Law Enforcement Freaks Out Over Apple & Google's Decision To Encrypt Phone Info By Default

from the we're-all-gonna-die dept

Last week, we noted that it was good news to see both Apple and Google highlight plans to encrypt certain phone information by default on new versions of their mobile operating systems, making that information no longer obtainable by those companies and, by extension, governments and law enforcement showing up with warrants and court orders. Having giant tech companies competing on how well they protect your privacy? That's new... and awesome. Except, of course, if you're law enforcement. In those cases, these announcements are apparently cause for a general freakout about how we're all going to die. From the Wall Street Journal:
One Justice Department official said that if the new systems work as advertised, they will make it harder, if not impossible, to solve some cases. Another said the companies have promised customers "the equivalent of a house that can't be searched, or a car trunk that could never be opened.''

Andrew Weissmann, a former Federal Bureau of Investigation general counsel, called Apple's announcement outrageous, because even a judge's decision that there is probable cause to suspect a crime has been committed won't get Apple to help retrieve potential evidence. Apple is "announcing to criminals, 'use this,' " he said. "You could have people who are defrauded, threatened, or even at the extreme, terrorists using it.''

The level of privacy described by Apple and Google is "wonderful until it's your kid who is kidnapped and being abused, and because of the technology, we can't get to them,'' said Ronald Hosko, who left the FBI earlier this year as the head of its criminal-investigations division. "Who's going to get lost because of this, and we're not going to crack the case?"
That Hosko guy apparently gets around. Here he is freaking out in the Washington Post as well:
Ronald T. Hosko, the former head of the FBI’s criminal investigative division, called the move by Apple “problematic,” saying it will contribute to the steady decrease of law enforcement’s ability to collect key evidence — to solve crimes and prevent them. The agency long has publicly worried about the “going dark” problem, in which the rising use of encryption across a range of services has undermined government’s ability to conduct surveillance, even when it is legally authorized.

“Our ability to act on data that does exist . . . is critical to our success,” Hosko said. He suggested that it would take a major event, such as a terrorist attack, to cause the pendulum to swing back toward giving authorities access to a broad range of digital information.
Think of the children! And the children killed by terrorists! And just be afraid! Of course, this is the usual refrain any time there's more privacy added to products, or when laws are changed to better protect privacy. And it's almost always bogus. I'm reminded of all the fretting and worries by law enforcement types about how "free WiFi" and Tor would mean that criminals could get away with all sorts of stuff. Except, as we've seen, good old fashioned police/detective work can still let them track down criminals. The information on the phone is not the only evidence, and criminals almost always leave other trails of information.

No one has any proactive obligation to make life easier for law enforcement.

Orin Kerr, who regularly writes on privacy, technology and "cybercrime" issues, announced that he was troubled by this move, though he later downgraded his concerns to "more information needed." His initial argument was that since the only thing these moves appeared to do was keep out law enforcement, he couldn't see how it was helpful:
If I understand how it works, the only time the new design matters is when the government has a search warrant, signed by a judge, based on a finding of probable cause. Under the old operating system, Apple could execute a lawful warrant and give law enforcement the data on the phone. Under the new operating system, that warrant is a nullity. It’s just a nice piece of paper with a judge’s signature. Because Apple demands a warrant to decrypt a phone when it is capable of doing so, the only time Apple’s inability to do that makes a difference is when the government has a valid warrant. The policy switch doesn’t stop hackers, trespassers, or rogue agents. It only stops lawful investigations with lawful warrants.

Apple’s design change one it is legally authorized to make, to be clear. Apple can’t intentionally obstruct justice in a specific case, but it is generally up to Apple to design its operating system as it pleases. So it’s lawful on Apple’s part. But here’s the question to consider: How is the public interest served by a policy that only thwarts lawful search warrants?
His "downgraded" concern comes after many people pointed out that by leaving backdoors in its technology, Apple (and others) are also leaving open security vulnerabilities for others to exploit. He says he was under the impression that the backdoors required physical access to the phones in question, but if there were remote capabilities, perhaps Apple's move is more reasonable.

Perhaps the best response (which covers everything I was going to say before I spotted this) comes from Mark Draughn, who details "the dangerous thinking" by those like Kerr who are concerned about this. He covers the issue above about how any vulnerability left by Apple or Google is a vulnerability open to being exploited, but then makes a further (and more important) point: this isn't about them, it's about us and protecting our privacy:
You know what? I don’t give a damn what Apple thinks. Or their general counsel. The data stored on my phone isn’t encrypted because Apple wants it encrypted. It’s encrypted because I want it encrypted. I chose this phone, and I chose to use an operating system that encrypts my data. The reason Apple can’t decrypt my data is because I installed an operating system that doesn’t allow them to.

I’m writing this post on a couple of my computers that run versions of Microsoft Windows. Unsurprisingly, Apple can’t decrypt the data on these computers either. That this operating system software is from Microsoft rather than Apple is beside the point. The fact is that Apple can’t decrypt the data on these computers is because I’ve chosen to use software that doesn’t allow them to. The same would be true if I was posting from my iPhone. That Apple wrote the software doesn’t change my decision to encrypt.
Furthermore, he notes that nothing Apple and Google are doing now on phones is any different than tons of software for desktop/laptop computers:

I’ve been using the encryption features in Microsoft Windows for years, and Microsoft makes it very clear that if I lose the pass code for my data, not even Microsoft can recover it. I created the encryption key, which is only stored on my computer, and I created the password that protects the key, which is only stored in my brain. Anyone that needs data on my computer has to go through me. (Actually, the practical implementation of this system has a few cracks, so it’s not quite that secure, but I don’t think that affects my argument. Neither does the possibility that the NSA has secretly compromised the algorithm.)

