Hide Techdirt is off for the long weekend! We'll be back with our regular posts tomorrow.

Will Cy Vance's Anti-Encryption Pitch Change Now That The NYPD's Using iPhones?

from the or-will-encryption-only-be-an-option-for-the-protected-class? dept

For years, Manhattan DA Cy Vance has been warning us about the coming criminal apocalypse spurred on by cellphone encryption. “Evil geniuses” Apple introduced default encryption in a move likely meant to satiate lawmakers hollering about phone theft and do-nothing tech companies. In return, DA Cy Vance (and consecutive FBI directors) turned on Apple, calling device encryption a criminal’s best friend.

Vance still makes annual pitches for law enforcement-friendly encryption — something that means either backdoors or encryption so weak it can be cracked immediately. Both ideas would also be criminal-friendly, but Vance is fine with sacrificing personal security for law enforcement access. Frequently, these pitches are accompanied with piles of uncracked cellphones — a gesture meant to wow journalists but ultimately indicative of nothing more than how much the NYPD can store in its evidence room. (How many are linked to active investigations? How many investigations continued to convictions without cellphone evidence? Were contempt charges ever considered to motivate cellphone owners into unlocking phones? So many questions. Absolutely zero answers.)

Will Vance be changing his pitch in the near future? Will he want weakened encryption safeguarding the NYPD’s new tools? I guess we’ll wait and see. (h/t Robyn Greene)

Announced last year, the shift will see some 36,000 Nokia handsets replaced over the coming weeks. Initially purchased in 2014 as part of a $160 million program to modernize police operations, the Nokia phones running Windows Phone will be collected, wiped and sold back to the company.

The move to iPhone 7 comes at no cost to the NYPD, as the handsets are considered upgrades under the agency’s contract with AT&T.

NYPD’s rollout began last month when officers patrolling the Bronx and Staten Island swapped their obsolete Nokia smartphones for Apple devices. The department is handing out about 600 iPhones per day, according to NYPD Deputy Commissioner for Information and Technology Jessica Tisch.

Let’s get some crippled encryption for these guys. After all, their phones are manufactured by a company an FBI forensic detective called an “evil genius.” Let’s give malicious hackers an attack vector and street criminals more reasons to lift an iPhone off… well, anybody. By all means, let’s give Vance what he wants and see if he hears anything back from his buddies in blue.

This upgrade puts Vance in a lose-lose situation. If he stops calling for weakened encryption, he’s a hypocrite. If he keeps calling for it, he’s an asshole. But it should drive home an important point: encryption doesn’t just protect the bad guys. It protects the good guys as well.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Will Cy Vance's Anti-Encryption Pitch Change Now That The NYPD's Using iPhones?”

Subscribe: RSS Leave a comment
eaving (profile) says:

Of course

Of course they will still want it. They suffer under the delusion that it is possible to make a back door that only the ‘good guys’ can use. They will call for the back door, and given it the second it is used against them will cry foul at the tech companies and blame them for the insecurity. Never mind it is an insecurity they had inserted in the first place.

Daydream says:

I will pay $500,000 USD for a backdoor into the NYPD’s new phones, which lets me remotely activate their film camera functions (including audio) and stream any and all footage and sound to a remote database. $600,000 USD if it can access personal information and GPS information so I know who each officer is, what they’re doing and where they are.

(Disclaimer; this is not an actual tender. I don’t have $500,000 USD. This is mostly wishful thinking about what could be done with a backdoor into police phones.)

Bergman (profile) says:

Re: Re:

It would be just as easy to secure all jewelry stores, banks, liquor stores, pawn shops and any other kind of business against armed robbers, while still allowing police to carry weapons inside, as it would be to make ‘good guy only’ encryption back doors.

Forget nerd harder, perhaps we should be asking why Vance and others like him are so lazy, that they refuse to cop harder?

Thad (user link) says:

Re: Double Standards

Since when has law enforcement been held to the same standards as the general public?

Social standards and due process may not hold them to the same standards, but the laws of mathematics do.

I think the question could be rephrased as "Will Cy Vance figure out that there’s no such thing as encryption that only the Good Guys can break now that the NYPD’s using iPhones?"

I think the answer isn’t quite a flat-out "No"; it’s more like "Not unless they get their wish for weak encryption and NYPD iPhones start getting pwned en masse."

Bob H (profile) says:

This is a foolish rhetorical stance to take

Do you not think that they’re going to roll out an MDM solution across the department, which keeps enterprise keys for each phone that IT controls? They’ll then be able to tote it out and say “See, this is responsible encryption! If we can do it, everybody can do it!”

