
When Phone Encryption Blocks Justice - cproctor
http://www.nytimes.com/2015/08/12/opinion/apple-google-when-phone-encryption-blocks-justice.html
======
bcg1
NYT should be ashamed for publishing such claptrap.

Police and "justice" authorities should be ashamed of their tacit admission
that they are too incompetent to do their jobs without trampling on peoples'
civil rights and/or neutering technology.

And I should be ashamed of myself for falling for the psy-op and believing
that there aren't actually backdoors built into these systems and for
forgetting that this could very likely be propaganda to make me think that all
I need to do to protect my privacy is buy the latest device and/or make sure I
always install the latest updates.

~~~
ikeboy
>NYT should be ashamed for publishing such claptrap.

Would you rather they only print things you agree with? Would rejecting op-eds
by some general rule sufficient to exclude this one improve things?

I think I'd rather live in a world in which both sides of every issue get to
have their say than in which the losing side is excluded if they're
sufficiently "bad".

Edit: that last part isn't _quite_ my position, poorly worded; I'm fine with
excluding e.g. neo-nazis and the like, my problem is when "sufficiently bad"
includes things like arguing for less encryption.

~~~
probablyfiction
> I think I'd rather live in a world in which both sides of every issue get to
> have their say than in which the losing side is excluded if they're
> sufficiently "bad".

The problem with giving "both sides" of an issue equal time is that it can
legitimize completely indefensible positions. Global warming is a prime
example of this. Virtually every scientist who is familiar with the data is
convinced that global warming is happening right now and that drastic action
is needed in order to stave off catastrophe. Only a tiny minority disagree.
For decades, people on both sides of the issue have been interviewed as though
this is something that is genuinely controversial when the truth of the matter
is that scientific consensus exists that global warming is real and is
happening right now.

Full-disk encryption is one of the best ways to protect users from having
their privacy invaded. Cell phones contain a wealth of personal information
and can be the starting point for identity theft. The benefit to
consumers...the vast majority of whom are lawful...outweighs the risk that law
enforcement will be locked out of collecting potentially useful information in
the course of an investigation.

To say that full-disk encryption stymies the finest law enforcement minds in
the world is ridiculous. There are other ways to collect information. They can
serve the cell phone company with a warrant in order to get calling records
and text messages. If they can find the e-mail address associated with the
user's device, they can serve Google & Apple with a warrant to access GPS data
and e-mail correspondence.

I understand that it's a blow to law enforcement to have something like cell
phones be suddenly off limits, but technology always enables people to commit
crime in new ways. Eventually, the police always catch up.

~~~
ikeboy
I didn't say equal time. If most experts in a field think X, then if you get
20 op-eds from random members of the field, you should get most supporting X.
This can be confounded by one side being more vocal than the other, but the
problem isn't that both sides are allowed to speak.

Let's say you're right, what decision rule do you propose for the NYT editors
to decide when to exclude an opinion?

------
xenophonf

      Cyrus R. Vance Jr. is the Manhattan district attorney.
      François Molins is the Paris chief prosecutor. Adrian
      Leppard is the commissioner of the City of London Police.
      Javier Zaragoza is the chief prosecutor of the High Court
      of Spain.
    

These are the criminals from whom we protect ourselves by encrypting our data.
Mr. Vance, especially, should be cognizant of constitutional guarantees to be
"secure in [our] persons, houses, papers, and effects", and that full disk
encryption provides technology to that effect. It's awful that someone was
murdered, and it's not right that the murderer is still at large, but trying
to bypass individuals' Fourth Amendment rights via third parties such as Apple
or Google is even more dangerous because it threatens our entire society's
freedom---never mind the fact that it would put users of those devices at risk
when they are stolen or lost.

~~~
Tloewald
If you're going to make these arguments you need to allow that there are two
sides to the argument. It's not that the other side is _completely_ wrong.

The kinds of encryption being discussed go beyond the fourth amendment when it
comes to _reasonable_ searches and seizures. It's not an _absolute right_ ,
and the kind of encryption we're talking about goes beyond any protections
seen in the past (short of, perhaps, being able to physically store stuff in
safety deposit boxes of banks in certain countries -- just as we might need to
wait decades for encrypted data to be decrypted, it took decades for seekers
of justice to access Nazi bank accounts).

On the other hand, we keep so much of our lives in our phones and computers
(in a sense they are extensions of our minds). If we're going to make this
argument, perhaps it should be more like the _fifth_ amendment. After all, we
may literally have our personal computers built into our bodies in the future,
what rights would we have over the data in them?

There is some legal precedent for the fifth amendment argument -- whether
personal diaries are protected is a subject of contention, and are not cell
phone data stores very much like personal diaries?