Microsoft is not the only player in Windows encryption. Symantec offers various encryption products, and there are off-brand tools like DiskCryptor and TrueCrypt (if it ever really comes back to life). You could also switch to Linux, which has several distributions that include whole-disk encryption. You can also find software to encrypt individual documents and databases.

In short, he points out, the choice of encrypting our data is ours to make. Apple or Google offering us yet another set of tools to do that sort of encryption is them offering a service that many users value. And shouldn't that be the primary reason why they're doing stuff, rather than benefiting the desires of FUD-spewing law enforcement folks?

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    BentFranklin (profile), 23 Sep 2014 @ 11:13am

    Police who say they can't do their jobs without violating the constitution are saying they can't do their jobs.

    reply to this | link to this | view in chronology ]

  • icon
    John Fenderson (profile), 23 Sep 2014 @ 11:25am

    Have we all forgotten those dark ages?

    Remember those dark days before smartphones existed? How could we forget those terrible times when no crimes could be solved because there were no smartphones to be searched?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 Sep 2014 @ 11:54am

      Re: Have we all forgotten those dark ages?

      How did law enforcement solve crimes back in the days when there was no phones, or telegraph, just letters and person to person contacts?
      /rhetorical

      reply to this | link to this | view in chronology ]

      • identicon
        Uriel-238 on a mobile device, 23 Sep 2014 @ 5:28pm

        The dark and gritty ages.

        The middle ages was also when the Holy Inquistion reasoned that they could torture witnesses as well.

        And they would do so until a given witness would confess another person that may have seen or heard something.

        Sometimes the inquisitioner would torture an entirenvillage to get to the enemies of the Church.

        Let's call this one a cautionary tale, yes?

        reply to this | link to this | view in chronology ]

    • identicon
      M. F, 19 Dec 2014 @ 9:04am

      Re: Have we all forgotten those dark ages?

      smart phones add a new element to everything. they are integrated into almost everyone's daily lives.
      they can be used as very effective tools for criminals as well as they are useful for regular folks.
      cyber stalking, ect.
      some people post every moment of their lives and that makes very useful for kidnapping and everything that follows.

      reply to this | link to this | view in chronology ]

  • identicon
    tomczerniawski, 23 Sep 2014 @ 11:30am

    "Won't somebody please think of the children?"

    I have. I'd rather they not grow up in a totalitarian, authoritarian dictatorship.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Sep 2014 @ 11:36am

    That headline makes me squirm with glee.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Sep 2014 @ 11:37am

    They can get fucked. The criminal scumbags shouldn't have this power without a fully-handwritten and legible court order that they can produce on demand. And if they can't? Arrest them on terrorism charges.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Sep 2014 @ 11:41am

    How will we abuse our power if you keep putting technical roadblocks in the way!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Sep 2014 @ 11:41am

    How will we abuse our power if you keep putting technical roadblocks in the way!

    reply to this | link to this | view in chronology ]

  • identicon
    PRMan, 23 Sep 2014 @ 11:47am

    Just think...

    If the capability weren't being abused on a near-daily basis, Apple and Google would have other things to worry about.

    So, they know more than they are able to say by making this such a high priority.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Sep 2014 @ 11:48am

    Three things...

    Mr. Kerr mentions that he had fewer concerns if physical access was required. How many phones are stolen every day?

    Second, he neglects to mention that police have been taking peoples phones and reading the contents without a warrant for years. They even have law enforcement approved tools to do so.

    And lastly, CALEA would still allow a lawful intercept of communications through the provider.

    reply to this | link to this | view in chronology ]

  • icon
    Groaker (profile), 23 Sep 2014 @ 11:51am

    They just don't want us to have the ability to do unauthorized arithmetic in the privacy of our own bedrooms, or elsewhere.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Sep 2014 @ 11:53am

    probable cause

    If there is real probable cause to suspect a crime then the police and get a court order and can ask the phone owner for the keys. If it is a valid court order then they can unlock the phone or sit in contempt.

    How can it possibly be an issue for lawful search warrants?

    reply to this | link to this | view in chronology ]

    • identicon
      Uriel-238 on a mobile device, 23 Sep 2014 @ 5:31pm

      The key to the phone...

      Is protected by the fifth. It would be like forcing someone to reveal where the body was buried, in the poppy garden.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Sep 2014 @ 11:53am

    There is a reason these are being made available as standard features. They've always been out there for you to use without the permission of the makers of hardware. You can do this yourself. So where is all the hubbub about these programs existing to begin with? That part is strangely silent and not mentioned, like it is not a concern unlike encrypted phones coming from the OEM.

    What that point above means is that the increased use will return privacy back to the individual. None of this would be necessary had it not been abused, had the public not had it's nose rubbed in this, had there been any sort of check, balance, or method to reign in these spying yokels.

    People understand it has been a violation of their rights. No matter how it is dressed, it still comes out looking like a skunk and they want something done about it, whether the government/authorities/congress/whatever agree or not.

    They've already had a prime example of how congress views being spied on and the public doesn't have that avenue to make their dislikes strongly known.

    reply to this | link to this | view in chronology ]

    • icon
      nasch (profile), 23 Sep 2014 @ 6:06pm

      Re:

      That part is strangely silent and not mentioned, like it is not a concern unlike encrypted phones coming from the OEM.

