Will Cy Vance's Anti-Encryption Pitch Change Now That The NYPD's Using iPhones?

from the or-will-encryption-only-be-an-option-for-the-protected-class? dept

For years, Manhattan DA Cy Vance has been warning us about the coming criminal apocalypse spurred on by cellphone encryption. "Evil geniuses" Apple introduced default encryption in a move likely meant to satiate lawmakers hollering about phone theft and do-nothing tech companies. In return, DA Cy Vance (and consecutive FBI directors) turned on Apple, calling device encryption a criminal's best friend.

Vance still makes annual pitches for law enforcement-friendly encryption -- something that means either backdoors or encryption so weak it can be cracked immediately. Both ideas would also be criminal-friendly, but Vance is fine with sacrificing personal security for law enforcement access. Frequently, these pitches are accompanied with piles of uncracked cellphones -- a gesture meant to wow journalists but ultimately indicative of nothing more than how much the NYPD can store in its evidence room. (How many are linked to active investigations? How many investigations continued to convictions without cellphone evidence? Were contempt charges ever considered to motivate cellphone owners into unlocking phones? So many questions. Absolutely zero answers.)

Will Vance be changing his pitch in the near future? Will he want weakened encryption safeguarding the NYPD's new tools? I guess we'll wait and see. (h/t Robyn Greene)

Announced last year, the shift will see some 36,000 Nokia handsets replaced over the coming weeks. Initially purchased in 2014 as part of a $160 million program to modernize police operations, the Nokia phones running Windows Phone will be collected, wiped and sold back to the company.

The move to iPhone 7 comes at no cost to the NYPD, as the handsets are considered upgrades under the agency's contract with AT&T.

NYPD's rollout began last month when officers patrolling the Bronx and Staten Island swapped their obsolete Nokia smartphones for Apple devices. The department is handing out about 600 iPhones per day, according to NYPD Deputy Commissioner for Information and Technology Jessica Tisch.

Let's get some crippled encryption for these guys. After all, their phones are manufactured by a company an FBI forensic detective called an "evil genius." Let's give malicious hackers an attack vector and street criminals more reasons to lift an iPhone off… well, anybody. By all means, let's give Vance what he wants and see if he hears anything back from his buddies in blue.

This upgrade puts Vance in a lose-lose situation. If he stops calling for weakened encryption, he's a hypocrite. If he keeps calling for it, he's an asshole. But it should drive home an important point: encryption doesn't just protect the bad guys. It protects the good guys as well.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    eaving (profile), 12 Feb 2018 @ 3:34am

    Of course

    Of course they will still want it. They suffer under the delusion that it is possible to make a back door that only the 'good guys' can use. They will call for the back door, and given it the second it is used against them will cry foul at the tech companies and blame them for the insecurity. Never mind it is an insecurity they had inserted in the first place.

    reply to this | link to this | view in chronology ]

  • identicon
    Daydream, 12 Feb 2018 @ 4:04am

    I will pay $500,000 USD for a backdoor into the NYPD's new phones, which lets me remotely activate their film camera functions (including audio) and stream any and all footage and sound to a remote database. $600,000 USD if it can access personal information and GPS information so I know who each officer is, what they're doing and where they are.

    (Disclaimer; this is not an actual tender. I don't have $500,000 USD. This is mostly wishful thinking about what could be done with a backdoor into police phones.)

    reply to this | link to this | view in chronology ]

  • identicon
    Rick F, 12 Feb 2018 @ 4:08am

    Based on his hyperbole and crypto pearl-clutching, I suspect he's too tone-deaf to understand this situation. He'll continue to rail for a Golden Key that allows his 'good guys' into any iPhone (that's not owned by NYPD of course) while keeping aaaaallll the evil bad guys out.

