Manhattan DA Cy Vance Says The Only Solution To Device Encryption Is Federally-Mandated Backdoors

from the picking-up-the-torch-the-FBI-accidentally-dropped dept

Because no one has passed legislation (federal or state) mandating encryption backdoors, Manhattan DA Cy Vance has to publish another anti-encryption report. An annual tradition dating back to 2014 — the year Apple announced default encryption for devices — the DA’s “Smartphone Encryption and Public Safety” report [PDF] is full of the same old arguments about “lawful access” and evidence-free assertions about criminals winning the tech arms race. (h/t Riana Pfefferkorn)

You’d think there would be some scaling back on the alarmism, what with the FBI finally admitting its locked device count had been the victim of software-based hyperinflation. (Five months later, we’re still waiting for the FBI to update its number of locked devices.) But there isn’t. Vance still presents encryption as an insurmountable problem, using mainly Apple’s multiple patches of security holes cops also found useful as the leading indicator.

The report is a little shorter this year but it does contain just enough stuff to be persuasive to those easily-persuaded by emotional appeals. Vance runs through a short list of awful crime solved by device access (child porn, assault) and another list of crimes unsolved (molestation, murder) designed to make people’s hearts do all their thinking. While it’s certainly true some horrible criminal acts will directly implicate device encryption, the fact of the matter is a majority of the locked phone-centric criminal acts are the type that won’t make headlines or motivate lawmakers.

More than a third of these cases involve minor crimes like theft and check kiting. Another 20% is comprised of “sex crimes,” which encompasses prostitution — a crime where law enforcement sometimes chooses to believe the device itself is an “instrument of crime,” never mind what other evidence might be hidden inside it.

So, more than half the crime involving locked phones isn’t the sort of stuff that suggests encryption backdoors are the key to making New York City a safer place to reside. The stuff Vance throws in about unlocked devices producing exonerating evidence is a dodge. It’s meant to show how granting law enforcement carte blanche access would be a net benefit for the public. But the examples given use stuff like cell site location info and social media app data — things that could be obtained from third parties without having to go through the locked phone.

Then there’s the other part of this argument Vance leaves completely undiscussed: if someone’s phone contains exonerating evidence, it’s very likely they’ll provide officers with this evidence voluntarily, either by unlocking the device or handing over the relevant info/files. Using the very small percentage of cases where exonerating evidence may be recovered from locked phones as an argument for mandated backdoors is incredibly disingenuous.

And that’s all this “report” is: a petition for federally-legislated encryption backdoors.

III. Federal Legislation Remains the Only Answer


For the reasons advanced in each of our prior Reports, national legislation of the sort we have proposed remains the most rational and least intrusive means to require device manufacturers to comply with lawful court orders in serious criminal cases upon a finding of probable cause.

“Most rational and least intrusive.” I guess creating new security holes in millions of personal devices isn’t “intrusive.” And if this wasn’t enough of a laugher, Vance ends his report with this sentence:

[O]ur Office stands willing to assist Congress and all relevant stakeholders in the effort to find a more rational balance among the interests of device makers, consumers and law enforcement in the regulation of smartphone encryption.

When your conclusion is that the only solution is federally-mandated encryption backdoors, you cannot honestly assert you’re seeking to “balance” the interests of everyone involved. The only interest served by mandated backdoors is law enforcement’s. Portraying device encryption as a threat to public safety is intellectually dishonest. Vance’s own numbers undercut his threat level claims and his repeated failure to even generate serious discussion among federal legislators shows it’s probably time for the Manhattan DA to retire his annual alarmism.

Filed Under: , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Manhattan DA Cy Vance Says The Only Solution To Device Encryption Is Federally-Mandated Backdoors”

Subscribe: RSS Leave a comment
Anonymous Coward says:

What is his stance on the public’s rights to monitor the state, instant response to FOI requests, or stalling as much a possible.

I ask, because formally the public have the right to monitor the government, but the government does not have the right to monitor the public. Meanwhile government are reversing this relationship, which is the basis of democracy.

Anonymous Coward says:

Re: Re:

However, encryption via a central control is potentially liable to man in the middle attack. This can be mitigated by by signing the messages, assuming you and the others end have managed to obtain each others public keys. Doing that requires that keys are exchanged and/or verified over a different communication channel to that used to exchange messages. If the key exchange and messages pass through common servers, you can be man in the middled.