Unlike the fourth amendment, the fifth amendment is pretty much absolute, so
it's a stronger case.

The fourth amendment was not written with strong encryption in mind, just as
the second amendment did not consider nuclear weapons. So far, even the NRA
hasn't tried to argue that we have a second amendment right to tanks and
nuclear weapons.

~~~
hdevalence
> The fourth amendment was not written with strong encryption in mind

The fourth amendment, and other constitutional issues, were discussed via
encrypted mail. It's not like strong encryption (strong in the sense of
'beyond contemporary cryptanalysis', just as the cryptography we have today is
maybe not secure against future developments, e.g. quantum computing) was an
unknown concept 200 years ago. Indeed, a derivative of a device Thomas
Jefferson used for the purpose was used by the US Army in the first part of
the 20th century.

~~~
Tloewald
Good point! But the key was either something a person had to memorize or a
physical object. So it comes down to questioning (which goes back to the 5th
amendment) or search and seizure (which is what the 4th amendment is clearly
about).

In any event, both the impenetrability of strong encryption and the scope (the
value of the data that can be encrypted) are perhaps further beyond hand-
executed codes than an atom bomb is beyond a musket.

~~~
TheCoelacanth
> But the key was either something a person had to memorize or a physical
> object. So it comes down to questioning (which goes back to the 5th
> amendment) or search and seizure (which is what the 4th amendment is clearly
> about).

The same is true of modern encryption. At some point the key (or the
passphrase used to secure the actual key) will either be written down (or
stored digitally in plaintext) or memorized.

------
tomp
What bullshit.

> The homicide remains unsolved. The killer remains at large.

> Until very recently, this situation would not have occurred.

Until very recently, people weren't carrying smartphones, so the murders would
remain even more unsolved. At least the phone is a perfect medium for
fingerprints. And anyways, what were the police hoping to find? A photo of the
murderer? A note saying which direction the killer run? Most "useful"
information (messages, phone calls, location data) is available from the
network operators anyways.

~~~
justwannasing
The point is, the murders might be solved if they had access to the phone's
data.

~~~
cgearhart
The authors provide no evidence that this murder would or could have been
solved but for encryption. It is a tacit appeal to emotion seeking to play on
the revulsion of murderers that a non-technical audience can identify with
while they downplay real risks that don't evoke the same strong emotions so
that they will accept compromised security.

------
serichsen
> Until very recently, this situation would not have occurred.

Until very recently, people didn't even have smartphones that could have been
suspected to contain useful information.

> Apple and Google […] could no longer unlock their own products as a result.

It is not "their own product". It is the customer's. He has bought it.

The rest of the article is based on these false assumptions.

~~~
51Cards
>It is not "their own product". It is the customer's. He has bought it.

It is still their "Product" though, yes, they no longer own it. My car is a
product of General Motors. My computer is a product of Lenovo. My Phone is a
product of LG. Even though all are owned by me.

~~~
morganvachon
Literally speaking, you are correct, but I believe the insinuation was that
Apple and Google still _control_ the devices apart from encryption. And
really, that's true; both Apple and Google have the ability to add or remove
apps, remotely lock/wipe the device, and possibly eavesdrop on communications
to and from the device. The carrier also has some measure of control; they can
blacklist the IMEI so the device can't be used on their service, effectively
forcing the owner to change providers, and they also possibly can eavesdrop on
communications.

However, it seems the article author is under the assumption that Apple and
Google still "own" the devices and are just leasing them to the user, which
would imply that the companies should retain the ability to decrypt them at
will. However, the user is the one who ultimately owns the device, and Apple
and Google have started respecting that level of ownership by going hands-off
with encryption and allowing the owner to choose whether to encrypt and who
has access.

All of that said, I'd be surprised to learn there isn't some sort of limited
back door, probably in the baseband.

------
joshontheweb
A tragedy no doubt. However, governments have proven themselves many times
over of not being able to responsibly limit their snooping to legal and just
instances. This isn't Google or Apple's fault. This is the consequence of
decades of blatant disregard for the privacy of law abiding citizens by our
governments.

~~~
commentzorro
Hear, hear! If the U.S. Government hadn't broken trust then none of this would
be happening.

While I feel for these families, I don't think it's a fair trade-off to have
the government snooping on us all the time for the sake of a bunch of scared
old white people.

------
joesmo
I'm sorry but this article is not only stupid beyond belief, it was written by
the same prosecutor who prosecuted the Sergey Aleynikov case, obviously a
zealous idiot. It shows he knows nothing about encryption ... or the law for
that matter. This is a matter of civil liberties. Dead people were once alive
and had civil liberties. But instead, this case is the exception rather than
the rule. In every other case where authorities could not search the phone,
justice was served (it's called the 4th Amendment, something Vance knows
nothing about).

