Manhattan DA Cy Vance Says The Only Solution To Device Encryption Is Federally-Mandated Backdoors

from the picking-up-the-torch-the-FBI-accidentally-dropped dept

Because no one has passed legislation (federal or state) mandating encryption backdoors, Manhattan DA Cy Vance has to publish another anti-encryption report. An annual tradition dating back to 2014 -- the year Apple announced default encryption for devices -- the DA's "Smartphone Encryption and Public Safety" report [PDF] is full of the same old arguments about "lawful access" and evidence-free assertions about criminals winning the tech arms race. (h/t Riana Pfefferkorn)

You'd think there would be some scaling back on the alarmism, what with the FBI finally admitting its locked device count had been the victim of software-based hyperinflation. (Five months later, we're still waiting for the FBI to update its number of locked devices.) But there isn't. Vance still presents encryption as an insurmountable problem, using mainly Apple's multiple patches of security holes cops also found useful as the leading indicator.

The report is a little shorter this year but it does contain just enough stuff to be persuasive to those easily-persuaded by emotional appeals. Vance runs through a short list of awful crime solved by device access (child porn, assault) and another list of crimes unsolved (molestation, murder) designed to make people's hearts do all their thinking. While it's certainly true some horrible criminal acts will directly implicate device encryption, the fact of the matter is a majority of the locked phone-centric criminal acts are the type that won't make headlines or motivate lawmakers.

More than a third of these cases involve minor crimes like theft and check kiting. Another 20% is comprised of "sex crimes," which encompasses prostitution -- a crime where law enforcement sometimes chooses to believe the device itself is an "instrument of crime," never mind what other evidence might be hidden inside it.

So, more than half the crime involving locked phones isn't the sort of stuff that suggests encryption backdoors are the key to making New York City a safer place to reside. The stuff Vance throws in about unlocked devices producing exonerating evidence is a dodge. It's meant to show how granting law enforcement carte blanche access would be a net benefit for the public. But the examples given use stuff like cell site location info and social media app data -- things that could be obtained from third parties without having to go through the locked phone.

Then there's the other part of this argument Vance leaves completely undiscussed: if someone's phone contains exonerating evidence, it's very likely they'll provide officers with this evidence voluntarily, either by unlocking the device or handing over the relevant info/files. Using the very small percentage of cases where exonerating evidence may be recovered from locked phones as an argument for mandated backdoors is incredibly disingenuous.

And that's all this "report" is: a petition for federally-legislated encryption backdoors.

III. Federal Legislation Remains the Only Answer


For the reasons advanced in each of our prior Reports, national legislation of the sort we have proposed remains the most rational and least intrusive means to require device manufacturers to comply with lawful court orders in serious criminal cases upon a finding of probable cause.

"Most rational and least intrusive." I guess creating new security holes in millions of personal devices isn't "intrusive." And if this wasn't enough of a laugher, Vance ends his report with this sentence:

[O]ur Office stands willing to assist Congress and all relevant stakeholders in the effort to find a more rational balance among the interests of device makers, consumers and law enforcement in the regulation of smartphone encryption.

When your conclusion is that the only solution is federally-mandated encryption backdoors, you cannot honestly assert you're seeking to "balance" the interests of everyone involved. The only interest served by mandated backdoors is law enforcement's. Portraying device encryption as a threat to public safety is intellectually dishonest. Vance's own numbers undercut his threat level claims and his repeated failure to even generate serious discussion among federal legislators shows it's probably time for the Manhattan DA to retire his annual alarmism.

Filed Under: backdoors, cy vance, encryption, going dark, law enforcement, moral panic, privacy, security

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 9 Nov 2018 @ 10:56am

    Apple and Google need to open up API access for 3rd party apps to perform the encryption/decryption function using independently sourced certs. The gov't can't mandate backdoors in foreign-supplied or locally generated certs.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.