Remember When The FBI & NYPD Told People To Upgrade Their iPhones To Enable Stronger Security?
from the because-it-helps-stop-crime dept
Look, let’s face facts here. For all the talk coming from the law enforcement community that they need backdoors into encryption to stop crime, they absolutely know that the reverse is true: strong encryption prevents crime. Lots of it. Strong encryption on phones makes stealing those phones a lot less worthwhile, because all the information on them is locked up. As we noted back in 2014, the FBI had a webpage advocating for mobile encryption to protect your phone’s data:
But it’s not just the FBI. Trevor Timm alerts us to the amazing fact that just a couple of years ago, the New York City Police Department (NYPD) was literally roaming the streets, giving people fliers telling them to upgrade their iPhones to enable greater security features to protect against crime. Michael Hoffman tweeted a picture of the flier he received:
Four uniformed NYPD officers were at my subway stop tonight asking me to upgrade to iOS 7. Not a joke! pic.twitter.com/CGdR2RqtKJ
— Michael Hoffman (@Hoffm) September 21, 2013
PUBLIC AWARENESS NOTICE As of Wednesday, September 18, 2013 the new iOS7 software update available for your Apple product brings added security to your devices.
ATTENTION APPLE USERS!!!!By downloading the new operating system, should your device be lost or stolen it cannot be reprogrammed without an Apple ID and Password.
The download is FREE from Apple.
In other words, law enforcement in NYC absolutely knows that stronger security on phones prevents crime. And yet, Manhattan District Attorney Cyrus Vance is running around pretending that these phones have created a crime wave in NY?
And, it appears that the data absolutely supports what the FBI and the NYPD apparently used to know, but are now pretending to forget. An article last summer by Kevin Bankston, laid out the details, noting that phone theft is a massive epidemic, with criminals swiping millions of phones — and many of them then seeking to get access to the data on those phones. While the introduction of remote kill switches has helped reduce some of that, encryption is a much better solution.
So what happened? Did the FBI and NYPD really “forget” everything they knew two and a half years ago about encryption and how it stops crime?
Filed Under: encryption, fbi, iphone, nypd, security, theft
Companies: apple
Comments on “Remember When The FBI & NYPD Told People To Upgrade Their iPhones To Enable Stronger Security?”
Isn't it obvious?
The computer that had all their pro-encryption talking points was encrypted, the only person who had the password quit or was fired, and they could no longer access anything on it as a result.
Encryption: It not only protects criminals, but it also keeps government and police agencies from remembering just why it’s so important.
Re: Isn't it obvious?
so what you are saying is…
“They couldn’t access the site cause it didn’t have a backdoor to it.” Is that right?
Selective amnesia at it’s finest.
Well, the law enforcement community has always want to have it’s cake and eat it too.
“In other words, law enforcement in NYC absolutely knows that stronger security on phones prevents crime. And yet, Manhattan District Attorney Cyrus Vance is running around pretending that these phones have created a crime wave in NY? “
I know it may hurt your one track mind, but have you considered that it discourages one type of crime but may encourage another? Crime isn’t a one size fits all thing.
Try invoking David Bowie instead!
Re: Re:
Absolutely right, it’s obvious that the NYPD are only in favor of ‘good guys only’ encryption, that being encryption that is installed on a device when a ‘good person’ uses it, and are totally opposed to ‘bad guys allowed’ encryption, that being encryption that is installed or switched to the second a ‘bad person’ so much as touches a device.
Given the existence of the two distinct forms of encryption, it’s perfectly logical for them to be pushing encryption one year by claiming that it prevents crime, while not two years later whining about how encryption makes their jobs harder/impossible with nary a peep about how much crime it prevents.
Re: Re: Re:
“Absolutely right, it’s obvious that the NYPD are only in favor of ‘good guys only’ encryption, that being encryption that is installed on a device when a ‘good person’ uses it, and are totally opposed to ‘bad guys allowed’ encryption, that being encryption that is installed or switched to the second a ‘bad person’ so much as touches a device”
It’s not the point, is it?
The point is that of protecting your personal data. Basically, if someone steals your phone, they get nothing. It stops that secondary effect of crime from harming you more than just getting your phone stolen. The police are certainly right to encourage you to use it.