    Good luck with that, twitwaffle.

    reply to this | link to this | view in chronology ]

    • icon
      Bergman (profile), 12 Feb 2018 @ 4:49am

      Re:

      It would be just as easy to secure all jewelry stores, banks, liquor stores, pawn shops and any other kind of business against armed robbers, while still allowing police to carry weapons inside, as it would be to make 'good guy only' encryption back doors.

      Forget nerd harder, perhaps we should be asking why Vance and others like him are so lazy, that they refuse to cop harder?

      reply to this | link to this | view in chronology ]

  • icon
    Tim R (profile), 12 Feb 2018 @ 4:45am

    Double Standards

    Of course he won't. Since when has law enforcement been held to the same standards as the general public?

    reply to this | link to this | view in chronology ]

    • identicon
      Thad, 12 Feb 2018 @ 9:42am

      Re: Double Standards

      Since when has law enforcement been held to the same standards as the general public?

      Social standards and due process may not hold them to the same standards, but the laws of mathematics do.

      I think the question could be rephrased as "Will Cy Vance figure out that there's no such thing as encryption that only the Good Guys can break now that the NYPD's using iPhones?"

      I think the answer isn't quite a flat-out "No"; it's more like "Not unless they get their wish for weak encryption and NYPD iPhones start getting pwned en masse."

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 12 Feb 2018 @ 10:24am

        Re: Re: Double Standards

        "NYPD iPhones start getting pwned en masse"

        They would simply blame the tech - again,
        and demand they nerd harder this time.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 12 Feb 2018 @ 11:10am

          Re: Re: Re: Double Standards

          They will blame the nerds for a cop leaking the keys, because magic should be able to stop that happening.

          reply to this | link to this | view in chronology ]

      • icon
        orbitalinsertion (profile), 12 Feb 2018 @ 12:38pm

        Re: Re: Double Standards

        They would just want their phones with a special OS that has real encryption, while everyone else has to buy their phones with brokencryption.

        reply to this | link to this | view in chronology ]

        • identicon
          Thad, 12 Feb 2018 @ 1:36pm

          Re: Re: Re: Double Standards

          But that would, itself, be an admission that there's no such thing as encryption that only the good guys can break.

          reply to this | link to this | view in chronology ]

          • icon
            That One Guy (profile), 12 Feb 2018 @ 2:53pm

            "We don't NEED it, we're just taking extra steps to be extra sure."

            Nah, they'd just spin it by claiming that 'Responsible' encryption is perfectly secure, and that they are merely taking extra steps to secure their stuff 'just in case'.

            reply to this | link to this | view in chronology ]

            • identicon
              Thad, 13 Feb 2018 @ 9:00am

              Re: "We don't NEED it, we're just taking extra steps to be extra sure."

              Of course that's how they'd spin it, but the meaning is the same: they want encryption that works for themselves, and encryption that doesn't for everybody else.

              reply to this | link to this | view in chronology ]

  • identicon
    Bob H, 12 Feb 2018 @ 4:57am

    This is a foolish rhetorical stance to take

    Do you not think that they're going to roll out an MDM solution across the department, which keeps enterprise keys for each phone that IT controls? They'll then be able to tote it out and say "See, this is responsible encryption! If we can do it, everybody can do it!"

    And you can bet that some cop who is having an affair in the department is going to tag his buddy in IT to track a phone and pull the photos, and it's going to be a below-the fold scandal that will be brushed off as a "one-off" incident. That, I think, is where the reporting should be focused, not "Ha! Ha! There's no way they'll roll out backdoored encryption because it doesn't exist!"

    This article comes across as a one-sided, click-bait-ey muckrake. We know mandating breakable encryption is stupid, but setting up a paper-thin effigy and then rounding up the troops for a bonfire seems like a low bar for reporting at TechDirt.

    reply to this | link to this | view in chronology ]

    • icon
      PaulT (profile), 12 Feb 2018 @ 5:00am

      Re: This is a foolish rhetorical stance to take

      "That, I think, is where the reporting should be focused"

      If only you were as interested in discussing the opinions of others as you are in mocking others for not reporting in the way you personally want them to. We could have discussion as to why some people think you're as wrong as the article you decided to attack.

