
U.S. Law Enforcement Seeks to Halt Apple-Google Encryption of Mobile Data - coreymgilmore
http://www.bloomberg.com/news/2014-09-30/u-s-seeks-to-reverse-apple-android-data-locking-decision.html
======
declan
I was living in DC during the first Crypto Wars of the late 1990s and covering
them as a reporter (I've since shifted to working on recent.io, of course). It
sure looks like this will be Crypto Wars II: the Feds Strike Back.

From my experience a key question to ask is: What would the eventual law say?
Will it make it a federal felony to possess an encrypted phone? Or a federal
felony to sell one?

The FBI endorsed H.R. 695 the last time around, which would have done the
latter. Read it for yourself:

 _" Whoever, after January 31, 2000, sells in interstate or foreign commerce
any encryption product that does not include features or functions permitting
duly authorized persons immediate access to plaintext or immediate decryption
capabilities shall be imprisoned for not more than 5 years, fined under this
title, or both..."

"After January 31, 2000, it shall be unlawful for any person to manufacture
for distribution, DISTRIBUTE, or import encryption products intended for sale
or use in the United States, unless that product-- `(1) includes features or
functions that provide an immediate access to plaintext capability...
requiring any person in possession of decryption information to provide such
information to a duly authorized investigative or law enforcement officer..."_
([http://thomas.loc.gov/cgi-
bin/cpquery/T?&report=hr108p4&dbna...](http://thomas.loc.gov/cgi-
bin/cpquery/T?&report=hr108p4&dbname=105&))

Note the _distribution_ ban above. That would have hit open-source and free
software projects.

Put another way, implementation details matter. A lot of voters might agree
with the general proposition that law enforcement should have a way to snoop
on terrorists|child pornographers|drug kingpins. They might not agree that a
14-year HN reader with a forked version of Android|AOSP on Github should go to
prison for 20 years because he dared to distribute an unencrypted OS.

~~~
diminoten
I may be as naive as hell here, but when you go from, "we don't want US
citizens selling crypto devices to terrorists" to "Timmy's going to see the
inside of a jail cell for 20 years for giving Mark a copy of TailsOS" I just
can't see how a judge or jury would let it go that far, and I don't think
unintended consequences have _ever_ gotten that bad.

It just smacks of fear-mongering. "They'll literally lock up your children!"

~~~
declan
Yep, sorry, you're naive. :) The law != common sense. If a law is on the
books, it may be applied broadly, even to Timmy and Mark. That's why it's
important to ensure the laws are sensible _before_ they're enacted.

Here's one example. Let's say there's a 16-year old girl and a 17-year old boy
who are in a consensual dating relationship and, you know, take some racy
photos of one other. The photos were taken consensually, not shared with
anyone else, and stored only on their own computers/accounts. And let's say
they're living in Florida and under state law, they're legally old enough to
have sex with each other.

It would be fear-mongering to expect that these two happy teenagers would ever
be prosecuted and convicted on "child pornography" charges, right? Except they
were. And, as I wrote in 2007, a Florida appeals court upheld their criminal
conviction:
[http://news.cnet.com/2100-1030_3-6157857.html](http://news.cnet.com/2100-1030_3-6157857.html)

Yes, sorry, Timmy and Mark, sometimes a judge and jury will let it go that
far. Sometimes they will "literally lock up your children..."

~~~
diminoten
Ah, but that plays into the US's very strange views on sex. It feels like an
exception, rather than the general rule.

~~~
sitkack
Yes, but... the law is not rational. It will execute the code you give it.

~~~
gear54rus
Exactly. This is precisely the point. It will interpret and execute whatever
code is thrown at it. The problem is that the code is NOT DETERMINISTIC (or
non-deterministic, whatever). It can be interpreted in a variety of different
ways.

This and the fact that 'compiled' code is sometimes altered by applying some
money-based side effects gives us some pretty ridiculous results.

Correct me if I'm wrong but there's no easy way to fix this problem.

~~~
Roboprog
Don't think of it as corruption, think of it as aspect oriented programming!