As ever, convenience always introduces a weakness into a crypto system, by increasing the parties that need to be trusted.

Rick Shaw says:

I think it is a great idea

I think we should have mandated backdoors. With this we can read everything that Vance writes. Of course when he realizes that he will write an exemption for himself because why should he have to follow the rules.

I would say someone should explain the math to Vance on why this is dumb but I doubt he would understand it.

BentFranklin (profile) says:

“It was reported here last week that, in 2012, Vance ordered his prosecutors to drop a promising criminal-fraud investigation against Ivanka Trump and Donald Trump, Jr., who were suspected of misleading potential buyers of condos in the Trump SoHo building; the order came after their father’s attorney, Marc Kasowitz, paid Vance a visit. Soon after Vance’s office dropped the investigation, Kasowitz donated and raised a combined total of more than fifty thousand dollars for Vance’s reëlection campaign.”

That One Guy (profile) says:

Re: Re: Backdoors: You first, Mr Vance

Confidence, bank account, personal email account, any phone and/or computer he has…

I might be willing to accept that he actually believes that crippling security will be a net gain for society should he put his own security and livelihood on the line first, say for a solid year at least. He wants to put everyone else at risk, great then he can lead by example or expose his hypocrisy.

Anonymous Coward says:

Back doors are great if your target is unaware, unprepared or unable to enact counter measures. This group of people, typically, are those who are not a threat but will be the most affected by this draconian measure.

Meanwhile, back at the ranch, the nefarious bad guys are putting together a system to thwart said back door silliness. This is not difficult and their communications will continue unabated and un decrypted. This is a bad idea for many reasons but their main rational for it is bullshit.

That One Guy (profile) says:

'Let's sabotage security', anything BUT a 'rational balance'

[O]ur Office stands willing to assist Congress and all relevant stakeholders in the effort to find a more rational balance among the interests of device makers, consumers and law enforcement in the regulation of smartphone encryption.

He forgot a few words at the end there.

‘… so long as that balance is entirely in our favor, as anything less is simply not acceptable.’

Device makers have a vested interest in having secure devices.

Consumers have a vested interest in having secure devices.

Fear-mongering by someone acting like an idiot aside, even the police have a vested interest in the public having secure devices, because I can all but guarantee you that it prevents vastly more crimes than it enables.

Funny how he claims that he wants to hold a conversation and weigh the interests of all relevant stakeholders, yet the only interests he’s actually paying attention to are his.

With how much people do with their phones these days solid encryption could very easily be the difference between a stolen/lost phone meaning you’re out a phone and need to buy another one, and having your bank, medical records, private conversations and so on in the hands of people who would love to have access to it.

The police have never had access to everything, and if the current ones can’t do their jobs without employing measures which leave the public vastly more vulnerable then they’re clearly too damn incompetent for the jobs and need to be replaced as soon as possible.

Kitsune106 says:


The cops are okay with all their gear having said backdoor too? For internal affairs. After all, it’s not like bad actors will steal or crack it. Its only way to make sure everyone has it. And if it is to produce exonerating evidence, surely the police will be okay with having their cameras and locations broadcasts for the safety. Of course.

Anonymous Coward says:

Scaling Alarmism

"You’d think there would be some scaling back on the alarmism…"

No; no, I wouldn’t. Have you seen the examples set by our Federal Executive and Legislative Branches…oh, and newest additions to the Supremes? Howzabout the corresponding state and local authorities? I expect further upscaling.

Bergman (profile) says:

The true nature of legislating against reality

Problem: Tide keeps rolling in.
Solution: Have the King wade out and order it to stop.
Result: Tide keeps rolling in, but now the water is a traitor.

Mandating back doors by law won’t stop people from encrypting things without those back doors if they want real security (and I bet there will be a nice fat exemption for government secrets in any such law), and it won’t protect the security of people who comply with the law — and I bet anyone trying to sue the government as a party to any resulting security breaches won’t get anywhere due to sovereign immunity.

Why an employee of the people who merely represents them rather than owning them (as a noble or king does) has sovereignty against their complaints of malfeasance has always eluded me.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...