such as passwords and credit card numbers. Not only did ComputerCop store keylogs in an unencrypted file on the person’s computer, but it also transmitted some of that information over unsecured connections to a mysterious third-party server.
Two years later, Dumanis finally pulled the plug on the publicly-funded program, admitting the monitoring software was faulty and telling parents to disable the insecure keylogging function. Dumanis was hardly the only DA to recommend this terrible software, but she’s one of the few who’s stuck her head above the encryption parapet to offer her support of the Feinstein-Burr anti-encryption bill.
But that’s not all. Dumanis and her office won’t even secure their own website.
The district attorney’s website fails to use HTTPS, the protocol that has become the industry standard for secure browsing online. This means that residents, including crime victims, whistleblowers and witnesses, cannot visit her site with confidence that their browsing won’t be intercepted or manipulated by third parties.
Dumanis — like Vance, Comey, and others — would rather sacrifice the safety of the public for a few more criminal prosecutions. The “greater good” apparently means nothing when a very small percentage of cases might involve encrypted communications or devices.
Law enforcement has never had more access to communications and data that it does now. In the past, files were burned, papers were shredded, people passed notes and spoke in person — all of which rendered these inaccessible to law enforcement. Now that these files and communications are conveniently stored en masse on cellphones and personal computers does not mean the government is somehow entitled to 100% access. A warrant that runs into encryption is a small price to pay for the security of millions of cellphone users. Despite maintaining the narrative that criminals are moving toward encrypted platforms, law enforcement reps and officials have yet to deliver any evidence that this is so widespread that backdooring or banning encryption is the only option. And the loudest law enforcement voices protesting tech companies and their “gates” are often those who care the least about protecting innocent people from criminals.
[Dave Maass pointed out on Twitter that Suffolk County (MA) District Attorney Dan Conley — who spent a lot of time displaying his ignorance during the Congressional hearing about device encryption — has also stumped for the insecure monitoring software.]