BEFORE: go to jail

APPLY: expensive lawyer, public pressure

------
gnarbarian
They are going straight into "think of the children mode"

" Smartphone communication is “going to be the preferred method of the
pedophile and the criminal. We are going to lose a lot of investigative
opportunities."

Apparently "what about the terrorists?" isn't as effective anymore. Let's hope
the public will see through their manipulative talking points.

~~~
brational
I don't understand this argument. Wouldn't law enforcement still be allowed to
access phone records unecrypted if they have an actual suspect and court
order?

~~~
williamcotton
With end-to-end encryption where the messages are encrypted and decrypted on
the client it would not be possible for anyone with access to phone records or
central servers to read what was said. They would need to obtain the private
keys that are generated on the client devices themselves.

~~~
brational
But they'd still be able to do that given a warrant? Or is this unwarrantable
protection, for lack of a better word?

~~~
chaz72
Nope. They could use a warrant to compel the sender or the recipient of the
messages to unlock them or face jail time. But Apple doesn't have the keys.

~~~
netcraft
wouldn't the 5th amendment protect against that?

~~~
smtddr
I think the most important thing here is that law enforcement must approach
the individual. What happens next may end up a complicate web of legal
acrobatics, but the individual at least knows the law is after them. That's a
good thing, IMHO. If your privacy is being violated by police forcing you to
open your phone to them... at least you know the "when", "how" and "what" info
they're getting. I'm also pretty sure you'd at least have a strong suspicion
on the "why" it's happening to you as well - fair or otherwise.

------
cwal37
This seems like one of the most obvious media presses I've ever seen. I can't
decide whether it's good to see the press that security is getting, and have
the same terrible LE quotes show up, or bad that there is such widespread
dissemination that LE is unhappy about this and hey if you're a good citizen
you will buy a phone we can more easily unlock.

Here are the same or similar articles:

-WSJ 8[1] and 5[2] days ago

-Washington Post 5 Days ago[3]

-NYTimes 4 days ago[4]

-TIME 3 Days ago[5]

-Fortune 3 days ago [6]

[1] [http://online.wsj.com/articles/new-level-of-smartphone-
encry...](http://online.wsj.com/articles/new-level-of-smartphone-encryption-
alarms-law-enforcement-1411420341)

[2] [http://online.wsj.com/articles/fbi-director-raises-
concerns-...](http://online.wsj.com/articles/fbi-director-raises-concerns-
about-smartphone-security-plans-1411671434)

[3] [http://www.washingtonpost.com/politics/fbi-chief-new-
phone-e...](http://www.washingtonpost.com/politics/fbi-chief-new-phone-
encryption-could-cost-
lives/2014/09/25/e152383e-44df-11e4-8042-aaff1640082e_story.html)

[4] [http://www.nytimes.com/2014/09/27/technology/iphone-locks-
ou...](http://www.nytimes.com/2014/09/27/technology/iphone-locks-out-the-nsa-
signaling-a-post-snowden-era-.html?_r=0)

[5] [http://time.com/3437222/iphone-data-
encryption/](http://time.com/3437222/iphone-data-encryption/)

[6] [http://fortune.com/2014/09/27/apple-and-the-fbi-re-enact-
the...](http://fortune.com/2014/09/27/apple-and-the-fbi-re-enact-
the-90s-crypto-wars/)

~~~
AJ007
Whether or not its a coordinated media blitz or just journalists piggybacking
on each other for content I don't know. That it is coming out at the same time
new iPhones could go either way.

Things that people are completely missing about this story: -Big difference
between domestic & local law enforcement and NSA/DoD/CIA. Nothing prevents
backdooring of a phone or someone spying as the user enters their simple
password. Local law enforcement doesn't have these resources and has gotten
used to access to all kinds of evidence that never existed. What Apple may or
may not have done just pushes the cost up.

-I think Apple is very scared about being locked out of the Chinese market right now. The new iPhones have not been approved yet last I heard. This is a big fucking deal that would wipe out a huge chunk of Apple's market cap. They are not going to budge because some local law enforcement officers claim only child molesters use iPhones.

-Google is in a similar boat except they are already locked out of China, likely will get locked out of Russia soon. They would like to be able to still make money in Brazil and the EU.

-I think it is a good trend for the pushback from tech companies. There is no good answer for international legal compliance for user records. Records should be accessible once an account has been compromised locally, not because any judge in any country on earth can search all of your user data on any user in any other country. Between Dropbox, Dropcam & all of these other cloud services, right now a user has no idea who has access to _all_ of their data _all_ of the time. Time travel back two decades, no one is stealing all of your data over a dial up modem. Nor is a device recording every square foot of where you are at every moment. The tools law enforcement have access to right now are _godlike_

