Manhattan DA Cy Vance Wraps Up 2016 With Another Call For Gov't-Mandated Encryption Backdoors

from the stay-the-course dept

Manhattan DA Cyrus Vance is still riding James Comey's anti-encryption coattails. Another year passes and Vance still comes to the same conclusions about phone encryption: it's bad for law enforcement and something (legislative) needs to be done to keep the criminal apocalypse at bay.

His opening remarks at a recent cybercrime symposium set the tone:

In my Office alone, 423 Apple iPhones and iPads lawfully seized since October 2014 remain inaccessible due to default device encryption. Approximately 10% of our warrant-proof devices pertain to homicide or attempted murder cases, and 9% to sex crimes. And while we’ve been locked out of approximately 34% of all Apple devices lawfully recovered since October 2014, that number jumped to approximately 42% of the devices recovered in the past three months.

With over 96% of all smartphones worldwide operated by Apple and Google, and with devices running older operating systems rapidly aging out, the trend is only poised to continue. In other words, the risks associated with warrant-proof encryption remain, and are growing.

This is all just Vance's pitch for the 2016 edition of his "Phone Encryption is Bad" report. It's available at the DA's website but you'll have to dig around for it. (Or simply download it using this link.) It's the same things Vance said last year, only with some added bold print surrounding his pitch for legislated backdoors. (All emphasis in the original.)

As illustrated by the San Bernardino domestic terrorist attack in December 2015, as well as by the ever-increasing number of smartphones lawfully seized by law enforcement that cannot be accessed by law enforcement or by Apple, the threat to public safety is increasing rapidly.

This isn't much of a pitch. The FBI fought a long battle seeking a favorable precedential ruling before turning the phone over to a foreign company. The FBI likely believed the phone was as useless as it ended up being (it was a work-issued phone -- hardly the sort of place someone stores incriminating communications), but it wanted something it could take to the next legal battle over encrypted data. The presumed increase to "public safety threats" is never more than a theory -- one that presumes every locked phone contains a wealth of usable evidence.

Vance's push for anti-encryption legislation continues, even as he notes there's very little in terms of precedent for what he's proposing.

Several foreign nations, often spurred by the fear of terrorism, have addressed the question of whether manufacturers and software providers can be compelled to extract data from smartphones that they manufacture or for which they provide software. These nations’ efforts in this endeavor have been halting.

The few legislative efforts he can name are all dead in the water, including a few state efforts that have seen little forward momentum. This leads Vance to the conclusion that the only way to fix this is to make it a federal effort, something that still seems to have little chance of success.

Federal legislation is required to address the problem of smartphones whose contents are impervious to search warrants. Two proposed bills, the Compliance with Court Orders Act, drafted by Senators Richard Burr and Dianne Feinstein, and a bill drafted by our Office, would adequately address the problem.

Elsewhere in the report, Vance details other law enforcement agencies' struggles with encrypted devices. Then he throws out this statement, which makes it clear those fighting device encryption are still unwilling to provide accurate numbers about how often locked phones thwart investigations.

These figures [number of locked devices] are almost certainly artificially low, because law enforcement agents who encounter a locked device in the field often do not have the time to make note of the device before moving on to the next investigative step.

You would think that law enforcement agencies -- those presumably interested in the possibility of legislated backdoors -- would be tracking each and every instance in which encryption is encountered. But Vance's speculation seems to indicate that other law enforcement agencies aren't nearly as troubled by encryption as he is... or that they're just generally kind of sloppy when handling potential evidence.

The entire report presents a world where ever-growing encrypted "darkness" is turning law enforcement agencies into useless extensions of the government. A world where even the best-funded agencies with the access to a variety of tech solutions can be beaten by a consumer communication product. It's not exactly apocalyptic, but it does present the situation as being wholly untenable without the federal government stepping in and kicking open a backdoor.

Vance -- like others who only see mandated backdoors/encryption bans as workable -- also claims tech and law enforcement should work together to create solutions -- a statement that really means tech companies should be more willing to compromise their principles for the greater good of the government.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    I.T. Guy, 29 Nov 2016 @ 8:47am

    How's this any different than me having stacks of paper with encrypted text on it. Sorry guys you just don't get to get that info. Looks like you will have to go back to doing good ole fashion police work.

    reply to this | link to this | view in chronology ]

  • identicon
    Baron von Robber, 29 Nov 2016 @ 8:48am

    "In my Office alone, 423 Apple iPhones and iPads lawfully seized since October 2014 remain inaccessible due to default device encryption. Approximately 10% of our warrant-proof devices pertain to homicide or attempted murder cases, and 9% to sex crimes. And while we’ve been locked out of approximately 34% of all Apple devices lawfully recovered since October 2014, that number jumped to approximately 42% of the devices recovered in the past three months."