      Because until it's from the OEM there's no large public target for law enforcement types to rail against. Or maybe less cynically they're not worried about it becoming commonplace until it's OE.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Sep 2014 @ 11:54am

    Sounds like this Hosko guy is worried about the supply of stolen celebrity nudes suddenly drying up.

    reply to this | link to this | view in chronology ]

  • identicon
    Robert, 23 Sep 2014 @ 12:00pm

    Missing...

    One relevant issue...

    "Apple Still Has Plenty of Your Data for the Feds"

    "If law enforcement confiscated your phone and wanted to snoop at its data, all they would have to do is serve Apple a warrant and to get a copy of the plaintext data. A version of Apple’s Legal Process Guidelines for U.S. Law Enforcement dated May 7th, 2014 explains:"

    From The Intercpt

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 Sep 2014 @ 12:32pm

      Re: Missing...

      "all they would have to do is serve Apple a warrant"

      Which is what we have been wanting all along.

      Its not that people are against them snooping at all... we just say you cannot do it in "Secret Courts" but instead as defined by the Constitution. Get a Warrant and you are GOLDEN!

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Sep 2014 @ 12:01pm

    Great news. Now if only I could get into the queue to download iOS 8

    reply to this | link to this | view in chronology ]

  • icon
    Mason Wheeler (profile), 23 Sep 2014 @ 12:02pm

    I’m writing this post on a couple of my computers that run versions of Microsoft Windows. Unsurprisingly, Apple can’t decrypt the data on these computers either. That this operating system software is from Microsoft rather than Apple is beside the point. The fact is that Apple can’t decrypt the data on these computers is because I’ve chosen to use software that doesn’t allow them to. The same would be true if I was posting from my iPhone. That Apple wrote the software doesn’t change my decision to encrypt.


    He really should have picked a better example. This argument basically boils down to "I own my device and therefore I have the right to use it as I wish." And as sensible a position as that is, and as much as I agree with it, Apple, specifically, has made it painfully clear from Day 1 that that is not the case. You may have purchased it, but you do not have anything resembling traditional rights of control over your own property; Apple does. That's what their "walled garden" is all about: your property is not your property, you pay for it but Apple still controls it and dictates what you can and cannot do with it.

    If you choose to encrypt your iPhone, you do so at Apple's sufferance. Do you really believe that they don't have a way in, their claims notwithstanding?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 Sep 2014 @ 12:06pm

      Re:

      Personally, I'd worry more about Google- given its cozy relationship with the NSA.

      reply to this | link to this | view in chronology ]

    • icon
      ChurchHatesTucker (profile), 23 Sep 2014 @ 12:13pm

      Re:

      He really should have picked a better example.

      Indeed. OSX has offered whole disk encryption since Panther.

      reply to this | link to this | view in chronology ]

    • icon
      Mark Draughn (profile), 23 Sep 2014 @ 11:09pm

      Yup

      Mason, I agree, Apple's approach to control of the iPhone platform has not been helpful, and I think their attitude is part of the reason why people like Hosko think they should be able to get our data by going through Apple without involving us. But as you say, "I own my device and therefore I have the right to use it as I wish" is more sensible, even if Apple and the FBI would disagree.

      I think that if Apple does have a way in, but they are responding to warrants by saying they don't, they would get into a lot of trouble. Maybe even criminal indictments for obstructing justice. So I kind of doubt it.

      reply to this | link to this | view in chronology ]

  • icon
    John Fenderson (profile), 23 Sep 2014 @ 12:08pm

    Orin Kerr's comment

    In Orin Kerr's WP article, he makes this statement:

    The civil libertarian tradition of American privacy law, enshrined in the Fourth Amendment, has been to see the warrant protection as the Gold Standard of privacy protections.


    I found this interesting, and telling. He's talking about the law, and in that context I don't think this statement is incorrect -- that is the tradition. However being the tradition doesn't make it actually true.

    Warrant protection is a far cry from being a "Gold Standard". I would argue that it's the minimum standard, instead. It's on the weak end of privacy protection scale -- the weakest that anyone in their right mind would accept.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Sep 2014 @ 12:17pm

    The level of privacy described by Apple and Google is "wonderful until it's your kid who is kidnapped and being abused, and because of the technology, we can't get to them,'' said Ronald Hosko
    Given how many police have made the news in recent years for raping little girls (and get away with it because police chiefs laugh off any and all public complaints), "because of the technology, we can't get to them" is sending the opposite message he intended.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Sep 2014 @ 12:21pm

    This is going to trigger congress to pass a law requiring law enforcement backdoors in all devices, while making it a criminal offense to use or create encryption schemes without said backdoors.

    There was a time when i would have thought that the above idea was ludicrous for all the obvious reasons. Now, with all the liberty erosion i've seen since 9/11, i'm convinced those reasons won't matter.

    Once the DOJ really starts barking loudly about this, congress will act and it will all be over but the crying.

    reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 23 Sep 2014 @ 12:36pm

      Re:

      "There was a time when i would have thought that the above idea was ludicrous for all the obvious reasons."

      Given that there was a strong effort to do exactly this back in 1993 (search for "key escrow" and "clipper chip"), the idea certainly isn't ludicrous. It was (and, I hope, still is) politically infeasible, though.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 23 Sep 2014 @ 12:39pm

        Re: Re:

        Good luck with that. This nation is doomed short of blood in the streets.

        We have more illegals to deal with than possible for the electorate to restore our liberties.

