Will Cy Vance's Anti-Encryption Pitch Change Now That The NYPD's Using iPhones?
from the or-will-encryption-only-be-an-option-for-the-protected-class? dept
For years, Manhattan DA Cy Vance has been warning us about the coming criminal apocalypse spurred on by cellphone encryption. “Evil geniuses” Apple introduced default encryption in a move likely meant to satiate lawmakers hollering about phone theft and do-nothing tech companies. In return, DA Cy Vance (and consecutive FBI directors) turned on Apple, calling device encryption a criminal’s best friend.
Vance still makes annual pitches for law enforcement-friendly encryption — something that means either backdoors or encryption so weak it can be cracked immediately. Both ideas would also be criminal-friendly, but Vance is fine with sacrificing personal security for law enforcement access. Frequently, these pitches are accompanied with piles of uncracked cellphones — a gesture meant to wow journalists but ultimately indicative of nothing more than how much the NYPD can store in its evidence room. (How many are linked to active investigations? How many investigations continued to convictions without cellphone evidence? Were contempt charges ever considered to motivate cellphone owners into unlocking phones? So many questions. Absolutely zero answers.)
Will Vance be changing his pitch in the near future? Will he want weakened encryption safeguarding the NYPD’s new tools? I guess we’ll wait and see. (h/t Robyn Greene)
Announced last year, the shift will see some 36,000 Nokia handsets replaced over the coming weeks. Initially purchased in 2014 as part of a $160 million program to modernize police operations, the Nokia phones running Windows Phone will be collected, wiped and sold back to the company.
The move to iPhone 7 comes at no cost to the NYPD, as the handsets are considered upgrades under the agency’s contract with AT&T.
NYPD’s rollout began last month when officers patrolling the Bronx and Staten Island swapped their obsolete Nokia smartphones for Apple devices. The department is handing out about 600 iPhones per day, according to NYPD Deputy Commissioner for Information and Technology Jessica Tisch.
Let’s get some crippled encryption for these guys. After all, their phones are manufactured by a company an FBI forensic detective called an “evil genius.” Let’s give malicious hackers an attack vector and street criminals more reasons to lift an iPhone off… well, anybody. By all means, let’s give Vance what he wants and see if he hears anything back from his buddies in blue.
This upgrade puts Vance in a lose-lose situation. If he stops calling for weakened encryption, he’s a hypocrite. If he keeps calling for it, he’s an asshole. But it should drive home an important point: encryption doesn’t just protect the bad guys. It protects the good guys as well.
Filed Under: cy vance, encryption, going dark, iphones, nypd
Comments on “Will Cy Vance's Anti-Encryption Pitch Change Now That The NYPD's Using iPhones?”
Of course
Of course they will still want it. They suffer under the delusion that it is possible to make a back door that only the ‘good guys’ can use. They will call for the back door, and given it the second it is used against them will cry foul at the tech companies and blame them for the insecurity. Never mind it is an insecurity they had inserted in the first place.
Re: Of course
“Would you like a backdoor to the cops’ phones that only Internal Affairs can access?”
The goons in blue would crucify him for that.
Re: Re: Of course
“Would you like a backdoor that only investigative journalists can access?”
I will pay $500,000 USD for a backdoor into the NYPD’s new phones, which lets me remotely activate their film camera functions (including audio) and stream any and all footage and sound to a remote database. $600,000 USD if it can access personal information and GPS information so I know who each officer is, what they’re doing and where they are.
(Disclaimer; this is not an actual tender. I don’t have $500,000 USD. This is mostly wishful thinking about what could be done with a backdoor into police phones.)
Based on his hyperbole and crypto pearl-clutching, I suspect he’s too tone-deaf to understand this situation. He’ll continue to rail for a Golden Key that allows his ‘good guys’ into any iPhone (that’s not owned by NYPD of course) while keeping aaaaallll the evil bad guys out.
Good luck with that, twitwaffle.
Re: Re:
It would be just as easy to secure all jewelry stores, banks, liquor stores, pawn shops and any other kind of business against armed robbers, while still allowing police to carry weapons inside, as it would be to make ‘good guy only’ encryption back doors.
Forget nerd harder, perhaps we should be asking why Vance and others like him are so lazy, that they refuse to cop harder?