    So a smart criminal will get away with homicide, attempted murder, or sex crimes by NOT using smart phone at all? After all, the police can't figure out any crime unless the offender records it all on a electronic device, nope. =/

    reply to this | link to this | view in chronology ]

    • identicon
      Baron von Robber, 29 Nov 2016 @ 8:49am

      Re:

      Sorry, obligatory /s...Poe's Law and all that.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 29 Nov 2016 @ 5:27pm

      Re:

      One thing is for sure, don't do a crime using a Android phone. It's always about locked up iPhones, and never a single Android phone. I kind of find that funny.

      We went through this whole battle 20 years ago and the whole Clipper Chip. What you end up with if you have a Backdoor is criminals getting in. If there's a Backdoor that the U.S. Governmetn can get into any iPhone, what country would allow the phones to be sold in their country where the U.S. Government can spy on their Citizen's? Maybe some places will say fine, we want the same access also. Imagine China now with backdoor access to American user phones now!!! That's a disaster waiting to happen.

      So you have a Back door that now effects MILLIONS of people, because you can break into less then 500 iPhones. Oh My GOD!!!! It's the end of the world.

      The simple fact is most Encryption is done Outside of of the U.S. and U.S. control. Anyone could just install 3rd party encryption software with no back doors and now the only people protected are the Criminals. These people really just don't seem to get it.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Nov 2016 @ 8:55am

    The thing is LEO/intelligence agencies aren't going anywhere and aren't swayed by political tides. There is no downside to keep asking for something until you get it.

    reply to this | link to this | view in chronology ]

  • icon
    timmaguire42 (profile), 29 Nov 2016 @ 9:07am

    Law enforcement has its opinions, but their interests have to fit into the greater context of what it means to be a free society. One of the things it means is that law enforcement's job is a little harder.

    Tough.

    reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 29 Nov 2016 @ 9:11am

    This has been going for a while already. The last crypto wars is already over 20 years old. So let's just ask these morons one question: after several decades of improving encryption mechanisms, how has criminality evolved? Watch their reaction as the cognitive dissonance kick in.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Nov 2016 @ 9:12am

    Vance: henceforth, everyone must shave his/her head

    Wearing long hair -- or, god forbid, a head covering -- means you have something to hide.

    I think this paranoia explains why "Not Wittingly" Clapper is completely bald. But at least Clapper isn't a hypocrite.

    If Vance is really serious, perhaps he should start by shaving his head?

    https://en.wikipedia.org/wiki/Steganography

    The first recorded uses of steganography can be traced back to 440 BC when Herodotus mentions two examples in his Histories. Histiaeus sent a message to his vassal, Aristagoras, by shaving the head of his most trusted servant, "marking" the message onto his scalp, then sending him on his way once his hair had regrown, with the instruction, “When thou art come to Miletus, bid Aristagoras shave thy head, and look thereon."

    reply to this | link to this | view in chronology ]

  • icon
    DannyB (profile), 29 Nov 2016 @ 9:46am

    Working Together

    I love the "working together" euphemism. Tech needs to "work together" with government in order to compromise everyone's security and privacy.

    A phone is either secure, or it is not. If it is secure, then it is impervious to search warrants. Otherwise it is insecure. If the government can get into that phone, then so can others.

    The euphemism of "work together with government" really means to do as I say.

    How about if government would "work together" with reality?

    reply to this | link to this | view in chronology ]

  • identicon
    Personanongrata, 29 Nov 2016 @ 10:10am

    Day Dream Believers

    Manhattan DA Cyrus Vance is still riding James Comey's anti-encryption coattails.

    If Vance/Comey want to live in a "glass house" where everyone under the sun can potentially exploit their most private thoughts or personal financial data they are free to begin doing so immediately.

    But when these two tax feeding ignoramuses and their ilk use the bully-pulpit of their authority to espouse their anti-encryption fantasies while attempting to ram their vile agenda down the collective throats of John/Jane Q Public under the guise of being a law enforcement necessity they need to be shouted down at every opportunity with the absolute stone cold fact that using encryption is one of the key actions a person can take to protect their private data from being exploited.

    reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 29 Nov 2016 @ 10:12am

    Close, but not close enough

    As illustrated by the San Bernardino domestic terrorist attack in December 2015, as well as by the ever-increasing number of smartphones lawfully seized by law enforcement that cannot be accessed by law enforcement or by Apple, the threat to public safety is increasing rapidly.