      Alas, you're not that honest or interested in discourse.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 Feb 2018 @ 5:41am

      Re: This is a foolish rhetorical stance to take

      "Do you not think that they're going to roll out an MDM solution across the department, which keeps enterprise keys for each phone that IT controls?"

      Splendid. That will provide one-stop shopping for any adversary with either the technical chops or sufficient hard cold cash to acquire the entire set simultaneously and subsequently monitor the position and communications of every officer carrying an iPhone.

      reply to this | link to this | view in chronology ]

      • icon
        PaulT (profile), 12 Feb 2018 @ 5:55am

        Re: Re: This is a foolish rhetorical stance to take

        Also, the existence of such a management system does not have any relation to whether or not the phones are vulnerable to whatever backdoor Apple introduce into their encryption. Which is kind of the point of the article. They are separate issues, but you'd have to be interested in something other than attempting to mock the article's author to understand that.

        reply to this | link to this | view in chronology ]

  • icon
    Coyne Tibbets (profile), 12 Feb 2018 @ 5:21am

    Depends who it is for, of course

    Encryption is only evil if used by the criminal element, AKA the great unwashed. Of course that does not include their majesties in law enforcement or federal government.

    reply to this | link to this | view in chronology ]

  • icon
    The Wanderer (profile), 12 Feb 2018 @ 5:33am

    Betteridge's Law of Headlines seems applicable

    "Any headline that ends in a question mark can be answered by the word no."

    Or as I prefer to modify it, "Whenever a headline asks a yes/no question, the answer is always "no"."

    Almost every rule has its exceptions, however, and hope does spring eternal...

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 Feb 2018 @ 5:58am

      Re: Betteridge's Law of Headlines seems applicable

      Is Betteridge's Law of Headlines still true? The answer will shock you!

      reply to this | link to this | view in chronology ]

      • icon
        The Wanderer (profile), 12 Feb 2018 @ 6:25am

        Re: Re: Betteridge's Law of Headlines seems applicable

        The only way for the statement in the latter part of the headline to be true - that is, for the answer to in fact shock me - is if the answer is "no".

        So either the statement is false, or the law still applies.

        reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 12 Feb 2018 @ 5:37am

    One law for me, and another for thee

    If he stops calling for weakened encryption, he's a hypocrite. If he keeps calling for it, he's an asshole.

    Allow me to present Option 3: Both.

    I imagine the excuse, if he deigns to address the peons at all and doesn't just brush it off as 'official business', will be that much like police are allowed special dispensation to do things your average person isn't, of course they are allowed extra special security as well.

    They're important people doing important work, it only makes sense that they have equally important security protecting that work.

    The filthy public on the other hand is absolutely filled with criminals that the police haven't gotten around to arresting yet, criminals of course being the only ones who would ever want to protect their sensitive and personal information via encryption, so the crusade to provide cop-friendly encryption will continue on, same as before.

    reply to this | link to this | view in chronology ]

    • icon
      discordian_eris (profile), 12 Feb 2018 @ 6:51am

      Re: One law for me, and another for thee

      Exactly. He will advocate for a two tiered solution to encryption. The cops will get the original unbreakable encryption of course. The public and all non-Americans will get the wimpy encryption standards. No different from the situation in the 90s with Internet Explorer. And the solution will be the same. Americans get crap, and the rest of the world ignores American hubris and keeps robust encryption. Talk about a digital Apartheid.

      There is a difference between ignorance and stupidity.
      Ignorance can be cured through education and enlightenment. Since any nerds they have talked to must have told them how math works, they cannot be ignorant. Leaves only one option.

      reply to this | link to this | view in chronology ]

      • icon
        PaulT (profile), 12 Feb 2018 @ 7:12am

        Re: Re: One law for me, and another for thee

        "The cops will get the original unbreakable encryption of course."

