Manhattan DA's Office Serves Up Craptastic White Paper Asking For A Ban On Encryption
from the and-just-a-couple-of-backdoors,-maybe-FOR-SAFETY! dept
Manhattan DA Cyrus Vance may not know what the fuck he’s talking about when he discusses encryption, the internet and other tech-related issues. But that’s certainly not going to keep him from talking about them.
A just-published “white paper” from the Manhattan DA’s office (h/t Matthew Green) offers up all sorts of stupidity in its attempt to justify anti-encryption legislation.
It starts with lofty ideals…
This Report is intended to:
1) Summarize the smartphone encryption debate for those unfamiliar with the issue;
2) Explain the importance of evidence stored on smartphones to public safety;
3) Dispel certain misconceptions that many privacy advocates hold about law enforcement’s position related to encryption, including the myth that we support a “backdoor” or government-held “key;”
4) Encourage an open discussion with technology companies, privacy advocates, and lawmakers; and
5) Propose a solution that protects privacy and safety.
… before throwing most of these out completely, starting with the “open discussion” with the affected stakeholders.
Vance’s office doesn’t want to burden the nation’s tech companies with “golden keys” or “good guy-only” backdoors. The paper admits such a “solution” would be complicated and expensive. (But not impossible, notably.)
His solution? Something that doesn’t burden tech companies, but simply leaves their customers unprotected. No backdoors will be needed because there will be nowhere to install one.
The federal legislation would provide in substance that any smartphone manufactured, leased, or sold in the U.S. must be able to be unlocked, or its data accessed, by the operating system designer. Compliance with such a statute would not require new technology or costly adjustments. It would require, simply, that designers and makers of operating systems not design or build them to be impregnable to lawful governmental searches.
That’s the big idea: a ban on encryption, presented disingenously as “Not A Ban.” For all the paper’s supposed “discussion” of the issues and contemplation of concerns expressed by companies and their customers, this is the DA’s office’s brilliant cure-all: federal legislation that would prevent companies from deploying encryption — at least not without holding onto a set of keys for government use.
Offered in support of these arguments are the horrendous laws being contemplated/passed in other countries like the UK and France. If they can do it, we can do it! Vance’s office argues any resulting harm to human rights civil liberties will be minimal. Undiscussed is the resulting harm to innocent users whose phones’ contents are no longer encrypted.
The paper also discusses various workarounds that have been suggested, like accessing the unencrypted contents of cloud storage services connected to users’ phones. The DA’s office says that just isn’t good enough. For one thing, not every user utilizes the cloud services offered by Google and Apple. The office’s argument against seeking other routes to communications and data is astoundingly terrible.
[S]martphone users are not required to set up a cloud account or back up to the cloud, and therefore, many device users will not have data stored in the cloud. Even minimally sophisticated wrongdoers who use their devices to perpetrate crimes and who have cloud accounts will likely take the relatively simple steps necessary to avoid backing up those devices, or data of interest, to the cloud. In most instances, only one or two selections must be made in the device’s settings to turn off the back-up function or to remove certain types of content from the back up.
There’s a huge problem with this paragraph. It makes the assertion that criminals are more likely to avoid utilizing cloud backup services while simultaneously noting that this process is entirely optional and will not be used by most people. Using this logic, an average user may also be a “minimally sophisticated wrongdoer,” at least as far as law enforcement can tell from what it finds stored in the cloud.
The underlying point is that lots of data and communications still reside within the phone itself and law enforcement will not be able to access this without Apple or Google leaving a door open for it.
The office does further damage to its own arguments for banning encryption by highlighting a string of successful prosecutions utilizing evidence recovered from cell phones. It uses this list to highlight the amount of “probative evidence” obtained from cell phones while simultaneously (and inadvertently) pointing out that law enforcement really hasn’t been stymied by encryption, despite Vance’s FUD-filled imaginations to the contrary.
