Say That Again

by Mike Masnick


Filed Under:
encryption, fbi, iphone, nypd, security, theft

Companies:
apple



Remember When The FBI & NYPD Told People To Upgrade Their iPhones To Enable Stronger Security?

from the because-it-helps-stop-crime dept

Look, let's face facts here. For all the talk coming from the law enforcement community that they need backdoors into encryption to stop crime, they absolutely know that the reverse is true: strong encryption prevents crime. Lots of it. Strong encryption on phones makes stealing those phones a lot less worthwhile, because all the information on them is locked up. As we noted back in 2014, the FBI had a webpage advocating for mobile encryption to protect your phone's data:
Of course, after that started to look inconvenient for the FBI, they quietly removed that page. I have a FOIA request in asking why, but the FBI has told me I shouldn't expect an answer for another year or two.

But it's not just the FBI. Trevor Timm alerts us to the amazing fact that just a couple of years ago, the New York City Police Department (NYPD) was literally roaming the streets, giving people fliers telling them to upgrade their iPhones to enable greater security features to protect against crime. Michael Hoffman tweeted a picture of the flier he received:
If you can't read the flier, it says:
PUBLIC AWARENESS NOTICE
ATTENTION APPLE USERS!!!!
As of Wednesday, September 18, 2013 the new iOS7 software update available for your Apple product brings added security to your devices.

By downloading the new operating system, should your device be lost or stolen it cannot be reprogrammed without an Apple ID and Password.

The download is FREE from Apple.
In other words, law enforcement in NYC absolutely knows that stronger security on phones prevents crime. And yet, Manhattan District Attorney Cyrus Vance is running around pretending that these phones have created a crime wave in NY?

And, it appears that the data absolutely supports what the FBI and the NYPD apparently used to know, but are now pretending to forget. An article last summer by Kevin Bankston, laid out the details, noting that phone theft is a massive epidemic, with criminals swiping millions of phones -- and many of them then seeking to get access to the data on those phones. While the introduction of remote kill switches has helped reduce some of that, encryption is a much better solution.

So what happened? Did the FBI and NYPD really "forget" everything they knew two and a half years ago about encryption and how it stops crime?

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That One Guy (profile), 22 Feb 2016 @ 8:27am

    Isn't it obvious?

    The computer that had all their pro-encryption talking points was encrypted, the only person who had the password quit or was fired, and they could no longer access anything on it as a result.

    Encryption: It not only protects criminals, but it also keeps government and police agencies from remembering just why it's so important.

    reply to this | link to this | view in chronology ]

  • identicon
    kallethen, 22 Feb 2016 @ 9:50am

    Selective amnesia at it's finest.

    reply to this | link to this | view in chronology ]

  • icon
    z! (profile), 22 Feb 2016 @ 9:52am

    Well, the law enforcement community has always want to have it's cake and eat it too.

    reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    icon
    Whatever (profile), 22 Feb 2016 @ 9:53am

    "In other words, law enforcement in NYC absolutely knows that stronger security on phones prevents crime. And yet, Manhattan District Attorney Cyrus Vance is running around pretending that these phones have created a crime wave in NY? "

    I know it may hurt your one track mind, but have you considered that it discourages one type of crime but may encourage another? Crime isn't a one size fits all thing.

    Try invoking David Bowie instead!

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 22 Feb 2016 @ 10:04am

      Re:

      Absolutely right, it's obvious that the NYPD are only in favor of 'good guys only' encryption, that being encryption that is installed on a device when a 'good person' uses it, and are totally opposed to 'bad guys allowed' encryption, that being encryption that is installed or switched to the second a 'bad person' so much as touches a device.

      Given the existence of the two distinct forms of encryption, it's perfectly logical for them to be pushing encryption one year by claiming that it prevents crime, while not two years later whining about how encryption makes their jobs harder/impossible with nary a peep about how much crime it prevents.

      reply to this | link to this | view in chronology ]

      • icon
        Whatever (profile), 22 Feb 2016 @ 10:11am

        Re: Re:

        "Absolutely right, it's obvious that the NYPD are only in favor of 'good guys only' encryption, that being encryption that is installed on a device when a 'good person' uses it, and are totally opposed to 'bad guys allowed' encryption, that being encryption that is installed or switched to the second a 'bad person' so much as touches a device"

        It's not the point, is it?