    The funny thing is the last line is right, the 'threat to public safety is increasing rapidly', what he gets completely and utterly wrong is the source of the threat.

    Put bluntly, it's him. Him and those like him that are bound and determined to usher is a digital disaster by crippling the very same encryption that protects against criminals from having easy access to massive amounts of personal and valuable information located on phones and other systems.

    Because he's too gorram lazy and/or so entitled that he believes that he's owed instant access to anything he wants he's willing to threaten public safety on a scale that makes a few 'unsolved due to encryption' crimes look like minuscule blips on the radar. He and his incredibly stupid crusade against encryption are a bigger threat to public safety than encryption could ever be, even if you take his claims of investigations blocked by encryption as totally true.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Nov 2016 @ 10:42am

    Wait - a conservative wants more government regulation?

    Hahahahaha

    reply to this | link to this | view in chronology ]

  • icon
    NeghVar (profile), 29 Nov 2016 @ 10:42am

    Open-source

    Even if the a requirement for a government mandated backdoor was passed. There are open source communities outside the US who would be glad to make an encryption without a backdoor. People would then use that.

    reply to this | link to this | view in chronology ]

  • icon
    Roger Strong (profile), 29 Nov 2016 @ 11:32am

    Worth Repeating

    This level of surveillance has been tested before.

    From The Risks:

    We in the U.S. have just completed one of the largest case studies of what happens when every individual in an industry has all of its e-mail and financial records available to regulators. The Securities and Exchange Commission (SEC) already requires every person in the financial industry to make every e-mail, cellphone text and financial record available to the SEC in order to enforce insider trading and other financial rules.

    The result: NADA! NOTHING! With thousands of bankers involved in fraud on the U.S. taxpayer running into the trillions of dollars, not one has been prosecuted; not one has gone to jail. If this level of surveillance of the financial community has produced zero convictions in the largest ripoff of tax dollars in history, there is no reason to expect that any increased level of surveillance of non-financial citizens will produce any better results.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 29 Nov 2016 @ 9:02pm

      Tiny difference

      Bankers are 'big people', they've got money, connections, and would make for difficult targets.

      The 'little people' on the other hand would be essentially a massive number of people wearing targets on their backs, just ripe for the prosecution in order for a DA to drum up some 'tough on crime' PR, or a cop to teach some uppity citizen what happens when they talk back to their betters, because the 'little people' don't have money, and don't have connections, making for trivially easy targets.

      reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 29 Nov 2016 @ 12:43pm

    TEST RUN..

    If he likes it sooo much..
    Lets open up all his computer devices to FULL net access..
    Lets open all his wifi and BT to ANYONE that wants it..

    NOW, the gov DOES have access to most corp info, and can DEMAND more..but there isnt a chance that they wont CHEAT.

    reply to this | link to this | view in chronology ]

  • icon
    afn29129 (profile), 29 Nov 2016 @ 1:03pm

    Utterly futile

    Utterly futile even if you do succeed in getting backdoor legislation Mr Cy. People who are serious about their privacy will look to 3rd party encryption apps for their cellphones.
    Encrypt while in transit. Encrypt while at rest. Manage you own keys.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Nov 2016 @ 5:43pm

    Excellent

    "And while we’ve been locked out of approximately 34% of all Apple devices lawfully recovered since October 2014, that number jumped to approximately 42% of the devices recovered in the past three months."

    Excellent! This proves the security message is starting to sink through to the general non-technical populace.

    reply to this | link to this | view in chronology ]

  • icon
    Eldakka (profile), 29 Nov 2016 @ 7:26pm

    If Cyrus Vance likes back doors so much, maybe he should drop his pants in a public place, bend over, and let anyone have access.

    reply to this | link to this | view in chronology ]

  • icon
    Steve R. (profile), 30 Nov 2016 @ 6:56am

    Hackers it Seems Can Overcome All Security Holes

    It keeps amazing me that those in leadership positions who are supposedly intelligent keep thinking that there is a "secure" backdoor. It is a total fiction, as hackers have demonstrated. When will those proponents of a backdoor ever learn? Apparently never since this story keeps repeating.

    Furthermore, the contention is made that backdoor are necessary to get those evil criminals. Two quick points.

    1. The backdoor proponents seem to ignore the obvious fact that there a perfectly legitimate uses for unbreakable encryption.

    2. In the name of "security and fighting crime", the encryption proponents ignore civil rights on the pretext of making it "easier" for law enforcement to do its job. We should not give-up civil rights to make life easier for law enforcement.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.