        The current new influx of illegals will have more freedom and liberty here than their former lives if we lost 50% of what we have.

        reply to this | link to this | view in chronology ]

        • icon
          JMT (profile), 23 Sep 2014 @ 5:57pm

          Re: Re: Re:

          "This nation is doomed short of blood in the streets."

          But did you read what Hosko claimed?

          "He suggested that it would take a major event, such as a terrorist attack, to cause the pendulum to swing back toward giving authorities access to a broad range of digital information."

          That sounds like the nation is doomed if there is blood in the streets. Because you know any violent push-back by the citizenry will immediately be labeled terrorism and responded to accordingly.

          reply to this | link to this | view in chronology ]

          • icon
            nasch (profile), 23 Sep 2014 @ 6:11pm

            Re: Re: Re: Re:

            "He suggested that it would take a major event, such as a terrorist attack, to cause the pendulum to swing back toward giving authorities access to a broad range of digital information."

            If the pendulum is currently on the side of not giving authorities access to information, what would the other side look like? Never mind, I don't think I want to know.

            reply to this | link to this | view in chronology ]

        • icon
          Niall (profile), 24 Sep 2014 @ 7:47am

          Re: Re: Re:

          Somehow, I don't think your limited numbers of illegals are your problem. I think the larger number of government (local and federal) officials and corporate oligarchs are much more your problem.

          How an illegal immigrant affects your liberties the way the NSA, ICE or Disney do, I don't know.

          But you know, easy RW target...

          reply to this | link to this | view in chronology ]

  • identicon
    brwtx, 23 Sep 2014 @ 12:22pm

    The usual excuses

    Anytime they want to do something no one wants them to do they immediately pull out the "terrorist!" and "think of the children!" cards. Hasn't everyone gotten wise to that already?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 Sep 2014 @ 12:37pm

      Re: The usual excuses

      NO, because you live in a peaceful society that has only sparingly used the guise of "fighting a foreign enemy" to take your rights away. Now they just happen to be on an accelerated pace.

      Assuredly I say do you, we all have ridiculed those speaking against the encroachment of government against our liberties.

      There is an easy way to tell if you are one such individual at odds with the constitution.

      Do you support law that removed a felons right to keep and bear firearms.

      If you do, then you have no standing... if that constitutional right can be removed just because you now have a label affixed to your status then so can your very right to life.

      reply to this | link to this | view in chronology ]

  • identicon
    Rich Kulawiec, 23 Sep 2014 @ 12:24pm

    Last week, we noted that it was good news to see both Apple and Google highlight plans to encrypt certain phone information by default on new versions of their mobile operating systems, making that information no longer obtainable by those companies [...]

    Why should we believe this? Yes, I know that's what they said, but why should we believe that this is actually true? What evidence -- what independently-verifiable evidence, actually -- is on the table to prove this claim?

    I'm echoing/paraphrasing John Gilmore's insightful comments here -- which I STRONGLY recommend to everyone:

    http://www.metzdowd.com/pipermail/cryptography/2014-September/022919.html

    I think it's a little too early to conclude that what these glowing press releases claim is really true. Or that if true, that it will remain true for long. It seems quite unlikely that rapacious data predators who have already proven over and over and over again that they will do absolutely anything to acquire data, including breaking any laws that get in their way, will simply sit back and quietly accept this as the new status quo. Why would they do such a thing when they have every motivation to do otherwise and when they can rest assured that no matter what they do, they will never face any consequences of any kind?

    reply to this | link to this | view in chronology ]

    • icon
      nasch (profile), 23 Sep 2014 @ 6:14pm

      Re:

      It seems quite unlikely that rapacious data predators who have already proven over and over and over again that they will do absolutely anything to acquire data, including breaking any laws that get in their way, will simply sit back and quietly accept this as the new status quo.

      I don't see why not, they don't need access to your data while it's on your phone. They just need you to use their services and apps that send them your data. Anyone not using their services isn't going to be particularly attractive to them anyway, and if they can get more people to use them by offering security tools, they benefit.

      reply to this | link to this | view in chronology ]

  • icon
    cerda (profile), 23 Sep 2014 @ 12:34pm

    Policies, and laws

    The policy switch doesn’t stop hackers, trespassers, or rogue agents. It only stops lawful investigations with lawful warrants.

    On the other hand, laws do not stop the criminals, only the lawful persons.

    So what?

    reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 23 Sep 2014 @ 12:38pm

      Re: Policies, and laws

      "The policy switch doesn’t stop hackers, trespassers, or rogue agents"

      But it certainly does hinder them by removing the back door that they could use.

      reply to this | link to this | view in chronology ]

    • identicon
      Stephen Hutcheson, 23 Sep 2014 @ 2:17pm

      Re: Policies, and laws

      >"The policy switch doesn’t stop hackers, trespassers, or rogue agents."

      WHAT PERPENDICULARLY INVERTED UNIVERSE IS THIS MOROID FROM?

      No doubt, back on the planet Htrae (helically orbited by a glowing Nus), street gangs are being told by their thug chieftains to focus on mugging yuppies with Elppa 9 cellphones because "with these phones, there's nothing to stop us from stealing all the customer's addresses, bank accounts, and valuable information. It's just encrypted so the Ecilops can't see it with a warrant! And those tricks of calling Elppa and pretending to be the customer, or pretending to be an Ecilop, or presenting a fraudulent warrant--they doesn't work, but we don't need them any more because NOW THERE'S NOTHING STOPPING US!"