And, finally, let’s take a look at one more bogus analogy made by Vance’s office, in which he tries to equate phones with houses.
The Fourth Amendment dictates that search warrants may be issued only when a judge finds probable cause to believe that a crime has been committed and that evidence or proceeds of the crime might be found on the device to be searched. The warrant requirement has been described by the Supreme Court as “[t]he bulwark of Fourth Amendment protection,” and there is no reason to believe that it cannot continue to serve in that role, whether the object that is to be searched is an iPhone or a home.
In fact, what makes full-disk encryption schemes remarkable is that they provide greater protection to one’s phone than one has in one’s home, which, of course, has always been afforded the highest level of privacy protection by courts. Apple and Google should not be able to alter this constitutional balance unilaterally. Every home can be entered with a search warrant. The same should be true of devices.
A more honest analogy would compare phones to computers, which is basically what they are. While a warrant may give cops access to someone’s computer — allowing them to seize it — it does not guarantee they’ll be able to access its contents. Vance wants to compare opening a phone to opening a door, but it’s not a true comparison. If people could make their houses as impregnable as their phones and computers, some very likely would — and not just the theoretical “minimally sophisticated criminals.” A house that cops can’t get into is a house criminals can’t get into. But there’s no way to encrypt a door or window.
The paper tries to portray this as somehow making phones more private than houses in terms of the Fourth Amendment. But encrypted phones have nothing to do with a heightened expectation of privacy. Encryption makes phones more secure than houses, not more private than houses. The Fourth Amendment considerations aren’t being shifted. It’s only the level of instant access that’s being changed. Vance’s office — being part of the law enforcement community — should welcome efforts that make citizens more secure. Instead, all it’s doing is bitching loudly and disingenously about all the power it imagines encryption will strip away from it.
Filed Under: backdoors, cyrus vance, encryption, encryption backdoors, going dark, ny
Comments on “Manhattan DA's Office Serves Up Craptastic White Paper Asking For A Ban On Encryption”
I hope this guy isn’t indicative of the intelligence level all DA’s. Unfortunately, he probably is.
Re: Re:
I hope this guy isn’t indicative of the intelligence level all DA’s. Unfortunately, he probably is.
He’s probably about as honest as most of them too.
Re: Re:
They’re fucking robots, man. Seriously. If you get a chance to actually talk with one of them, take it. They have zero sense of morality beyond blind faith in their rules and procedures and expanding the reach of those procedures and rules. In their minds, all the procedures and rules are good, so increasing the scope of those procedures and rules is good. Fucking. Robots.
what a fucking tool
people always wonder why insurrections are always so full of blood?
This is our answer… after enough fucktards like this spew their considerable bullshit all over the place people are already frothing out of the mouth by the time they come for them, they have already had enough to the point where only ruthless bloody murder will quench their rage.
Excellent point. And I suspect strongly that this guy is not as stupid as he seems, he’s probably already got the white paper written for “banning/not banning” PGP and VeraCrypt* from desktop computers. For reasons.
*I still use TrueCrypt 7.1a, by golly.
bad analogies
if he ever needs [brain] surgery i propose that we get a locksmith to open him up. After all, using his logic, operating on someone is just as easy as unlocking a door.
/sarcasm
No. The government should not be able to alter this constitutional balance unilaterally. The problem is, that’s exactly what they’ve done. And then they spun themselves into a frenzy trying to keep anyone from finding out about it.
Anyone in law enforcement with an ounce of integrity ought to be able to recognize the hypocrisy on display with all of this hand-wringing.
Re: Re:
Gotta say though, making a statement that ludicrous with a straight face means that Vance probably needs a step-ladder to see over his own big brass ones.
“It would require, simply, that designers and makers of operating systems not design or build them to be impregnable to lawful governmental searches.”
So not a ban on encryption, but just a ban on having it installed by default? So the average users can’t have security, but no law against installing it yourself, so the motivated can?