That does not preclude or stop the legitimate needs to investigate a multiple murder to it’s logical conclusion and to gain access where possible to every piece of data they can.
“while not two years later whining about how encryption makes their jobs harder/impossible with nary a peep about how much crime it prevents.”
Again, crime is not a monolithic thing. There is not “crime” as a generic one size fits all thing. A may cause B, but it can also independently cause C as well – or may impact and diminish D. It’s not a simple one thing “more crime, less crime”. That’s just a simplistic attempt to “add to the narrative” of police being confused or inconsistent.
Re: Re: Re: Re:
Sure. However, until the answer becomes “they can’t get this data”, then there are holes in the “they get nothing” feature. Right now, that hole is Apple. If Apple is smart, in iOS 10 or 11, that hole will be removed, and we’re back to “they can’t get this data”.
Or, as security researcher Matt Blaze tweeted: “I’m less concerned w/ whether Apple should be compelled to comply with this order than with ensuring future products can be more secure.”
Re: Re: Re: Re:
Until modern portable computing device became almost universal, police managed to solve crime without having much in the way of recorded communication to go on. What they had to do was talk to people, but that required that they were friendly towards the people that they policed, rather than the modern treat every-body as the enemy.
Re: Re: Re:2 Re:
The usual tone in cops’ voices is “I know you’re guilty because I’m talking to you.” And THAT’s not just for the perpetrators.
Kind of hard to interrogate your allies when you’re metaphorically already aiming a taser or gun at them.
Re: Re: Re: Re:
That does not preclude or stop the legitimate needs to investigate a multiple murder to it’s logical conclusion and to gain access where possible to every piece of data they can.
While this may be true, it’s not a crime, in and of itself, to protect your own personal privacy, even if it makes law enforcement’s job harder.
If your goal is to make law enforcement’s job easier, then why aren’t you advocating abolishing the US Constitution? That would make the their job a whole lot easier, wouldn’t it?
Re: Re: Re:2 Re:
A policeman’s life is easy only in a police state.
Re: Re: Re:2 Re:
“If your goal is to make law enforcement’s job easier”
I don’t have a goal, and I think trying to figure that at every turn there has to be a bigger goal is perhaps misleading. This is a particular case where law enforcement can gain access without Apple having to create a backdoor, they just have to remove a couple of covers off the door lock so they can try.
If there is a possibility of access by reasonable means (and brute force is reasonable, no different from using a battering ram to knock down a door) then the police should have that choice available to them.
Where Apple objects is that this sort of change exposes the weakness of their pincode approach to encryption. When you stop and realize that all of the security chip one way code hidden access means nothing if the user’s password to access the files is too short. Apple doesn’t want the code getting into the wild, at least not until they come up with a IOS patch that forces consumers to use longer passwords for encryption.
When Apple fixes the problem, the discussion will be moot. For now, Apple doth protest too much, mostly because they don’t want anyone to notice the egg on their faces.
Re: Re: Re:3 Re:
“When Apple fixes the problem, the discussion will be moot. For now, Apple doth protest too much, mostly because they don’t want anyone to notice the egg on their faces.”
Apple would still need to create the problem first before they would be able to fix it.
Currently this is not a possibility as the firmware does not allow it and the firmware has to be signed with their cryptographic keys to be able to work. So in other words their security is strong and only apple have the remote possibility to be able to make a firmware that might make it easier to break.
Re: Re: Re:3 Re:
It doesn’t matter how you try to frame, it is a backdoor. “You see, it’s not a door but we are leaving this ‘backcrack’ in the wall so anybody can easily break it and go inside.” Call whatever you will, it is a backdoor.
And the request is not reasonable. A whole freaking lot of people think it’s not reasonable. And nobody is mentioning how costly and complex the task would be. One TD reader described in details how forensic works and how it could be screwed up anywhere during the process.
Where Apple objects is that this sort of change exposes the weakness of their pincode approach to encryption.
Nobody said pin codes are the pinnacle of good security. It would expose a company that’s willing to screw their customers without fight AND that doesn’t provide good security as advertised. This would be catastrophic to the company considering how competitive is the smartphone market. And I’m amused by the way you talk as if the Government is always the good guys. This, if done, will have severe consequences all over the world. But entitled f* like you don’t care.