Double Standards
Of course he won’t. Since when has law enforcement been held to the same standards as the general public?
Re: Double Standards
Social standards and due process may not hold them to the same standards, but the laws of mathematics do.
I think the question could be rephrased as "Will Cy Vance figure out that there’s no such thing as encryption that only the Good Guys can break now that the NYPD’s using iPhones?"
I think the answer isn’t quite a flat-out "No"; it’s more like "Not unless they get their wish for weak encryption and NYPD iPhones start getting pwned en masse."
Re: Re: Double Standards
“NYPD iPhones start getting pwned en masse”
They would simply blame the tech – again,
and demand they nerd harder this time.
Re: Re: Re: Double Standards
They will blame the nerds for a cop leaking the keys, because magic should be able to stop that happening.
Re: Re: Double Standards
They would just want their phones with a special OS that has real encryption, while everyone else has to buy their phones with brokencryption.
Re: Re: Re: Double Standards
But that would, itself, be an admission that there’s no such thing as encryption that only the good guys can break.
Re: Re: Re:2 "We don't NEED it, we're just taking extra steps to be extra sure."
Nah, they’d just spin it by claiming that ‘Responsible’ encryption is perfectly secure, and that they are merely taking extra steps to secure their stuff ‘just in case’.
Re: Re: Re:3 "We don't NEED it, we're just taking extra steps to be extra sure."
Of course that’s how they’d spin it, but the meaning is the same: they want encryption that works for themselves, and encryption that doesn’t for everybody else.
This is a foolish rhetorical stance to take
Do you not think that they’re going to roll out an MDM solution across the department, which keeps enterprise keys for each phone that IT controls? They’ll then be able to tote it out and say “See, this is responsible encryption! If we can do it, everybody can do it!”
And you can bet that some cop who is having an affair in the department is going to tag his buddy in IT to track a phone and pull the photos, and it’s going to be a below-the fold scandal that will be brushed off as a “one-off” incident. That, I think, is where the reporting should be focused, not “Ha! Ha! There’s no way they’ll roll out backdoored encryption because it doesn’t exist!”
This article comes across as a one-sided, click-bait-ey muckrake. We know mandating breakable encryption is stupid, but setting up a paper-thin effigy and then rounding up the troops for a bonfire seems like a low bar for reporting at TechDirt.
Re: This is a foolish rhetorical stance to take
“That, I think, is where the reporting should be focused”
If only you were as interested in discussing the opinions of others as you are in mocking others for not reporting in the way you personally want them to. We could have discussion as to why some people think you’re as wrong as the article you decided to attack.
Alas, you’re not that honest or interested in discourse.
Re: This is a foolish rhetorical stance to take
“Do you not think that they’re going to roll out an MDM solution across the department, which keeps enterprise keys for each phone that IT controls?”
Splendid. That will provide one-stop shopping for any adversary with either the technical chops or sufficient hard cold cash to acquire the entire set simultaneously and subsequently monitor the position and communications of every officer carrying an iPhone.
Re: Re: This is a foolish rhetorical stance to take
Also, the existence of such a management system does not have any relation to whether or not the phones are vulnerable to whatever backdoor Apple introduce into their encryption. Which is kind of the point of the article. They are separate issues, but you’d have to be interested in something other than attempting to mock the article’s author to understand that.
Depends who it is for, of course
Encryption is only evil if used by the criminal element, AKA the great unwashed. Of course that does not include their majesties in law enforcement or federal government.
Betteridge's Law of Headlines seems applicable
"Any headline that ends in a question mark can be answered by the word no."
Or as I prefer to modify it, "Whenever a headline asks a yes/no question, the answer is always "no"."
Almost every rule has its exceptions, however, and hope does spring eternal…
Re: Betteridge's Law of Headlines seems applicable
Is Betteridge’s Law of Headlines still true? The answer will shock you!
Re: Re: Betteridge's Law of Headlines seems applicable
The only way for the statement in the latter part of the headline to be true – that is, for the answer to in fact shock me – is if the answer is “no”.
So either the statement is false, or the law still applies.
One law for me, and another for thee
If he stops calling for weakened encryption, he’s a hypocrite. If he keeps calling for it, he’s an asshole.
Allow me to present Option 3: Both.