Re: Re:
No. A ban against locking out lawful governmental searches. So you just scan the warrant with your phone, it determines if it is a lawful warrant or not and unlocks phone if necessary. Easy as pi
a quote by Vance in the ARS article.
“government’s principal responsibility to keep its residents safe”
No. No, man. Shit no man. I believe you get your ass kicked for saying something like that.
the governments principal responsibility is to UPHOLD THE CONSTITUTION at all costs
THIS GUY swore an oath:
“I do solemnly swear (or affirm) that I will support the constitution of the United States, and the constitution of the State of New York, and that I will faithfully discharge the duties of the office of ……, according to the best of my ability;”
https://www.dos.ny.gov/info/constitution/article_13_public_officers.html
Re: Not just wrong, fractally wrong
You actually don’t even need to point out that he’s wrong for that reason, because even assuming he’s correct in his statement he’s still wrong.
If the primary responsibility of the government is to keep it’s resident’s safe, then the absolute last thing they should be trying to do is undermine the public’s safety, which destroying encryption absolutely would do. No matter which way you look at it, he’s absolutely wrong.
Re: Re: Not just wrong, fractally wrong
Not only that, but if it is their responsibility to keep the citizens safe why are they continually killing them for no reason and why are they continually denying them healthcare, living wage, the right to vote … the list goes on and on …
Preemption
Won’t this law be preempt end by the TPP (if passed) as it would change the regulatory landscape that foreign (Samsung) held companies have to operate under, to their detriment?
Could at least be some silver lining there….
Re: Preemption
preempt end ?
It would have made itself more of a white paper if they used white ink* on white paper. It would have been more read able too.
* OK I know there is no such thing as white ink, but they don’t know that. Besides, just distributing blank white paper would be faster, cheaper, and more able to have said whatever they want it to have said after the fact, a prosecutors dream.
Re: Re:
there is no such thing as white ink
For what it’s worth, I heard that people in Hollywood regularly pay hookers to help them extract their white ink. Jim Hood probably knows.
Let me fix that for you
Let me fix that for you
Manhattan DA’s office:
Let me fix that for you:
Re: Let me fix that for you
What was wrong with their wording, it still reads the same.
Re: Let me fix that for you
you forgot two bad guys: nsa & cia
Encryption is everywhere.
This guy may as well be trying to ban AIR at this point, he looks absurd.
These people in government are simply not smart enough to decide anything anymore. They are too stupid (literally) and too corrupt.
Wait til anonymous gets done with his sorry ass...
Since he’s so against encryption, when anonymous hacks his accounts in zero.zerozerozerozeroonefemtoseconds and publicly releases all of his e-mails, texts, pr0n, etc…, I imagine he’ll sing a different tune as a soprano when his wife cuts his balls off.
Re: Wait til anonymous gets done with his sorry ass...
Aha! I think you figured it out, he’s really not a idiot. The whole whitepaper is a honeypot to lure anonymous into hacking his accounts!!
or he a Fng idiot.
Whose devices? Their devices.
The report states: “For the above reasons, were Apple and Google once again to give themselves the ability to decrypt data stored on their devices, there would not be a significant loss of security. This, in combination with the safeguards provided by the Fourth Amendment, means that personal privacy would be successfully protected.”
The report is very confused: the devices belong to the end user, not to Google or Apple.
Re: Whose devices? Their devices.
Ah, but remember the trick the government’s trying in another case, where they argue that Google/Apple still own the software on the phone, and can therefore be compelled to unlock it as ‘their’ possession, completely bypassing the need to deal with the owner of the hardware half.
Re: Whose devices? Their devices.
“Apple and Google once again to give themselves the ability to decrypt data stored on their devices”
seriously – wtf!
Re: Whose devices? Their devices.
The report is very confused: the devices belong to the end user, not to Google or Apple.
Unfortunately, due to the abomination known as “copyright”, quite a bit of those systems still belong to Google and Apple, not the poor fools who think they actually own the whole thing they paid for.
Abolish copyright.