        The point is that of protecting your personal data. Basically, if someone steals your phone, they get nothing. It stops that secondary effect of crime from harming you more than just getting your phone stolen. The police are certainly right to encourage you to use it.

        That does not preclude or stop the legitimate needs to investigate a multiple murder to it's logical conclusion and to gain access where possible to every piece of data they can.

        "while not two years later whining about how encryption makes their jobs harder/impossible with nary a peep about how much crime it prevents."

        Again, crime is not a monolithic thing. There is not "crime" as a generic one size fits all thing. A may cause B, but it can also independently cause C as well - or may impact and diminish D. It's not a simple one thing "more crime, less crime". That's just a simplistic attempt to "add to the narrative" of police being confused or inconsistent.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 22 Feb 2016 @ 10:17am

          Re: Re: Re:

          That does not preclude or stop the legitimate needs to investigate a multiple murder to it's logical conclusion and to gain access where possible to every piece of data they can.

          Sure. However, until the answer becomes "they can't get this data", then there are holes in the "they get nothing" feature. Right now, that hole is Apple. If Apple is smart, in iOS 10 or 11, that hole will be removed, and we're back to "they can't get this data".

          Or, as security researcher Matt Blaze tweeted: "I'm less concerned w/ whether Apple should be compelled to comply with this order than with ensuring future products can be more secure."

          reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 22 Feb 2016 @ 10:28am

          Re: Re: Re:

          Until modern portable computing device became almost universal, police managed to solve crime without having much in the way of recorded communication to go on. What they had to do was talk to people, but that required that they were friendly towards the people that they policed, rather than the modern treat every-body as the enemy.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 22 Feb 2016 @ 12:25pm

            Re: Re: Re: Re:

            The usual tone in cops' voices is "I know you're guilty because I'm talking to you." And THAT's not just for the perpetrators.

            Kind of hard to interrogate your allies when you're metaphorically already aiming a taser or gun at them.

            reply to this | link to this | view in chronology ]

        • icon
          Gwiz (profile), 22 Feb 2016 @ 10:31am

          Re: Re: Re:

          That does not preclude or stop the legitimate needs to investigate a multiple murder to it's logical conclusion and to gain access where possible to every piece of data they can.


          While this may be true, it's not a crime, in and of itself, to protect your own personal privacy, even if it makes law enforcement's job harder.

          If your goal is to make law enforcement's job easier, then why aren't you advocating abolishing the US Constitution? That would make the their job a whole lot easier, wouldn't it?

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 22 Feb 2016 @ 12:26pm

            Re: Re: Re: Re:

            A policeman's life is easy only in a police state.

            reply to this | link to this | view in chronology ]

          • icon
            Whatever (profile), 22 Feb 2016 @ 5:41pm

            Re: Re: Re: Re:

            "If your goal is to make law enforcement's job easier"

            I don't have a goal, and I think trying to figure that at every turn there has to be a bigger goal is perhaps misleading. This is a particular case where law enforcement can gain access without Apple having to create a backdoor, they just have to remove a couple of covers off the door lock so they can try.

            If there is a possibility of access by reasonable means (and brute force is reasonable, no different from using a battering ram to knock down a door) then the police should have that choice available to them.

            Where Apple objects is that this sort of change exposes the weakness of their pincode approach to encryption. When you stop and realize that all of the security chip one way code hidden access means nothing if the user's password to access the files is too short. Apple doesn't want the code getting into the wild, at least not until they come up with a IOS patch that forces consumers to use longer passwords for encryption.

            When Apple fixes the problem, the discussion will be moot. For now, Apple doth protest too much, mostly because they don't want anyone to notice the egg on their faces.

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 23 Feb 2016 @ 3:30am

              Re: Re: Re: Re: Re:

              "When Apple fixes the problem, the discussion will be moot. For now, Apple doth protest too much, mostly because they don't want anyone to notice the egg on their faces."

              Apple would still need to create the problem first before they would be able to fix it.