When Apple fixes the problem, the discussion will be moot.
If what the FBI asks can be done it will still be used and a whole lot of people will be put at risk along with a company with a broken trust. But I do agree and I hope Apple makes it impossible to crack in any conceivable way. Maybe then law enforcement will actually do their jobs.
Re: Re: Re: Re:
That does not preclude or stop the legitimate needs to investigate a multiple murder to it’s logical conclusion and to gain access where possible to every piece of data they can.
The encryption that protects your personal data from criminals is the very same encryption that makes it more difficult, if not flat out impossible for police to gather evidence from an encrypted device. If a company can bypass it thanks to shoddy security or as far too many have demanded a ‘golden key’ then that same vulnerability makes it easier for criminals to break in.
Encryption is one of the very few things that is black or white, secure or not secure. If police and/or government agencies are pushing for better encryption on one hand because it prevents crimes, they do not get to turn around and say that encryption needs to be weakened when it makes their jobs harder, especially given doing so might allow them to solve some cases, but it absolutely would lead to more crimes in general involving devices that aren’t as secure as they could have been.
Re: Re: Re:2 Re:
“Encryption is one of the very few things that is black or white, secure or not secure.”
Not really true. You can have very secure encryption which is ruined by having user friendly short pincodes to open the files. Apple’s encryption is in theory very strong, in practice perhaps less so.
Remember: no matter what, encryption by it’s nature needs decryption to have value. That means there is always a key, and it’s strictly how good that key is that makes all the difference. Good encryption with a weak key isn’t any better than a big steel door with a 99 cent padlock on it.
Re: Re: Re:3 Re:
If the key was weak the FBI would have the data by now.
Re: Re: Re:3 Re:
Not really true. You can have very secure encryption which is ruined by having user friendly short pincodes to open the files.
This is not an issue with encryption. And pin codes can be fairly secure if you take steps to prevent brute force attacks like introducing a hardware enforced delay for instance.
Remember: no matter what, encryption by it’s nature needs decryption to have value. That means there is always a key, and it’s strictly how good that key is that makes all the difference. Good encryption with a weak key isn’t any better than a big steel door with a 99 cent padlock on it.
Again, not a problem of weak encryption. Using good keys only helps if, say, FBI goons can go through the rest of the security measures (such as the delay previously mentioned). He is right, either an encryption system is secure or it is not. How you employ that system (ie: using pin codes or long phrases) is not an issue with the system itself.
Re: Re: Re:4 Re:
He is right, either an encryption system is secure or it is not.
I disagree, security is a matter of degrees. If you want to use a black and white definition, then a system is either totally unbreakable or it isn’t. And there aren’t any systems that are totally unbreakable*, so all systems are insecure. It’s much more useful (but harder) to discuss how secure a system is, and what its weaknesses are, because they all have weaknesses.
* OTP encryption is unbreakable, but a communication system using it can be generally be compromised in other ways
Re: Re: Re:5 Re:
This.
In general in life, there is no such thing as 100% security. With almost all crypto, this is even more true. To take a binary “secure/insecure” viewpoint is, itself, a security problem because it prevents you from accurately evaluating your security situation.
Re: Re:
I know it may hurt your one track mind, but have you considered that it discourages one type of crime but may encourage another? Crime isn’t a one size fits all thing.
Ok, I get that it discourages phone theft, but what crime is being encouraged here? The “crime” of protecting your own personal privacy? The “crime” of being able to have private conversations with other people? The “crime” of not wanting to be geo-tracked wherever you go? What “crimes” are you talking about?
Re: Re: Re:
Don’t you realize that owning a strongly encrypted phone encourages you to kill, steal and rape?
Nobody would become a terrorist without encryption.
No child would be molested without encryption.
Crime and violence never existed before encryption!
Oh wait…
Re: Re:
If people cannot keep secrets from the government, then you have a tyranny and not a democracy, because a government can then stamp out any opposition to how they are ruling.
Re: Re: Re:
Here I thought there was already a tyranny because the government pretends their citizens do not have any rights when it gets in the way of what those running things want to happen.