Won't a keylogger/screenlogger be required?
The DA whitepaper wants to unlock & decrypt the data on the phone.
But what if the data was encrypted by an app installed on the phone? It’s unlikely that Apple could decrypt that app’s data.
So is the DA going to *require* that every phone include a keylogger & screenlogger to capture the data going in/out of every app?
So, there would then be a honeypot of keylogger & screenlogger data to attract criminals. These data would include bank account passwords and other bank account data.
These data would then be vulnerable to exfiltration by both physical access and remote access.
The OPM hack compromised 22 million people. The DA’s plan would compromise a billion people.
I’m going to cut this whitepaper into 4″ wide rolls and use it for its intended purpose. I just wish I had printed it out on softer paper.
NYC is a dirty, loud place, with corrupt police and overpriced everything. It’s filled mostly with overbearing, obnoxious people. I’ve been turning down jobs there for years.
I say put a wall around it like the Kurt Russell movie.
He has one point
Since companies like Apple and Google provide cloud services should be compelled to hand over that data. Unless they want to make and end-to-end encrypted version that they can’t access.
Re: He has one point
“should be compelled to hand over that data.”
should be compelled to self destruct.
ftfy
Re: He has one point
Unless they want to make and end-to-end encrypted version that they can’t access.
I think he’s saying they should not be allowed to make end-to-end encryption that they are not able to access.
Let me take a guess, Cyrus Vance doesn’t remember the Fappening scandal that was caused by not using encryption? Or perhaps he wants criminals mugging people for phones again? I’m thinking the recent rise of encryption is only because of it has become in and of itself an necessity. These things had nothing to do with Edward Snowden, the NSA, or LEO operations, but I’m sure that will only add more reasons especially when it’s been shown that they don’t follow the laws themselves.
Multiple layers of encryption
This is why I advocate using multiple layers of encryption.
Encrypted while in local storage, (with keys only yourself knows), another layer while data is in transit or hosted in the Cloud somewhere.
Compare phones with houses:
A home owner could turn his house into a fortress — complete with 10 foot thick walls and a moat with alligators. While that might make it impregnable to normal attacks the police would eventually get in using brute force, i.e. dynamite, etc.
So let the police just brute force the encryption.
Impregnable?
This cannot, by definition, exclude encryption since no encryption is impregnable.
No encryption is impossible to break, just difficult (for large values of “difficult”).
Re: Impregnable?
Well, if law enforcement has correct key they can access the data.
Re: Impregnable?
One time pads are however. With only one half you can solve for anything that fits the length. You can’t tell “Cats are cool.” from “Bomb the bank.”
Apparently we have reached the point where:
“Guns don’t kill people, encryption does” is a thing
New Product Announcement
We’re in luck, just saw a new ad from Levi’s and the GAP, they are introducing encrypted pockets in all of their jeans. Because, up till now, accessing your pockets is like accessing your home so to afford us new protections there will be adding encryption to the back pocket to protect the POPO from gaining access to your phone.
Is this guy an Asshat or does he just play one in real life.
Lanny dont-get-between-me-and-a-TV-camera Davis chimes in:
Lanny Davis wants backdoors:
http://thehill.com/opinion/lanny-davis/260664-lanny-davis-combating-terrorism-time-to-re-balance-privacy-and-security
“go to Congress in support of requiring such back-door keys in all such apps”
Here's a funny thing
I’m a 40+ man from the UK. I remember at least some of what came to be known as “The Troubles” a conflict based in, and around the UK and Ireland. It lasted for at least 30 years but goes back many hundreds of years.
Over 3,600 people were killed and thousands more injured. Communities totally destroyed. Kids growing up living in fear. Families wrecked by terrorism on both sides – and it should not be forgotten the Army sent in to control the situation didn’t exactly help.
Anyway, enough of the sad history. My point is that people wanting to do harm to others did it perfectly well without the internet back then. It didn’t even fuckin` exist.