              Currently this is not a possibility as the firmware does not allow it and the firmware has to be signed with their cryptographic keys to be able to work. So in other words their security is strong and only apple have the remote possibility to be able to make a firmware that might make it easier to break.

              reply to this | link to this | view in chronology ]

            • icon
              Ninja (profile), 23 Feb 2016 @ 3:37am

              Re: Re: Re: Re: Re:

              It doesn't matter how you try to frame, it is a backdoor. "You see, it's not a door but we are leaving this 'backcrack' in the wall so anybody can easily break it and go inside." Call whatever you will, it is a backdoor.

              And the request is not reasonable. A whole freaking lot of people think it's not reasonable. And nobody is mentioning how costly and complex the task would be. One TD reader described in details how forensic works and how it could be screwed up anywhere during the process.

              Where Apple objects is that this sort of change exposes the weakness of their pincode approach to encryption.

              Nobody said pin codes are the pinnacle of good security. It would expose a company that's willing to screw their customers without fight AND that doesn't provide good security as advertised. This would be catastrophic to the company considering how competitive is the smartphone market. And I'm amused by the way you talk as if the Government is always the good guys. This, if done, will have severe consequences all over the world. But entitled f* like you don't care.

              When Apple fixes the problem, the discussion will be moot.

              If what the FBI asks can be done it will still be used and a whole lot of people will be put at risk along with a company with a broken trust. But I do agree and I hope Apple makes it impossible to crack in any conceivable way. Maybe then law enforcement will actually do their jobs.

              reply to this | link to this | view in chronology ]

        • icon
          That One Guy (profile), 22 Feb 2016 @ 10:36am

          Re: Re: Re:

          That does not preclude or stop the legitimate needs to investigate a multiple murder to it's logical conclusion and to gain access where possible to every piece of data they can.

          The encryption that protects your personal data from criminals is the very same encryption that makes it more difficult, if not flat out impossible for police to gather evidence from an encrypted device. If a company can bypass it thanks to shoddy security or as far too many have demanded a 'golden key' then that same vulnerability makes it easier for criminals to break in.

          Encryption is one of the very few things that is black or white, secure or not secure. If police and/or government agencies are pushing for better encryption on one hand because it prevents crimes, they do not get to turn around and say that encryption needs to be weakened when it makes their jobs harder, especially given doing so might allow them to solve some cases, but it absolutely would lead to more crimes in general involving devices that aren't as secure as they could have been.

          reply to this | link to this | view in chronology ]

          • icon
            Whatever (profile), 22 Feb 2016 @ 5:35pm

            Re: Re: Re: Re:

            "Encryption is one of the very few things that is black or white, secure or not secure."

            Not really true. You can have very secure encryption which is ruined by having user friendly short pincodes to open the files. Apple's encryption is in theory very strong, in practice perhaps less so.

            Remember: no matter what, encryption by it's nature needs decryption to have value. That means there is always a key, and it's strictly how good that key is that makes all the difference. Good encryption with a weak key isn't any better than a big steel door with a 99 cent padlock on it.

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 23 Feb 2016 @ 3:33am

              Re: Re: Re: Re: Re:

              If the key was weak the FBI would have the data by now.

              reply to this | link to this | view in chronology ]

            • icon
              Ninja (profile), 23 Feb 2016 @ 3:41am

              Re: Re: Re: Re: Re:

              Not really true. You can have very secure encryption which is ruined by having user friendly short pincodes to open the files.

              This is not an issue with encryption. And pin codes can be fairly secure if you take steps to prevent brute force attacks like introducing a hardware enforced delay for instance.

              Remember: no matter what, encryption by it's nature needs decryption to have value. That means there is always a key, and it's strictly how good that key is that makes all the difference. Good encryption with a weak key isn't any better than a big steel door with a 99 cent padlock on it.

              Again, not a problem of weak encryption. Using good keys only helps if, say, FBI goons can go through the rest of the security measures (such as the delay previously mentioned). He is right, either an encryption system is secure or it is not. How you employ that system (ie: using pin codes or long phrases) is not an issue with the system itself.

              reply to this | link to this | view in chronology ]

              • icon
                nasch (profile), 23 Feb 2016 @ 9:27am

                Re: Re: Re: Re: Re: Re:

                He is right, either an encryption system is secure or it is not.