      But here on Earth, where Boolean logic and the Peano axioms rigorously rule over the realm of possibility for police and child abusers alike, things are different.

      reply to this | link to this | view in chronology ]

  • icon
    Hephaestus (profile), 23 Sep 2014 @ 12:42pm

    "How is the public interest served by a policy that only thwarts lawful search warrants?"

    Off topic ... Didn't the NSA use a lawful search warrant to pull a couple trillion individual records last year?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 Sep 2014 @ 1:00pm

      Re:

      "How is the public interest served by a policy that only thwarts lawful search warrants?"

      Off topic ... Didn't the NSA use a lawful search warrant to pull a couple trillion individual records last year?
      No. They used an unlawful search demand issued by a secret court pursuant to a secret misinterpretation of law to pull those records.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Sep 2014 @ 12:44pm

    and of course, it hasn't come about because of anything law enforcement has done, has it? definitely not!!

    reply to this | link to this | view in chronology ]

  • icon
    Dennis F. Heffernan (profile), 23 Sep 2014 @ 12:48pm

    Nice, but...

    ...they're just going to change the laws to require companies give them access when requested.

    reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 23 Sep 2014 @ 12:56pm

      Re: Nice, but...

      They might, but this would be a major legislative effort that couldn't happen quickly -- and would stir up a major debate once the effort begins.

      It's one thing to require companies to give access to stuff they already have. It's quite another to require companies to engineer their products in a particular way to make that possible.

      reply to this | link to this | view in chronology ]

  • identicon
    J.R., 23 Sep 2014 @ 12:56pm

    encryption

    Obligatory xkcd link

    reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 23 Sep 2014 @ 12:58pm

      Re: encryption

      Not actually that relevant here. What Google & Apple are doing is making it impossible for them to comply, even if they wanted to really, really badly (for instance, because their knees are getting whacked.)

      The cartoon addresses being forced to hand over your own keys -- nothing in Apple or Google's actions affects that possibility one bit. It just means that you'll get the subpena instead of Apple or Google.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Sep 2014 @ 1:03pm

    Re: probable cause

    No, you can't be forced to disclose your password or unlock a phone, unless and that's the big caveat the government already can prove you know it.

    Entering a password or unlocking a safe is a testimonial act because it may reveal ownership, custody, and knowledge of the contents inside the box and may authenticate the person as its owner.

    We are in fifth Amendment territory, and you have an absolute right not to give the government incriminating information.

    The government can only overcome the Fifhth Amendment bar by granting act of production immunity or prove your knowledge from an independent source.

    Probable cause has nothing to do with the Fifth Amendment, and a valid Fourth Amendment search does not negate the Fifth Amendment protection against self incrimination.

    reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 23 Sep 2014 @ 1:18pm

      Re: Re: probable cause

      "We are in fifth Amendment territory, and you have an absolute right not to give the government incriminating information."

      This isn't settled law at all. Some courts have ruled in the way you say, others have ruled the opposite. Generally, courts have ruled that if the police already know that there is evidence in the encrypted data, you can be compelled to reveal the key, but you can't be compelled to reveal the key so they can go on a fishing expedition.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 23 Sep 2014 @ 2:13pm

        Re: Re: Re: probable cause

        Generally, courts have ruled that if the police already know that there is evidence in the encrypted data, you can be compelled to reveal the key, but you can't be compelled to reveal the key so they can go on a fishing expedition.

        If the police can prove that there is evidence of wrongdoing in encrypted data, they do not need it decrypted, if it only requires them to claim to know such evidence is in the encrypted data, they are fishing.

        reply to this | link to this | view in chronology ]

        • icon
          John Fenderson (profile), 24 Sep 2014 @ 10:00am

          Re: Re: Re: Re: probable cause

          "If the police can prove that there is evidence of wrongdoing in encrypted data, they do not need it decrypted"

          Not true at all. It's completely possible to know that evidence of wrongdoing exists somewhere but not have that evidence in your possession.

          Really, this isn't much different than what is required for search warrants: cops can't (technically) get a search warrant for a fishing expedition either. They have to demonstrate to a judge that they are looking for specific evidence that they already know exists in the place they're searching.

          reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 23 Sep 2014 @ 2:14pm

        Re: Re: Re: probable cause

        John,

        This is what really burned my toast in Orrin Kerrs writeup, he seems to think the fifth is a foregone conclusion, because of Boucher. Now, I looked into Boucher, and its like you said: The gov't already KNEW that there was evidence in Bouchers computer, because they had seen it at the border.

        My view is that gov't can't compel you to reveal the your password if they don't know whats on your phone. They can't just go on fishing expeditions.

        I don't think they can just browbeat you with the threat of contempt until you give up your password if they don't know what you have. Kerr seems to think otherwise, which is a shame given his credentials.

        reply to this | link to this | view in chronology ]

    • identicon
      Rekrul, 23 Sep 2014 @ 4:13pm

      Re: Re: probable cause

      We are in fifth Amendment territory, and you have an absolute right not to give the government incriminating information.

      Unless they say the magic word "terrorism" and then all your rights vanish in a puff of smoke...

      reply to this | link to this | view in chronology ]

      • identicon
        Uriel-238 on a mobile device, 23 Sep 2014 @ 5:23pm

        Fifth Amendment territory.

        Since the police are so eager to get the bad guy, preferring false positives over false negetives, why don't they just shoot everyone with an encrypted cell phone? After all cell phones have beem confused as weapons befpre.

        A slightly nicer option is to sweat suspects to decrypt their phones Fifth Amendment protections are in place: they don't have to open the phone, but also the tasings and seasonings with pepper spray don't have to stop either.

