After the FBI's James Comey, it seems that the biggest proponent of backdooring encryption for law enforcement has been Manhattan District Attorney Cyrus Vance, who has now penned a ridiculous fear-mongering opinion piece for the NY Times
(along with City of London Police Commissioner Adrian Leppard, Paris Chief Prosecutor Francois Molins and Spanish chief prosecutor Javier Zaragoza). Vance has been whining about encryption for a while. And Leppard, you may recall, is the guy who recently claimed "the tor"
is 90% of the internet and a "risk to society." He's not exactly credible on technology or encryption issues. But, still... he gets to team up on a NYT op-ed about encryption.
While Comey has been struggling to find a dead child
to use as the literal poster child of his campaign to weaken encryption, these prosecutors are now parading out a few stories, starting with a murder in Evanston, Illinois (note: not anywhere near Manhattan, Paris, London or Madrid):
In June, a father of six was shot dead on a Monday afternoon in Evanston, Ill., a suburb 10 miles north of Chicago. The Evanston police believe that the victim, Ray C. Owens, had also been robbed. There were no witnesses to his killing, and no surveillance footage either.
With a killer on the loose and few leads at their disposal, investigators in Cook County, which includes Evanston, were encouraged when they found two smartphones alongside the body of the deceased: an iPhone 6 running on Apple’s iOS 8 operating system, and a Samsung Galaxy S6 Edge running on Google’s Android operating system. Both devices were passcode protected.
An Illinois state judge issued a warrant ordering Apple and Google to unlock the phones and share with authorities any data therein that could potentially solve the murder. Apple and Google replied, in essence, that they could not — because they did not know the user’s passcode.
The homicide remains unsolved. The killer remains at large.
Cool story. Totally bogus, but cool story. There are all sorts of problems with it starting with the fact that, as of last check Samsung is not
requiring encryption by default, because of performance issues. Thus, if it's true that the phone was encrypted, that's not an issue with Google/Android, but the user setting up something himself -- something that anyone has been able to do for ages and has nothing to do with recent moves by Google (and it's not even entirely clear from the description by Vance if the phones were actually encrypted
or just had a passcode/lockscreen).
More importantly, the idea that this
is why the murder "remains unsolved" and "the killer remains at large" is ridiculous. It's not even clear why the smartphones are all that relevant in this case. But nothing in having a passcode on the phones would stop police from figuring out the phone numbers, contacting service providers for information or issuing perfectly working warrants for communications
data (remember, the only issue with encryption would be stored data
at rest on the phone). Indeed, the Evanston police did
obtain call records related to the phone, but they didn't help the investigation. In fact, the Commander of the Evanston Police Department told The Intercept that while accessing the phones might provide some useful clues he's not sure
if it would actually help solve the case -- just as the call records did not.
In other words, this is nothing but blatant factually challenged fear mongering.
And it goes on:
Between October and June, 74 iPhones running the iOS 8 operating system could not be accessed by investigators for the Manhattan district attorney’s office — despite judicial warrants to search the devices. The investigations that were disrupted include the attempted murder of three individuals, the repeated sexual abuse of a child, a continuing sex trafficking ring and numerous assaults and robberies.
This is the first time anyone has actually given numbers of the times law enforcement was "stymied," but notice that none of these cases, including the "attempted murder of three individuals, the repeated sexual abuse of a child or the continuing sex trafficking ring" were described in any more detail to explain how the encrypted phones were the real problem (again: remember there is nothing stopping the police from getting other data, including communications data or any of the data backed up in the cloud, as most data on iPhones is).
Oh, and then there's this: As Kade Crockford highlights
, Muckrock recently noted that the leaked emails from the Hacking Team showed that the Manhattan DA's office was a potential client of the Hacking Team
, meaning that it would have had access to plenty of tools on hand to break into phones -- even those that make use of encryption.
As recently as this past May, Hacking Team and an assistant district attorney with the Manhattan District Attorney’s Office emailed back and forth about a potential software “solution.” Hacking Team sales staff fielded questions about jailbreaking iPhones remotely, and discussed among themselves about how high a price to quote.
Hacking Team hosted a spyware demo in September 2013 for Manhattan district attorney staff, and again in February 2015. When the assistant DA requested a price estimate, a Hacking Team operations manager suggested a starting ask of $3 million.
"If it's totally out of budget, we can come up with a special 'deal' for them and the usual accommodations," wrote Hacking Team’s Daniele Milan on an internal email thread about discussions with the DA.
The DA’s office confirmed that it has met with Hacking Team to review their products.
"In order to keep pace with rapid developments in the private sector, we invite groups to demo various emerging technologies," wrote Joan Vollero, Manhattan DA spokeswoman, in an emailed statement.
The Vance op-ed also completely misrepresents things, arguing that because some criminals falsely believe that everything is now encrypted, it means they are:
Criminal defendants have caught on. Recently, a suspect in a Manhattan felony, speaking on a recorded jailhouse call, noted that “Apple and Google came out with these softwares” that the police cannot easily unlock.
Except, Google and Apple have long offered the software, and (again) it's not yet default on Android phones and it only protects stored data on the phones -- while most people will likely (falsely) assume that it also protects communications data or backed up data.
The op-ed also ignores the valid reasons for protecting your own privacy, or what happens when malicious actors use backdoors to get into your data. Or how foreign states, such as China and Russia will also demand backdoors. Instead, it pretends the only criticism of backdoors is because of worries about government surveillance. This is wrong. The article falsely argues that full disk encryption only provides "marginal" benefits to users, and shouldn't be allowed because what prosecutors want to do is different than the NSA's mass surveillance efforts. Once again, this misstates the reasons for full-disk encryption and completely ignores the dangers of backdoors.
We had hoped the ridiculousness over the whole "going dark" hysteria would start to die down by now, but apparently that was being optimistic. One wonders if Cyrus Vance, Francois Molins, Adrian Leppard and Javier Zaragoza also bemoan the act that criminals can speak to each other in person and no warrant will ever reveal what they said.