~~~
sitkack
Stories need to be in the queue longer than the rate these were published by
different news desks. This is obviously a PR push by skilled people placing
stories. That is PR, public relations, press relations, people have a full
time jobs getting stories placed.

I'd really like to see the government NOT be able to hire PR firms. This is
propaganda.

------
ary
Outside of having a plethora of security experts audit and certify these
services I'd say this is about as close as you can get to a ringing
endorsement. The only way it gets better is if other governments follow up
with the same complaints.

Ultimately I'm pleased that this kind of thing even makes the news. Ideally
government becomes almost totally transparent and private matters become
nearly opaque (there will always be the investigative aspect of law
enforcement). Any reasonably sharp person can now see that the exact opposite
is happening. Governments are demanding an ever increasing amount of secrecy
while simultaneously requiring that the public give up all hope of privacy.
Just to have had this idea escape the realm of conspiracy theory seems like a
miracle to me.

~~~
scintill76
> I'd say this about as close as you can get to a ringing endorsement

Or they just want criminals to think that all they have to do is buy an Apple
or Google phone, and they can't be caught.

~~~
ary
> Or they just want criminals to think that all they have to do is buy an
> Apple or Google phone, and they can't be caught.

There is a greater incentive to let Apple or Google do that kind of marketing
and quietly exploit the vulnerabilities (ie, what's been happening with the
NSA for some time now). If it had the appearance of working but actually
didn't you wouldn't hear a peep from any government.

~~~
xnull
Unless they need to rebuild the reputations of companies that got hurt by the
disclosure of their prior partnerships (ahem, which notably included Apple and
Google).

~~~
ary
After considering this and other comments saying the same I would tend to
agree. There could certainly be a PR angle to the whole thing.

------
erichurkman
> Their requests to the companies may include letters, personal appeals or
> congressional legislation, said a federal law official who requested
> anonymity to discuss the sensitive issue.

I love that, in an article arguing against secure privacy, the official
requested anonymity.

~~~
sarciszewski
This happens so frequently that I've become numb to it, but now that you point
it out it's still ironic.

------
Arjuna
My reply is... _" What about the Fourth Amendment to the United States
Constitution?"_

Would we really be having these discussions if Americans (speaking as an
American here) were better-educated on our own rights, our own foundation, the
very fibers of our own history?

I mean, this is such a simple amendment, so crystal-clear and eloquent. After
reading it (see below), how can there possibly be any doubt as to how the
proverbial wool is being pulled over our eyes?

 _Fourth Amendment to the United States Constitution_

"The right of the people to be secure in their persons, houses, papers, and
effects, against unreasonable searches and seizures, shall not be violated,
and no warrants shall issue, but upon probable cause, supported by oath or
affirmation, and particularly describing the place to be searched, and the
persons or things to be seized."

~~~
happyscrappy
You should better educate yourself, the article is about seizure _with_ a
warrant, with which Apple and Google will no longer be able to help them.

~~~
Arjuna
_" You should better educate yourself, the article is about seizure with a
warrant, with which Apple and Google will no longer be able to help them."_

To add to the other great comments:

I understand that it is via warrant. In fact, the article states that Apple
said, "It's not technically feasible for us to respond to government warrants
[...]".

My concern is perhaps more nuanced. Put aside the warrant issue for a moment.
That is to say, where do we draw the line and say, "This type of sweeping,
'open everything up and stop encrypting' request is a violation of, 'the right
of the people to be secure in their persons, houses, papers, and effects?'"

In summary, my contention is that forcing companies to open up in this manner
violates the explicit right of the people to be secure.

~~~
seanflyon
> Put aside the warrant issue for a moment

I don't think we can put aside the warrant issue when talking about your right
to be secure. Your right to be secure is only against unreasonable search.