I imagine the excuse, if he deigns to address the peons at all and doesn’t just brush it off as ‘official business’, will be that much like police are allowed special dispensation to do things your average person isn’t, of course they are allowed extra special security as well.
They’re important people doing important work, it only makes sense that they have equally important security protecting that work.
The filthy public on the other hand is absolutely filled with criminals that the police haven’t gotten around to arresting yet, criminals of course being the only ones who would ever want to protect their sensitive and personal information via encryption, so the crusade to provide cop-friendly encryption will continue on, same as before.
Re: One law for me, and another for thee
Exactly. He will advocate for a two tiered solution to encryption. The cops will get the original unbreakable encryption of course. The public and all non-Americans will get the wimpy encryption standards. No different from the situation in the 90s with Internet Explorer. And the solution will be the same. Americans get crap, and the rest of the world ignores American hubris and keeps robust encryption. Talk about a digital Apartheid.
There is a difference between ignorance and stupidity.
Ignorance can be cured through education and enlightenment. Since any nerds they have talked to must have told them how math works, they cannot be ignorant. Leaves only one option.
Re: Re: One law for me, and another for thee
“The cops will get the original unbreakable encryption of course.”
I’ll just interject here slightly. The issue isn’t that it’s “unbreakable”, it’s that it takes longer than authorities want it to take, combined with the fact that Apple don’t have access to the encryption key, by design. The complaint is not “we cannot possibly hack this”, it’s “we don’t want to wait for the amount of time it takes to brute force”.
A stolen police iPhone would not be unbreakable, it would just take time assuming that no new exploit has been found that makes it quicker. They would be safer than a member of the public, but that would probably be counteracted by the fact that every hacker group in existence would be happy to go out of their way to gain access. Then probably keep quiet about any confidential data they found there until that’s also exploited.
I don’t doubt that they’ll push for a double standard, but I wouldn’t make the mistake of assuming that the phones used by the authorities will be invulnerable to any attacks. They won’t be.
Re: Re: Re: One law for me, and another for thee
One way that Apple customers can thwart brute-forcing a passcode is by resetting and wiping an iPhone after a number of failed attempts (I think the number is either 5 or 6).
Re: Re: Re:2 One law for me, and another for thee
(Starts to make a joke about a police stun gun iPhone case that’ll zap the user after a number of failed attempts….)
(Realizes that I’m taking about America….)
(Does a quick check and confirms that stun gun iPhone cases are indeed being sold in America.)
Re: Re: Re:2 One law for me, and another for thee
That stops simple brute forcing of the password, but it doesn’t make the device magically invulnerable nor the encryption unbreakable.
Re: One law for me, and another for thee
I agree. I don’t think it will be a stretch at all for him act like a hypocritical asshole. In fact, I think it is a requirement to serve in the position.
“law enforcement-friendly encryption”
What … ROT-13 encryption?
Re: Re:
Nah.
Pig latin.
Re: Re: Re:
Maybe not something quite that transparent.
They might be considering Opp, or alfalfa speech, or…
How could giving encrypted phones to a pack of badge-wearing criminals possibly change the “only criminals use encrypted phones” claim?
If the iPhone encryption was so evil. Why are THEY using it? Shouldn’t they just get one of many Android phones to choose from instead? Still free Upgrade after all. It didn’t have to be the iPhone.
Typical double standard is all I see.
Go ahead leave them unencryped..
I would love it.. 1 LOST phone and AC ROOK could find out everything needed to track the police.. LOVE CELLPHONES.
Lets ask something about encryption..
When asked for 4-6 digit code..WHY are you restricted to 4-6.. That CUTS OFF the first 10,000 numbers to encode with. Unless you encode with Alpha/Num..and just use numbers or Patterns…YOU ARE SCREW’D..only 4-6 number or pattern..
THEN,..there WILL BE A BACKDOOR…as everyone FORGETS THE CODE..
WHY NOT android?? THEY THINK iPhone is more secure???
ANDROID is programmable to be SUPER secure..
That if you forget your password, you have to have an ACCOUNT to get into it..AND if someone resets it(can remove this option) IT DELETES EVERYTHING..and/or CRAPS out the phone to never be used again..
Encryprion is bad, for other folks.
His type always believes that they are special and thus should get special treatment.