        And to cinch things well into legality, the interrogation doesn't have to stop until the suspect signs a release saying he volunteered the contents of the phone and participation in the interrogation process. What a complaint citizen!

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 23 Sep 2014 @ 9:55pm

          Re: Fifth Amendment territory.

          With an encrypted cell phone? That restriction would place an undue burden on law enforcement.

          reply to this | link to this | view in chronology ]

          • icon
            nasch (profile), 24 Sep 2014 @ 5:50am

            Re: Re: Fifth Amendment territory.

            With an encrypted cell phone? That restriction would place an undue burden on law enforcement.

            Oh don't worry, they can just shoot anyone they suspect of having an encrypted phone. If it turns out to be just a regular phone, or a bagel, or their hand, well oops.

            reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Hero, 23 Sep 2014 @ 1:17pm

    > The agency long has publicly worried about the “going dark” problem, in which the rising use of encryption across a range of services has undermined government’s ability to conduct surveillance, even when it is legally authorized.

    If you have to say "even when it is legally authorized"...

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Sep 2014 @ 1:29pm

    Re: Re: probable cause

    All the courts having compelled the person to decrypt the information have ruled so because of the foregone conclusion exception to the Fifth Amendment.

    In the Boucher and Fricosu cases, the government already knew that the suspect was able to decrypt the computer and the self incrimination privilege could therefore not be invoked because the person by his own admission had made the testimonial aspects a foregone conclusion.

    However, in the 11th Circuit case, the government could not
    prove that the suspect was able to decrypt, or the existence of an encrypted file system, and Professor Kerr noted that the outcome of the case was likely correct.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 Sep 2014 @ 2:16pm

      Re: Re: Re: probable cause

      I'm sorry, but in Boucher, they knew what was already on the computer. Not that he was able to decrypt it.

      Being able to decrypt is not a foregone conclusion. That doesn't make any sense. If they don't know what they are going to find, they can't just go on fishing expeditions.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Sep 2014 @ 1:38pm

    Re: Re: probable cause

    And that's practically the same outcome even if Congress passes a law like UK's RIPA S.49.

    Under RIPA it's a criminal offense knowingly to fail to disclose an encryption key to the police.

    However, the government must still prove that you know the key and knowingly fail to disclose it beyond a reasonable doubt for the criminal sanction to be applied.

    If several users share a computer or online account, or it can't be proven who has the key no one can be compelled to disclose it.

    The sanctions under RIPA are rarely imposed, and only if the suspect openly flouts the requests or is caught in the act of entering the password, he well get convicted.

    reply to this | link to this | view in chronology ]

  • identicon
    Kenneth Michaels, 23 Sep 2014 @ 1:50pm

    This guy is incredible

    This guy writing for the Washington Post doesn't understand Apple and Google's encryption or that it wouldn't have stopped him from solving a kidnapping:

    http://www.washingtonpost.com/posteverything/wp/2014/09/23/i-helped-save-a-kidnapped-man- from-murder-with-apples-new-encryption-rules-we-never-wouldve-found-him/

    reply to this | link to this | view in chronology ]

  • icon
    z! (profile), 23 Sep 2014 @ 1:58pm

    Children???

    Just like we have Godwin's law (As an online discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches 1), we need to name the effect for how fast a variant of "Think of the children!!" will appear when discussing civil liberties and related topics.

    We also need to say that Yes, we thought of the children, and they're irrelevant to the discussion.

    reply to this | link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 23 Sep 2014 @ 1:59pm

    Are there any stats

    How many kidnapped kids were saved in (say) 2012 thanks to these phone privacy invasions? Or are these hypothetical kids and hypothetical kidnappers?

    reply to this | link to this | view in chronology ]

  • identicon
    Anon, 23 Sep 2014 @ 2:22pm

    I have seen (but dont have time to link to) cases where criminals were not conviced because of the fact that all the evidence was encrypted, and the police could not access it. CP, terrorism, and similar activities now can't be proven, and with services like VPN and proxies on the rise anonymity is increasing.

    There is a risk.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 Sep 2014 @ 3:05pm

      Re:

      cases where criminals were not conviced because of the fact that all the evidence was encrypted, and the police could not access it.

      In other words police had their supicions, maybe strong suspicions, but no evidence at all.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 Sep 2014 @ 3:13pm

      Re:

      I have seen (but dont have time to link to) cases where criminals were not conviced because of the fact that all the evidence was encrypted, and the police could not access it. CP, terrorism, and similar activities now can't be proven, and with services like VPN and proxies on the rise anonymity is increasing.

      There is a risk.
      I suspect, based on a hint from a little bird, that parent poster has engaged in some form of criminality, but I don't know what and he encrypted all the evidence, so I can't prove any of it. Can we convict him anyway? :-)

      reply to this | link to this | view in chronology ]

    • icon
      nasch (profile), 23 Sep 2014 @ 6:21pm

      Re:

      I have seen (but don't have time to link to) photos of Ronald T. Hosko molesting a goose. This is real, people.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Sep 2014 @ 2:33pm

    Re: Re: Re: probable cause

    Actually Kerr's position is more nuanced.

    He noted regarding the 11th circuit's ruling:


    "Based on a very quick skim, the analysis seems mostly right to me — in result, at least, although perhaps not as to all of the analysis. I hope to blog
    more on the case later on when I have a bit more time.