And you can bet that some cop who is having an affair in the department is going to tag his buddy in IT to track a phone and pull the photos, and it’s going to be a below-the fold scandal that will be brushed off as a “one-off” incident. That, I think, is where the reporting should be focused, not “Ha! Ha! There’s no way they’ll roll out backdoored encryption because it doesn’t exist!”

This article comes across as a one-sided, click-bait-ey muckrake. We know mandating breakable encryption is stupid, but setting up a paper-thin effigy and then rounding up the troops for a bonfire seems like a low bar for reporting at TechDirt.

PaulT (profile) says:

Re: This is a foolish rhetorical stance to take

“That, I think, is where the reporting should be focused”

If only you were as interested in discussing the opinions of others as you are in mocking others for not reporting in the way you personally want them to. We could have discussion as to why some people think you’re as wrong as the article you decided to attack.

Alas, you’re not that honest or interested in discourse.

Anonymous Coward says:

Re: This is a foolish rhetorical stance to take

“Do you not think that they’re going to roll out an MDM solution across the department, which keeps enterprise keys for each phone that IT controls?”

Splendid. That will provide one-stop shopping for any adversary with either the technical chops or sufficient hard cold cash to acquire the entire set simultaneously and subsequently monitor the position and communications of every officer carrying an iPhone.

PaulT (profile) says:

Re: Re: This is a foolish rhetorical stance to take

Also, the existence of such a management system does not have any relation to whether or not the phones are vulnerable to whatever backdoor Apple introduce into their encryption. Which is kind of the point of the article. They are separate issues, but you’d have to be interested in something other than attempting to mock the article’s author to understand that.

That One Guy (profile) says:

One law for me, and another for thee

If he stops calling for weakened encryption, he’s a hypocrite. If he keeps calling for it, he’s an asshole.

Allow me to present Option 3: Both.

I imagine the excuse, if he deigns to address the peons at all and doesn’t just brush it off as ‘official business’, will be that much like police are allowed special dispensation to do things your average person isn’t, of course they are allowed extra special security as well.

They’re important people doing important work, it only makes sense that they have equally important security protecting that work.

The filthy public on the other hand is absolutely filled with criminals that the police haven’t gotten around to arresting yet, criminals of course being the only ones who would ever want to protect their sensitive and personal information via encryption, so the crusade to provide cop-friendly encryption will continue on, same as before.

discordian_eris (profile) says:

Re: One law for me, and another for thee

Exactly. He will advocate for a two tiered solution to encryption. The cops will get the original unbreakable encryption of course. The public and all non-Americans will get the wimpy encryption standards. No different from the situation in the 90s with Internet Explorer. And the solution will be the same. Americans get crap, and the rest of the world ignores American hubris and keeps robust encryption. Talk about a digital Apartheid.

There is a difference between ignorance and stupidity.
Ignorance can be cured through education and enlightenment. Since any nerds they have talked to must have told them how math works, they cannot be ignorant. Leaves only one option.

PaulT (profile) says:

Re: Re: One law for me, and another for thee

“The cops will get the original unbreakable encryption of course.”

I’ll just interject here slightly. The issue isn’t that it’s “unbreakable”, it’s that it takes longer than authorities want it to take, combined with the fact that Apple don’t have access to the encryption key, by design. The complaint is not “we cannot possibly hack this”, it’s “we don’t want to wait for the amount of time it takes to brute force”.

A stolen police iPhone would not be unbreakable, it would just take time assuming that no new exploit has been found that makes it quicker. They would be safer than a member of the public, but that would probably be counteracted by the fact that every hacker group in existence would be happy to go out of their way to gain access. Then probably keep quiet about any confidential data they found there until that’s also exploited.

I don’t doubt that they’ll push for a double standard, but I wouldn’t make the mistake of assuming that the phones used by the authorities will be invulnerable to any attacks. They won’t be.

ECA (profile) says:

Go ahead leave them unencryped..

I would love it.. 1 LOST phone and AC ROOK could find out everything needed to track the police.. LOVE CELLPHONES.

Lets ask something about encryption..

When asked for 4-6 digit code..WHY are you restricted to 4-6.. That CUTS OFF the first 10,000 numbers to encode with. Unless you encode with Alpha/Num..and just use numbers or Patterns…YOU ARE SCREW’D..only 4-6 number or pattern..


WHY NOT android?? THEY THINK iPhone is more secure???
ANDROID is programmable to be SUPER secure..
That if you forget your password, you have to have an ACCOUNT to get into it..AND if someone resets it(can remove this option) IT DELETES EVERYTHING..and/or CRAPS out the phone to never be used again..

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...