"The right of the people to be secure in their persons, houses, papers, and
effects, against unreasonable searches and seizures, shall not be violated,
and no Warrants shall issue, but upon probable cause, supported by Oath or
affirmation, and particularly describing the place to be searched, and the
persons or things to be seized"

You could argue that we should have the unqualified right to be secure, but
the constitution disagrees. I think a better argument is that warrants are
issued without probably cause or not explicitly describing what is to be
searched.

------
xnull
I hypothesize that this is a coordinated yet simple ruse to rebuild trust in
these brands post-Snowden [1][2]. There was similar press coverage regarding
the DEA and iCloud encryption that was misreported in a similar way [3]. The
Intercept (where Glenn Greenwald is now reporting from) has a story on what
data Apple can still easily give away if you do believe they can't decrypt
individual machines [4]. But maybe you don't believe it given the report from
the ACLU on backdoors built into iPhones that circumvent encryption [5], and
the Hope X talk on backdoors security researchers independently discovered
[6].

More importantly, Apple's warranty canary was removed which either means they
were served by National Security Letter or (if you're optimistic sort of
person) that they are no longer committed to notifying consumers in the event
that have been, which flies directly in face of all the PR talk of security
commitment recently [7]. Plus remember, Apple can push whatever software they
want to your personal device. That's how smartphones work.

We are led to two questions:

A) Why wouldn't the same tactics, National Security Letters and ORCHESTRA-type
attacks work [8]? Don't we remember from the Snowden leaks that NSA agents
infiltrate tech companies and backdoor software at the source when other
avenues are closed or gridlocked?

B) Why all of the publicity about about how secure Apple's product are from
snooping? Do we really think we can get away from ubiquidous global
surveillance that easily?

I'm sorry. Investigative bodies don't publicly announce what technologies they
can't track. There is no phone you can buy on the mass market that will keep
your data safe with the exception of - perhaps? - the BlackPhone [9].

[1] [http://www.businessinsider.com/apple-google-meet-with-
obama-...](http://www.businessinsider.com/apple-google-meet-with-obama-2013-8)

[2] [http://www.huffingtonpost.com/2013/12/17/obama-tech-
executiv...](http://www.huffingtonpost.com/2013/12/17/obama-tech-
executives_n_4460967.html)

[3]
[https://www.schneier.com/blog/archives/2013/04/apples_imessa...](https://www.schneier.com/blog/archives/2013/04/apples_imessage.html)

[4] [https://firstlook.org/theintercept/2014/09/22/apple-
data/](https://firstlook.org/theintercept/2014/09/22/apple-data/)

[5] [https://www.aclu.org/blog/technology-and-liberty-criminal-
la...](https://www.aclu.org/blog/technology-and-liberty-criminal-law-reform-
immigrants-rights/new-document-sheds-light)

[6]
[https://pentest.com/ios_backdoors_attack_points_surveillance...](https://pentest.com/ios_backdoors_attack_points_surveillance_mechanisms.pdf)

[7] [https://gigaom.com/2014/09/18/apples-warrant-canary-
disappea...](https://gigaom.com/2014/09/18/apples-warrant-canary-disappears-
suggesting-new-patriot-act-demands/)

[8]
[http://mirror.as35701.net/video.fosdem.org//2014/Janson/Sund...](http://mirror.as35701.net/video.fosdem.org//2014/Janson/Sunday/NSA_operation_ORCHESTRA_Annual_Status_Report.webm)

[9] [https://www.blackphone.ch/](https://www.blackphone.ch/)

Additional reading:

(1)
[https://www.schneier.com/blog/archives/2013/06/the_problems_...](https://www.schneier.com/blog/archives/2013/06/the_problems_wi_3.html)

(2)
[https://www.schneier.com/blog/archives/2013/10/defending_aga...](https://www.schneier.com/blog/archives/2013/10/defending_again_1.html)

(3)
[https://www.schneier.com/blog/archives/2012/08/is_iphone_sec...](https://www.schneier.com/blog/archives/2012/08/is_iphone_secur.html)

~~~
chaz72
Apple has staked their reputation on the line and said "send us an NSL if you
like, we have nothing we can give you". And the cryptographic principles, if
executed properly, are sound.

Maybe they're lying. Maybe Snowden 2.0 will come out next year and tell us the
truth and instantly destroy their credibility. That's a gamble I wouldn't take
with my company, but it's plausible.

See I figure, if you're a threat to National Security, the NSA still has
options. They just don't include monitoring over the wire or asking Apple or
Google for it.

edit: The Intercept article [4] you mention above suggests to me more that
they aren't yet finished implementing it properly and less that they are
lying. I would take it as a work in progress.