        I'll just interject here slightly. The issue isn't that it's "unbreakable", it's that it takes longer than authorities want it to take, combined with the fact that Apple don't have access to the encryption key, by design. The complaint is not "we cannot possibly hack this", it's "we don't want to wait for the amount of time it takes to brute force".

        A stolen police iPhone would not be unbreakable, it would just take time assuming that no new exploit has been found that makes it quicker. They would be safer than a member of the public, but that would probably be counteracted by the fact that every hacker group in existence would be happy to go out of their way to gain access. Then probably keep quiet about any confidential data they found there until that's also exploited.

        I don't doubt that they'll push for a double standard, but I wouldn't make the mistake of assuming that the phones used by the authorities will be invulnerable to any attacks. They won't be.

        reply to this | link to this | view in chronology ]

        • icon
          Madd the Sane (profile), 12 Feb 2018 @ 8:57am

          Re: Re: Re: One law for me, and another for thee

          One way that Apple customers can thwart brute-forcing a passcode is by resetting and wiping an iPhone after a number of failed attempts (I think the number is either 5 or 6).

          reply to this | link to this | view in chronology ]

          • icon
            Roger Strong (profile), 12 Feb 2018 @ 9:31am

            Re: Re: Re: Re: One law for me, and another for thee

            (Starts to make a joke about a police stun gun iPhone case that'll zap the user after a number of failed attempts....)

            (Realizes that I'm taking about America....)

            (Does a quick check and confirms that stun gun iPhone cases are indeed being sold in America.)

            reply to this | link to this | view in chronology ]

          • icon
            PaulT (profile), 13 Feb 2018 @ 12:34am

            Re: Re: Re: Re: One law for me, and another for thee

            That stops simple brute forcing of the password, but it doesn't make the device magically invulnerable nor the encryption unbreakable.

            reply to this | link to this | view in chronology ]

    • icon
      wshuff (profile), 12 Feb 2018 @ 10:13am

      Re: One law for me, and another for thee

      I agree. I don't think it will be a stretch at all for him act like a hypocritical asshole. In fact, I think it is a requirement to serve in the position.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Feb 2018 @ 6:16am

    "law enforcement-friendly encryption"

    What ... ROT-13 encryption?

    reply to this | link to this | view in chronology ]

  • icon
    Toom1275 (profile), 12 Feb 2018 @ 7:30am

    How could giving encrypted phones to a pack of badge-wearing criminals possibly change the "only criminals use encrypted phones" claim?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Feb 2018 @ 7:41am

    If the iPhone encryption was so evil. Why are THEY using it? Shouldn't they just get one of many Android phones to choose from instead? Still free Upgrade after all. It didn't have to be the iPhone.

    Typical double standard is all I see.

    reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 12 Feb 2018 @ 10:01am

    Go ahead leave them unencryped..

    I would love it.. 1 LOST phone and AC ROOK could find out everything needed to track the police.. LOVE CELLPHONES.

    Lets ask something about encryption..

    When asked for 4-6 digit code..WHY are you restricted to 4-6.. That CUTS OFF the first 10,000 numbers to encode with. Unless you encode with Alpha/Num..and just use numbers or Patterns...YOU ARE SCREW'D..only 4-6 number or pattern..

    THEN,..there WILL BE A BACKDOOR...as everyone FORGETS THE CODE..

    WHY NOT android?? THEY THINK iPhone is more secure???
    ANDROID is programmable to be SUPER secure..
    That if you forget your password, you have to have an ACCOUNT to get into it..AND if someone resets it(can remove this option) IT DELETES EVERYTHING..and/or CRAPS out the phone to never be used again..

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Feb 2018 @ 10:49am

    Encryprion is bad, for other folks.

    His type always believes that they are special and thus should get special treatment.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.