To have rights, you accept the slight increase in criminality that comes along
with that. My right not to be unlawfully searched does indeed let some
criminals get away because the cops can't search them. My right to privacy
does indeed let some people get away with murder because the cops can't search
my phone. That's the price and risk I take to have any civil liberties at all.
Of course, someone like Vance who wants to remove civil liberties altogether
(from this article), cannot possibly be expected to understand such an idea.

~~~
PhantomGremlin
Vance is truly a scumbag (I hope there's an exception to HN's name-calling
rules relating to people like him).

You mention Aleynikov. Here's what Vance is doing[1]:

    
    
       An ex-Goldman Sachs Group Inc. programmer who
       twice won reversal of guilty verdicts for taking
       the firm’s high-frequency trading code when he
       left for another job isn’t yet in the clear as
       prosecutors press an appeal.
    
       Manhattan District Attorney Cyrus Vance Jr. will
       challenge the dismissal of charges against Sergey
       Aleynikov, whose saga helped inspire Michael
       Lewis’s “Flash Boys,” Joan Vollero, a spokeswoman
       for prosecutors, said Monday.
    

Whatever anyone's opinion on the original merits of that case, the sheer
vindictiveness of the prosecutor is appalling. A more likely explanation is
that he's in thrall to Goldman Sachs.

[1]
[http://www.bloomberg.com/news/articles/2015-07-27/aleynikov-...](http://www.bloomberg.com/news/articles/2015-07-27/aleynikov-
prosecutor-will-appeal-dismissal-of-state-charges)

------
JumpCrisscross
This is an opinion piece by the City of London Police Commissioner, a Spanish
drug prosecutor, a Paris chief prosecutor and a Manhattan district attorney.
Hence this rubbish:

"None of our agencies engage in bulk data collection or other secretive
practices"

~~~
Tloewald
City of London? That's rich.

The United Kingdom is ground zero for bulk data collection. They're been
keyword-grabbing phone calls in real time, and had London under near total
video surveillance since the 90s.

~~~
geographomics
London is huge, there's nowhere near total surveillance. There's an abundance
of CCTV in many areas of central London, and throughout the tube network, but
it's very patchy elsewhere in the city.

~~~
eterm
The City of London is different from the rest of London, complete with
different police forces.

~~~
geographomics
You're correct, I had the "city of London" in mind rather than the "City of
London".

------
cryoshon
This article is a load of bull, as other people have indicated. There's almost
certainly a backdoor built into these devices, and that backdoor isn't
something that will get trotted out for something as "trivial" as the poor
killing each other. The government can already access these data, they're just
looking to escalate their level of intrusiveness by making a political case
for decentralization of the backdoor exploitation.

I'm really running out of "if they can do this bad thing, we'll be super
fucked" because they've been able to get clearance to do or keep doing more
and more invasive surveillance over the years. If local PDs can crack into our
phones at will (and they are already there via stingrays and their airplane
equivalents) we are going to be in for a bad time. Remember how petty and
disgruntled the cops are? Now they've got the metadata and content data of
your communications because you said the wrong thing at a traffic stop. That's
assuming they aren't owning you from the moment your phone connects to the
tower. "Exigent circumstances require it" and all.

------
geographomics
In the UK they've sidestepped this concern by making the refusal to decrypt an
imprisonable offence:
[https://wiki.openrightsgroup.org/wiki/Regulation_of_Investig...](https://wiki.openrightsgroup.org/wiki/Regulation_of_Investigatory_Powers_Act_2000/Part_III)

Though of course it doesn't help if the owner of the device is unknown, as
alluded to in the linked article.

~~~
dtech
Doesn't this directly contradict the European "right to remain silent" [1]

[1]: Europe human rights court:
[http://www.bailii.org/eu/cases/ECHR/1996/3.html#para45](http://www.bailii.org/eu/cases/ECHR/1996/3.html#para45)

~~~
geographomics
Perhaps, but it wouldn't be the only UK law to do so, for example section 2
the Criminal Justice Act 1987 requires disclosure to investigations by the
Serious Fraud Office, and schedule 7 of the Terrorism Act 2000 also compels
the detainee to answer any question asked. Both of these also under penalty of
imprisonment and/or fine.

------
m82labs
"If only people would let us put cameras in their homes, we could protect them
from crime." \- Fake Quote

------
joshstrange
> Now, on behalf of crime victims the world over, we are asking whether this
> encryption is truly worth the cost.

Yes, yes it is.

This is an EMBARRASSINGLY sad excuse for journalism. NYT should be ashamed for
publishing such crap.

~~~
pc2g4d
It's not meant to be taken as journalism---it's an opinion piece.