Re: Re:
So? In person conversations also create bonds that discourage crime and strengthen the community. But it also allow criminals to fly under the radar because such conversations aren’t trackable. Shall we ban all in person conversations?
Even if you consider it the benefits far outweigh the problems. There are two phones that Farook destroyed. The data on them is inaccessible. But it may not really be a problem since part of the data can be obtained via carriers, victims phones etc. There are more paths than the absurd they are asking.
They didn't really change their minds....
Two years ago, it was fantastic PR to be “so concerned about the publics best interest”.
It’s only a problem now because, hey, they didn’t really expect the public to do it!
“You all need to upgrade your iphones RIGHT NOW to have stronger backdoored encryption!”
In 2013 the criminals were not using iphones. Duh. /sarc
So...I'm fairly certain
So, I’m thining that the iOS 7 update wasn’t being pushed because of encryption.
I believe that the feature being pushed here is that the phone can’t even be factory-reset and used by someone else. Prior to 7, if you stole an iPhone, you could just wipe it and use it as brand-new. In 7, the phone would not register to another user unless it was first released by the original user (by some mechanism – the IMEI or something was actually bound to the specific iTunes user account).
On the plus side, Fall 2016 is coming up fast...
Less than a year to wait for their reply to the FOIA request about their public stance about encryption!
You forget we have always been at war with EastAsia. to say anything differant is terrorism and treason.
Ironically
If a law enforcement agency is telling me to upgrade or install any particular piece of software, my inclination would be to avoid that software. Law enforcement agencies cannot be trusted.
Let's talk about the gas pump
Maybe the fbi finally got the volumes of lists of foreigners who have come to America and bought gas stations around the country from the oil companies who let these people come to America through a lottery system in which these foreigners applied and won.
Re: Let's talk about the gas pump
Maybe the fbi finally got the volumes of lists of foreigners who have come to America and bought gas stations around the country from the oil companies who let these people come to America through a lottery system in which these foreigners applied and won.
The oil companies are in charge of immigration now?
Re: Re: Let's talk about the gas pump
These foreigners who did apply had to have passports and were legal to travel abroad. But, how do we know the oil companies AREN’T in charge of immigration, anyway?
Re: Re: Re: Let's talk about the gas pump
But, how do we know the oil companies AREN’T in charge of immigration, anyway?
Do you just choose to believe in everything until you see evidence it’s not true? How do we know the YMCA isn’t in charge of immigration? Or video game publishers? Or the car wash owners association of America?
Re: Re: Re:2 Let's talk about the gas pump
How do we know the YMCA isn’t in charge of immigration? Or video game publishers? Or the car wash owners association of America?
Maybe they are!
Re: Re: Re:2 Let's talk about the gas pump
It was a rhetorical I was answering when you asked about oil companies being in charge of immigration when I asserted that the oil companies agreed to let them come to America in the first place. It was semantically wrong of me to not clarify that the foreigners were only preselected before they came to America by the oil companies who also may have helped them get financing as well, perhaps as a helpful precondition of their visas. Stop busting my balls..
Re: Re: Re:3 Let's talk about the gas pump
You are maybe missing the part about why the FBI might be a little more concerned that they where a couple of years back.. and I was just putting the possibility out there. So, what about the gas pumps?
Re: Re: Re:4 Let's talk about the gas pump
Why would the FBI be interested in gas station owners?
Re: Re: Re:5 Let's talk about the gas pump
There is growing dissadent sentiment from certain foreign governments that I won’t mention that have received less money from the US than they were before. I’m just supposing that if a large number of the owners of these gas stations were from some of those countries were so directed, what would stop them from going full on ape shit with America’s gasoloine and diesel supplies. Finally getting to the crux of the question.. It does put America in another vulnerable position or at least it seems conceiveable.
Re: Re: Re:6 Let's talk about the gas pump
And let’s not be naive about it, now. There are those who wouldn’t hesitate to exploit our once friendly invitation to come to our wonderful ‘melting pot’ of a country against us any way they can if they had a chance or maybe that one cell phone call.
Inferring I have more than one brain from my name
You could also question me about having more than one brain, I suppose. I will try to answer that too.