    Also note that the court’s analysis isn’t inconsistent with Boucher and Fricosu, the two district court cases on 5th Amendment limits on decryption. In
    both of those prior cases, the district courts merely held on the facts of the case that the testimony was a foregone conclusion."

    http://www.volokh.com/2012/02/23/eleventh-circuit-finds-fifth-amendment-right-against-se lf-incrimination-not-to-decrypt-encyrpted-computer/

    So Professor Kerr seems to agree that the Fifth Amendment can be invoked at least where the government can prove very little about the suspect's custody and ownership of the data.

    paradoxically it means that hard child pornographers who are careful not to talk to the police, and don't use easily provable encryption can invoke the privilege whereas stupid ordinary people who don't know or care about criminal procedure will let the cat out of the bag.


    The statements yes, the phone is mine and I wont cooperate probably satisfies the foregone conclusion, but the statement I plead the Fifth or even better I only talk to the police with counsel present reveals nothing.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Sep 2014 @ 3:33pm

    I want a reporter or someone close to the guys who are opposed to ask this if their phones are encrypted.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Sep 2014 @ 3:39pm

    Re: Policies, and laws


    I have seen (but dont have time to link to) cases where criminals were not conviced because of the fact that all the evidence was encrypted, and the police
    could not access it.


    You are assuming that there was a crime, and that the incriminating evidence was encrypted.

    If the police could prove that there was a crime, but only could find encrypted data, there is no evidence.

    Encrypted data is no different from random data, unless you know which algorithm and software was used.

    if you already know that encrypted data contains child pornography, you logically has sufficient evidence to convict.

    If you only know that there is encrypted data, but don't know what's inside, you can't logically argue that there is evidence of a crime.

    And more likely, you even don't know that the data is encrypted.

    It may just be a large blob of random data.

    reply to this | link to this | view in chronology ]

  • identicon
    STJ, 23 Sep 2014 @ 3:43pm

    Cars

    I remember the days when we first got cars. The police were fretting how now criminals would be able to go faster then the police.

    I remember the days when we first got cell phones. The police were fretting how criminals would be able to make calls from anywhere they wanted and not be tied to a physical location.

    Now.... GET OFF MY LAWN!!

    reply to this | link to this | view in chronology ]

  • identicon
    Rekrul, 23 Sep 2014 @ 4:17pm

    Someone should really go to the law enforcement agencies that are freaking out about this and point out that it probably wouldn't be happening if they hadn't been systematically invading people's privacy and searching their phones without cause.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 23 Sep 2014 @ 6:25pm

      Re:

      Exactly so. If they can't act responsible with the 'toys'/powers that they have, they shouldn't be surprised when people react and try and take them back. They've proven that they cannot be trusted, it's hardly a surprise that people are pushing back because of this.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Sep 2014 @ 4:49pm

    If police need data off an encrypted phone. They'll just remote hack it through the baseband modem drivers. Or perhaps through the secondary operating system called Java Card, which runs on SIM cards.

    Police still have options. I believe telephone companies are able to send silent text messages to Java Card and reflash firmware.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Sep 2014 @ 4:59pm

    "The agency long has publicly worried about the “going dark” problem, in which the rising use of encryption across a range of services has undermined government’s ability to conduct surveillance, even when it is legally authorized."

    So they are admitting that they conduct surveillance when it is NOT legally authorized? That's a pretty strong admission, considering they've denied it so many times before.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Sep 2014 @ 5:12pm

    Re: Re: probable cause

    Unless they say the magic word "terrorism" and then all your rights vanish in a puff of smoke... 

    No, the Fifth Amendment privilege against self incrimination is applicable to all criminal offenses.

    The privilege is about compelling you to testify against yourself and using the coerced testimony to convict you of a crime.

    if the police beats you in order to get you to tell them where you have hidden the murder weapon or what your password locking yor child pornography collection, any evidence resulting from the coercion is tainted and can't be used against you.

    This is an extreme form of pressure, but threatening someone with contempt sanction is also compulsion for purposes of the Fifth Amendment.

    reply to this | link to this | view in chronology ]

    • icon
      nasch (profile), 23 Sep 2014 @ 6:27pm

      Re: Re: Re: probable cause


      No, the Fifth Amendment privilege against self incrimination is applicable to all criminal offenses.


      Just a thought experiment, what if the President declared you a terrorist, and then had you arrested and taken to Gitmo*? I don't think there are any 5th amendment protections there.

      * the 2013 NDAA allows this, with no judicial oversight

      reply to this | link to this | view in chronology ]

      • identicon
        Uriel-238 on a mobile device, 23 Sep 2014 @ 6:34pm

        No 5th amendment protections in Gitmo

        Since they don't have due process, but just torture you and detain you at the pleasure of the President, yeah, there's no cause to say anything except...well, they're going to torture you anyway.

        No. If you're in Gitmo, you're probably just fucked.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 23 Sep 2014 @ 7:02pm

        Re: Re: Re: Re: probable cause

        don't forget the Enemy Expatriation act, where the USA government has decided they have the right to strip Americans of their citizenship if they classify them as terrorists.

        Considering millions of Americans have been deemed potential terrorists. makes one wonder how many people have been arrested and vanished, since they would no longer be a citizen they could "legally" just be executed or whatever.

        reply to this | link to this | view in chronology ]

        • identicon
          Uriel-238 on a mobile device, 23 Sep 2014 @ 7:29pm

          Unpersons and anti-citizens

          That is exactly how a system takes form that features unpersons or anti-citizens...choose your preferred cyberpunk dystopian moniker.

          reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Sep 2014 @ 6:58pm

    Why would the FBI care? they have publicly stated they do not care about regular criminal only terrorists they create

    reply to this | link to this | view in chronology ]

  • icon
    MrTroy (profile), 23 Sep 2014 @ 9:20pm

    The information on the phone is not the only evidence, and criminals almost always leave other trails of information.