                I disagree, security is a matter of degrees. If you want to use a black and white definition, then a system is either totally unbreakable or it isn't. And there aren't any systems that are totally unbreakable*, so all systems are insecure. It's much more useful (but harder) to discuss how secure a system is, and what its weaknesses are, because they all have weaknesses.

                * OTP encryption is unbreakable, but a communication system using it can be generally be compromised in other ways

                reply to this | link to this | view in chronology ]

                • icon
                  John Fenderson (profile), 24 Feb 2016 @ 6:45am

                  Re: Re: Re: Re: Re: Re: Re:

                  This.

                  In general in life, there is no such thing as 100% security. With almost all crypto, this is even more true. To take a binary "secure/insecure" viewpoint is, itself, a security problem because it prevents you from accurately evaluating your security situation.

                  reply to this | link to this | view in chronology ]

    • icon
      Gwiz (profile), 22 Feb 2016 @ 10:08am

      Re:

      I know it may hurt your one track mind, but have you considered that it discourages one type of crime but may encourage another? Crime isn't a one size fits all thing.

      Ok, I get that it discourages phone theft, but what crime is being encouraged here? The "crime" of protecting your own personal privacy? The "crime" of being able to have private conversations with other people? The "crime" of not wanting to be geo-tracked wherever you go? What "crimes" are you talking about?

      reply to this | link to this | view in chronology ]

      • icon
        Wyrm (profile), 22 Feb 2016 @ 12:59pm

        Re: Re:

        Don't you realize that owning a strongly encrypted phone encourages you to kill, steal and rape?
        Nobody would become a terrorist without encryption.
        No child would be molested without encryption.
        Crime and violence never existed before encryption!

        Oh wait...

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Feb 2016 @ 10:22am

      Re:

      If people cannot keep secrets from the government, then you have a tyranny and not a democracy, because a government can then stamp out any opposition to how they are ruling.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 23 Feb 2016 @ 12:11am

        Re: Re:

        Here I thought there was already a tyranny because the government pretends their citizens do not have any rights when it gets in the way of what those running things want to happen.

        reply to this | link to this | view in chronology ]

    • icon
      Ninja (profile), 22 Feb 2016 @ 11:16am

      Re:

      So? In person conversations also create bonds that discourage crime and strengthen the community. But it also allow criminals to fly under the radar because such conversations aren't trackable. Shall we ban all in person conversations?

      Even if you consider it the benefits far outweigh the problems. There are two phones that Farook destroyed. The data on them is inaccessible. But it may not really be a problem since part of the data can be obtained via carriers, victims phones etc. There are more paths than the absurd they are asking.

      reply to this | link to this | view in chronology ]

  • icon
    CanadianByChoice (profile), 22 Feb 2016 @ 10:15am

    They didn't really change their minds....

    Two years ago, it was fantastic PR to be "so concerned about the publics best interest".
    It's only a problem now because, hey, they didn't really expect the public to do it!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Feb 2016 @ 10:32am

    "You all need to upgrade your iphones RIGHT NOW to have stronger backdoored encryption!"

    reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 22 Feb 2016 @ 11:17am

    In 2013 the criminals were not using iphones. Duh. /sarc

    reply to this | link to this | view in chronology ]

  • icon
    Dismembered3po (profile), 22 Feb 2016 @ 12:17pm

    So...I'm fairly certain

    So, I'm thining that the iOS 7 update wasn't being pushed because of encryption.

    I believe that the feature being pushed here is that the phone can't even be factory-reset and used by someone else. Prior to 7, if you stole an iPhone, you could just wipe it and use it as brand-new. In 7, the phone would not register to another user unless it was first released by the original user (by some mechanism - the IMEI or something was actually bound to the specific iTunes user account).

    reply to this | link to this | view in chronology ]

  • icon
    keithzg (profile), 22 Feb 2016 @ 3:33pm

    On the plus side, Fall 2016 is coming up fast...

