Yesterday, we wrote about law enforcement freaking out
over the announcements from both Apple and Google that they'd start encrypting phones by default, better protecting data on those phones from anyone who wants it -- whether government/law enforcement or hackers. We noted, oddly, that former FBI guy Ronald Hosko had showed up in articles in both the Washington Post and the WSJ spewing a bunch of FUD about it. In the WSJ
The level of privacy described by Apple and Google is "wonderful until it's your kid who is kidnapped and being abused, and because of the technology, we can't get to them,'' said Ronald Hosko, who left the FBI earlier this year as the head of its criminal-investigations division. "Who's going to get lost because of this, and we're not going to crack the case?"
In the Washington Post
Ronald T. Hosko, the former head of the FBI’s criminal investigative division, called the move by Apple “problematic,” saying it will contribute to the steady decrease of law enforcement’s ability to collect key evidence — to solve crimes and prevent them. The agency long has publicly worried about the “going dark” problem, in which the rising use of encryption across a range of services has undermined government’s ability to conduct surveillance, even when it is legally authorized.
“Our ability to act on data that does exist . . . is critical to our success,” Hosko said. He suggested that it would take a major event, such as a terrorist attack, to cause the pendulum to swing back toward giving authorities access to a broad range of digital information.
This is just blatant fear mongering, and not even close to realistic. But the Washington Post doubled down and let Hosko write an entire (and entirely bogus) story about how he helped save a kidnapped man from murder earlier this year and "with Apple's and Google's new encryption rules, he would have died."
He accurately writes about a kidnapping in North Carolina
, and how law enforcement tracked down the perpetrators, including by requesting and getting "the legal authority to intercept phone calls and text messages." Of course, here's the thing: nothing in this new encryption changes that. Transmitted content is unrelated to the encryption of stored content on the phones. It's the stored content that is being encrypted. It's kind of scary that a supposed "expert" like Hosko doesn't seem to comprehend the difference.
Either way, he insists that the encryption would have prevented this (it wouldn't). His story originally said:
Last week, Apple and Android announced that their new operating systems will be encrypted by default. That means the companies won’t be able to unlock phones and iPads to reveal the photos, e-mails and recordings stored within.
It also means law enforcement officials won’t be able to look at the range of data stored on the device, even with a court-approved warrant. Had this technology been used by the conspirators in our case, our victim would be dead. The perpetrators would likely be freely plotting their next revenge attack.
After some people pointed out how very, very, very wrong this is, Hosko or the Washington Post "updated" the story, but still makes the same basic claims:
Last week, Apple and Google announced that their new operating systems will be encrypted by default. Encrypting a phone doesn’t make it any harder to tap, or “lawfully intercept” calls. But it does limit law enforcement’s access to a data, contacts, photos and email stored on the phone itself.
Had this technology been in place, we wouldn’t have been able to quickly identify which phone lines to tap. That delay would have cost us our victim his life.The perpetrators would likely be freely plotting their next revenge attack.
Except, even the update is not true. As the AP's Ted Birdis notes, the affidavit in the case shows that the FBI used phone toll records and wiretaps
to figure out the case, and didn't get access to any phones "until after [the] victim [was] safe."
In other words, Hosko's story is pure FUD. The new moves by these companies would not have meant the guy died. It wouldn't have impacted the story at all.
Meanwhile, as a massive post by Julian Sanchez notes, phone encryption products have been on the market for a while and if it was such a big problem we'd already know about it
, but so far it's been pretty limited. In the entire US in 2013, there were nine cases
where police claimed that encryption stymied their investigations. Furthermore, in the vast majority of cases where they came up against encryption, they were still able to crack it. So... the impact here is minimal.
But that apparently won't stop lies from the likes of Ronald Hosko.
: And... it appears that the Washington Post edited the story again
to now make it accurate, but which also disproves the entire point of the story. Now the basic story is "we saved this guy... and mobile encryption would have done nothing to stop it, but it's a bad bad thing anyway." If Hosko couldn't get the very basics right, how could he be considered a credible person discussing this issue?