So what is the point of banning encryption? Even if the whole world turned off the entire internet the bad actors would find a way to communicate – just as they did in 1979.
The whole idea is just mental.
Re: Here's a funny thing
Let’s not forget that smug little pricks like https://en.wikipedia.org/wiki/Peter_T._King supported the IRA via NORAID…
Re: Re: Here's a funny thing
He’s the kind of person who asserts that “the British government is a murder machine” while wanting the US and British governments to join up on pervasive surveillance of the population.
Re: Here's a funny thing
So what is the point of banning encryption?
Hint: The actual purpose is not what they’re claiming.
Banning encryption is the same as banning math(s).
Cloud users typically don't have informed consent anyway.
“the cloud” is an industry euphemism for: “shit I am not going to explain to you”. Tech industry marketers have been doing this for decades. They manufacture memes that are completely misleading and technically erroneous like: “cable modem”, or “firewall software”. “the cloud”, isn’t a thing. It is a reference to a variety of different kinds of managed data storage services.
Cloud users, 90% of the time, have NO idea what their exposure level is and thus no informed consent. The idea that turning off a cloud account is tantamount to terrorism, is quite inverted. ANY indexing of a cloud account is an act of corporate espionage. Securing that service to automated federal surveillance is a crime against the Constitution.
It is like saying: “Severe Genocide is bad.” Isn’t pretty much ANY genocide bad? You’d like to chalk it off to ignorance, but it probably isn’t.
He’s attempting to validate one evil by making it appear as if it’s already conceded, while arguing for some other evil. It is the same as calling FISC a “court”. (unless there is habeas corpus, there is no court. Using a word doesn’t make it so.) Mainstream journalists fall for this all the time. Fucking English lit majors. I swear they’ll be the death of us all.
As a citizen, I can assure him, these points are most certainly NOT conceded. But I imagine he’s already found that out. Perhaps the paper was written in service of a “leveraged” request, by a particular intelligence agency? Maybe because of something found on HIS cloud account?
Overturn Citizens United. Reinstate Glass Steagall. Bust the Trusts.
He wants to compare my cell phone, to my house.
He wants to compare something I share every waking moment with 4 other people with, to something I alone have access to and use of.
Brilliant.
Statewide Organization Openly Advocates Use of Full-Disk Encryption
Is the Manhattan DA aware of the existence of an organization with agents throughout his state openly advocating the effectiveness of encryption?
In fact, the organization takes this so seriously that it requires the use of full-disk encryption for its laptops:
Yes, you read that correctly: “State issued laptops.”
Source: New York State Information Technology Standard No: NYS-S14-007, IT Standard: Encryption (last accessed Nov. 18, 2015).
Re: Totally different
Of course those in positions of authority and/or power both require and deserve to use the most secure protection available for their private data and communications, given such data is both valuable and a tempting target for hackers and other criminals.
However, members of the public neither need nor deserve protection for their private data and communications, as only criminals try and hide what they say and do. After all, ‘If you’ve done nothing wrong, then you have nothing to hide’.
(If you can read both of the above statements and see no conflict or double-standards, congrats, you have a promising career in politics and/or police work waiting for you)
he is on the anonymous
to hack list
There’s plenty of effective means of secret communication that don’t even need a computer. You can do an old school one time pad with just a pen and paper, and communicate effectively over the internet without worrying if there’s a back door, because there’s no algorithm other than “words are numbered and stuff,” which even a brainwashed extremist can remember. You’re not going to catch people like that with just a computer program and a giant data stream. Take all that money and train more Navy SEALs or something productive.
But hey, don’t take my word for it. With a ban on encryption, we would join other proud nations like North Korea and Pakistan in our self-unaware idiocy.
Attention Terrorists: Feel the full power of our denial.
what's next
A ban on door locks because it slows them down getting in, and what about those pesky safety deposit boxes should we remove those barriers too
Re: what's next
I think you forgot to mention the problem of window blinds.