    Not only that, but the kind of criminal who is smart enough to not leave other trails of information is already either doing their own encryption, or otherwise avoiding anything that will leave a trail.

    In fact, if we ever find out that these smart criminals are using the factory encryption, yet being caught through some other means, that will give me a lot of confidence that the encryption works as advertised!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Sep 2014 @ 10:18pm

    So which one is it?

    So some times it is "FEEEEAR the hacker and the upcoming CYBER-Pearl-harbor because we are most certainly doomed!"
    But then they are all like "FEEEAR the terrorist and for your children because we can't hack your shit!". So I guess what they really want is a totally vulnerable system that is impervious to hackers?
    Sense it makes not.

    reply to this | link to this | view in chronology ]

    • icon
      nasch (profile), 24 Sep 2014 @ 5:52am

      Re: So which one is it?

      So I guess what they really want is a totally vulnerable system that is impervious to hackers?

      I'm not sure if they're clueless, or think everyone else is clueless, or both. It's possible they actually think that if security vulnerabilities are left alone, they'll be the only ones able to take advantage. It's also possible they realize this isn't true, don't care about it, and assume the public will not understand. The latter seems more likely.

      reply to this | link to this | view in chronology ]

  • icon
    Mark Draughn (profile), 23 Sep 2014 @ 11:00pm

    Thanks!

    Thanks for the link, the quote, and the kind words.

    Note that Hosko had to change his WaPo piece. The original title was something like "I helped save a kidnapped man from getting killed. With apple's new encryption rules, we never would have found him," but the title has changed to something more generic and there's now a disclaimer at the bottom that says, "This story incorrectly stated that Apple and Google’s new encryption rules would have hindered law enforcement’s ability to rescue the kidnap victim in Wake Forest, N.C. This is not the case. The piece has been corrected."

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Sep 2014 @ 11:00pm

    Re: Fifth Amendment territory.

    The Fifth Amendment prohibition on compelled self incrimination is a part of the constitution, and computer technology does not change the fact that compelling a suspect to give testimony against himself is unconstitutional.

    The only situations wherein the privilege can be overcome are (1) If the government already can prove from an independent source that you possess a piece of evidence; (2) If the government grants you use and derivative use immunity;


    (3) You are compelled to provide the government records kept incident to a valid noncriminal regulatory regime.

    The third exception might actually provide a constitutional foundation for compelled key escrow but such a record keeping requirement has never been applied broadly outside tax and financial transactions.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Sep 2014 @ 11:45pm

    Re: Yup

    US law may force Apple to grant the US government a backdoor but Apple can't afford being caught in a big lie while marketing its product overseaws.

    If Apple can't guarantee security to European customers, there is going to be a very nasty fallout if it's ever revealed that the company deceptively marketed its products as secure.

    Also, I don't think that having an exclusive backdoor for the US government will sit well with other nations' law enforcement authorities.

    Prior to the Snowden leaks, US corporations might well hope that their doubletalk would never be revealed, but Apple may fear that every friendly underhanded deal with the US government will eventually become public.

    Other governments might demand that if there is any legally mandated backdoor, this must be on equal terms.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Sep 2014 @ 4:03am

    In short, he points out, the choice of encrypting our data is ours to make... and many more are choosing to do so because of the way law enforcement has abused their capabilities.

    reply to this | link to this | view in chronology ]

  • identicon
    Just Another Anonymous Troll, 24 Sep 2014 @ 6:02am

    "How is the public interest served by a policy that only thwarts lawful search warrants?"
    How stupid do you think I am? Besides, we already had encryption before. Maybe they're just pissed that they haven't cracked it yet?

    reply to this | link to this | view in chronology ]

  • icon
    John85851 (profile), 24 Sep 2014 @ 2:59pm

    Serve the warrant on the person's phone

    I have a tip for all the law enforcement agencies: if you need data off someone's phone, get a warrant to search the person's phone. Why do Apple or Google (or any company( need to be involved in the process? Just because it's easier than actually serving a warrant on a person?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Sep 2014 @ 7:05pm

    Now they will pressure the people instead.

    reply to this | link to this | view in chronology ]

  • identicon
    pmshah, 25 Sep 2014 @ 9:25pm

    Law Enforcement Freaks Out

    Andrew Weissmann, Apple is "announcing to criminals, 'use this,' " he said. "You could have people who are defrauded, threatened, or even at the extreme, terrorists using it.''

    He is so full of sh** ! When FCC or power that may be permitted "burner phones" where was the outrage ? Even today it says exactly what you are attributing to Apple !

    In this regard we in India are doing a much better job. No burner phones. No mobile or wired phones without full identity information. No hiding of caller ID. We consider telephony a privilege and a birth right, and rightly so.

    reply to this | link to this | view in chronology ]

  • identicon
    cyndy, 27 Sep 2014 @ 5:42am

    Apple

    Boo Hoo, Waa!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 May 2015 @ 12:19pm

    1zqjyd'"(){}:/1zqjyd;9

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 May 2015 @ 12:19pm

    1zqjyd'"(){}:/1zqjyd;9

    reply to this | link to this | view in chronology ]

  • icon
    darren chaker (profile), 4 Nov 2015 @ 1:22am

    iPhone Encryption

    Not only must encryption be used for the phones, but also good passwords.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.