------
lawlessone
Those passcodes aren't usually long?

I'm not trying to add to the debate here but couldn't they brute force it?

~~~
huxley
You can set your iPhone to secure erase after 10 failed pass-code attempts.

In addition you can use long alphanumeric pass codes and even the default new
passcode option is being increased to 6 digits (though you can choose a 4
digit option).

This renders the brute force option pretty useless. Which I'm fine with, I
don't want to make things easier for crooks or identity thieves.

~~~
dtech
Would that work against a determined opponent with physical access?

Unless the iPhone has some fairly high-grade encryption hardware I suspect you
can just do fun things like copy the (encrypted) storage/key to brute-force it
without the safety mechanisms kicking in.

~~~
huxley
It does have some pretty fancy encryption hardware and Apple seems to have
made it very difficult to do even with physical access.

David Schultz wrote a pretty comprehensive article about it:

[http://www.darthnull.org/2014/10/06/ios-
encryption](http://www.darthnull.org/2014/10/06/ios-encryption)

------
skue
For those in the US, here is contact information for the Manhattan DA's
office. Although Cyrus R. Vance Jr. was speaking as an elected politician, the
main operator and press office were not sure where to route incoming calls
from voters, so here are a few options.

    
    
      Main:  (212) 335-9000
      Press: (212) 335-9400
      Cyber: (212) 335-9600 (Hotline)
    

If you prefer email, I was told to use press@dany.nyc.gov

Please think about what you will say beforehand, be very polite, but be heard.
And given that Vance wrote alongside DA's from France, UK, and Spain, there is
no reason to not call if you live outside of Manhattan.

We should probably share similar information for the offices in London, Paris,
and Madrid.

------
cgearhart
Politics & FUD aside...has anyone evaluated the technological feasibility of
what they're asking for? It sounds like unobtainium. A backdoor that the
manufacturer maintains that allows the State to unlock whatever data they like
-- how does that not pose an unacceptable risk of future data breaches and
security compromises?

This is insane. I quietly hope the explanation is cynical motivation that they
expect these arguments will be effective, because I am otherwise genuinely
terrified that these people are in a position of power with such a poor grasp
of the technologies in question as would be required to actually _believe_
what they're saying.

------
Dodds_m
I consider full disk encryption to be a major feature of the phone (as I'm
sure do many others). Part of me is glad to see people in government
complaining about it because I'm assured that it works as intended.

------
mikhailt
In addition to what everyone else said, there is no evidence that the
criminals wouldn't just run their own encrypted tools on top of these devices.

The ONLY people that will be harmed are the general public that did not
violate any laws because they would be blocked by laws to use the tools to
protect themselves from the criminals who does not give a flying fuck about
the laws against encryption tools. These guys are fooling themselves if they
think having a legal law authorizing backdoors will make everything okay.

Full disk encryption has been around for a decade or more for PCs, where is
the outcry about that?

------
SG-
Are we supposed to believe that an iPhone 6 would contain everything needed to
solve the murder? Last time I checked my iPhone isn't recording everything
24/7 and it was likely in his pocket or something too since it wasn't stolen
or taken.

Furthermore if someone died and used privacy tools then so be it. For all we
know he likely wouldn't want his entire life (personal photos, videos and
messages) to be seen by a bunch of random people.

~~~
justwannasing
The info on the phone could indicate who he spoke to last and potentially who
he met with when he was killed.

~~~
xyzzy123
... which would also be available from the carrier, as would location records
from both phones, etc etc. I don't get this opinion piece, the IMEI on the
back of a phone should be more than enough (with a little police work) to
figure out who owned it.

------
mathetic
Long story short, the article is weak because a sample of one means _nothing_.

The real reason why things are gonna be end-to-end encrypted from now on is
because _we can_ and there is nothing anyone can do about it. Technology >
policy.

~~~
justwannasing
Your argument is weak if you think this has happened only once and will rarely
happen again.

------
Shivetya
Got to love a police where they assume not being able to access a device
encourages crime. Parts of the article state that being able to access items
used by criminals is important but the majority of phones are never used as
such so by their own phrasing they should never have access to one.

I really will loathe the day where I am required by the cell phone company to
take an update which negates the current encryption my phone has. People who
think that day might not come are kidding themselves.

~~~
justwannasing
ISIS, and other terrorist groups, encode all their data and use TOR in an
effort to hide from efforts to catch them so, yes, encryption is used for
that.

------
coggy
Somewhat related debate of law enforcement's needs vs user's need to privacy:
[https://www.youtube.com/watch?v=SZSr9Ao8zBY](https://www.youtube.com/watch?v=SZSr9Ao8zBY)

------
sebnap
Propaganda