    Less than a year to wait for their reply to the FOIA request about their public stance about encryption!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Feb 2016 @ 12:08am

    You forget we have always been at war with EastAsia. to say anything differant is terrorism and treason.

    reply to this | link to this | view in chronology ]

  • icon
    John Fenderson (profile), 23 Feb 2016 @ 6:59am

    Ironically

    If a law enforcement agency is telling me to upgrade or install any particular piece of software, my inclination would be to avoid that software. Law enforcement agencies cannot be trusted.

    reply to this | link to this | view in chronology ]

  • identicon
    Using MY Brain, 23 Feb 2016 @ 8:55am

    Let's talk about the gas pump

    Maybe the fbi finally got the volumes of lists of foreigners who have come to America and bought gas stations around the country from the oil companies who let these people come to America through a lottery system in which these foreigners applied and won.

    reply to this | link to this | view in chronology ]

    • icon
      nasch (profile), 23 Feb 2016 @ 9:31am

      Re: Let's talk about the gas pump

      Maybe the fbi finally got the volumes of lists of foreigners who have come to America and bought gas stations around the country from the oil companies who let these people come to America through a lottery system in which these foreigners applied and won.

      The oil companies are in charge of immigration now?

      reply to this | link to this | view in chronology ]

      • identicon
        Using MY Brain, 23 Feb 2016 @ 9:36am

        Re: Re: Let's talk about the gas pump

        These foreigners who did apply had to have passports and were legal to travel abroad. But, how do we know the oil companies AREN'T in charge of immigration, anyway?

        reply to this | link to this | view in chronology ]

        • icon
          nasch (profile), 23 Feb 2016 @ 10:21am

          Re: Re: Re: Let's talk about the gas pump

          But, how do we know the oil companies AREN'T in charge of immigration, anyway?

          Do you just choose to believe in everything until you see evidence it's not true? How do we know the YMCA isn't in charge of immigration? Or video game publishers? Or the car wash owners association of America?

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 23 Feb 2016 @ 10:25am

            Re: Re: Re: Re: Let's talk about the gas pump

            How do we know the YMCA isn't in charge of immigration? Or video game publishers? Or the car wash owners association of America?

            Maybe they are!

            reply to this | link to this | view in chronology ]

          • identicon
            Using what's left of my Brains, 23 Feb 2016 @ 11:10am

            Re: Re: Re: Re: Let's talk about the gas pump

            It was a rhetorical I was answering when you asked about oil companies being in charge of immigration when I asserted that the oil companies agreed to let them come to America in the first place. It was semantically wrong of me to not clarify that the foreigners were only preselected before they came to America by the oil companies who also may have helped them get financing as well, perhaps as a helpful precondition of their visas. Stop busting my balls..

            reply to this | link to this | view in chronology ]

            • identicon
              Stop busting my balls, sideways two stepper, 23 Feb 2016 @ 11:13am

              Re: Re: Re: Re: Re: Let's talk about the gas pump

              You are maybe missing the part about why the FBI might be a little more concerned that they where a couple of years back.. and I was just putting the possibility out there. So, what about the gas pumps?

              reply to this | link to this | view in chronology ]

              • icon
                nasch (profile), 23 Feb 2016 @ 11:23am

                Re: Re: Re: Re: Re: Re: Let's talk about the gas pump

                Why would the FBI be interested in gas station owners?

                reply to this | link to this | view in chronology ]

                • identicon
                  Using MY Brain, 23 Feb 2016 @ 11:47am

                  Re: Re: Re: Re: Re: Re: Re: Let's talk about the gas pump

                  There is growing dissadent sentiment from certain foreign governments that I won't mention that have received less money from the US than they were before. I'm just supposing that if a large number of the owners of these gas stations were from some of those countries were so directed, what would stop them from going full on ape shit with America's gasoloine and diesel supplies. Finally getting to the crux of the question.. It does put America in another vulnerable position or at least it seems conceiveable.

                  reply to this | link to this | view in chronology ]

                  • identicon
                    I'm not Rappaport, 23 Feb 2016 @ 11:59am

                    Re: Re: Re: Re: Re: Re: Re: Re: Let's talk about the gas pump

                    And let's not be naive about it, now. There are those who wouldn't hesitate to exploit our once friendly invitation to come to our wonderful 'melting pot' of a country against us any way they can if they had a chance or maybe that one cell phone call.

                    reply to this | link to this | view in chronology ]

  • identicon
    Using what's left of my Brains, 23 Feb 2016 @ 11:19am

    Inferring I have more than one brain from my name

    You could also question me about having more than one brain, I suppose. I will try to answer that too.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.