~~~
diminoten
What makes you think it's such a big gamble? People just don't care about
privacy as much as the news would have you believe.

Don't believe me? Quick, think of one of the largest and most consistently
flagrant private entities who violates the privacy of its users on a regular
basis, and is well known for it.

Did you say Google? Facebook? Now quickly think of two of the largest
companies on the Internet, both in revenue, and traffic volume.

Apple isn't taking nearly the risk you're suggesting, because people just
don't care.

~~~
chaz72
Until Apple promised it so explicitly, I'd have said you might be right. True,
Google and Facebook make zillions off of monitoring people for advertisers.
That will make it harder for them to follow suit, there will be far more
weasel words and such when they try.

I think those of us that are willing to pay the premium for something that
promises more have higher expectations. If they are lying, I believe we'll
know within the next year or two and we'll get to find out if you're right.

~~~
mcintyre1994
Out of interest do you have an example of Google's weasel wording this issue?
They're getting criticised by all the same people and seem to be doing the
same thing - is there actually an advantage either way here?

Just to clarify, I'm skeptical on both sides - both companies were in the
prism leaks after all. But I haven't seen weasel wording and I'm curious if I
missed it.

~~~
chaz72
Actually, no, that was just a prediction. I am making an assumption - and
maybe not a fair one - that because Google mines user data on the web that
they also mine user data on the phone.

Skepticism seems warranted. With Apple, I try to be skeptical, but with
Google, I always assume that I am the product until they demonstrate
otherwise.

~~~
socceroos
I do believe in that claim.

------
slavik81
"Law enforcement officials emphasized that they get court orders, and that
they aren’t seeking to randomly root through phones."

Right. Rooting through phones without a court order is the NSA's job. That
makes me feel better.

------
BillFranklin
The Chicago Chief of Police genuinely said this:

>"Apple will become the phone of choice for the pedophile. The average
pedophile at this point is probably thinking, I’ve got to get an Apple phone."

~~~
donohoe
Well, if I was trying to break the law then, yeah, I would absolutely go an
get an Apple phone if I didn't already have one.

~~~
mikeash
I'd also buy a Toyota or a Honda car, since it's less likely to break down
while fleeing the police. Clearly, reliable automobiles are part of a pro-
crime agenda.

~~~
whistlecrackers
So is that why the federal government poured our money into GM and Chrysler?

Oftentimes those with an anti-firearms agenda point out that Glocks are
preferred among mass murderers. Glock is to guns as Toyota is to cars;
reasonably priced and notoriously reliable.

~~~
mikeash
There's so much stupidity in the gun debate on all sides. It's rare to see a
cogent argument anywhere.

The basic idea applies to any dual-use technology, of course: criminals will
prefer the better items for the same reason law-abiding citizens prefer the
better items. Thus, "criminals prefer X" is not, by itself, any reasonable
argument against X in a dual-use technology.

------
suprgeek
Classic Fear mongering at its finest.

Blatantly violate the public trust repeatedly by Blanket illegal surveillance,
discredit anyone who reveals it, call them a traitor.

Then when people & companies get pissed at this over-reach and the gloating
(smiley faces on NSA slides) and start putting up technological fixes to ward-
off against this bullshit begin fear mongering.

I think all manner of Masks, Steel doors, etc should be immediately outlawed
-after-all some one can kidnap children wearing a mask and WE CANNOT CATCH
THEM! Steel doors slow down access by law enforcement THINK OF THE CHILDREN!

BS at its finest.

------
Afforess
What a terrible article. Excerpt:

 _They have created a system that is a free-for-all for criminals_

So we should give up all rights to privacy to help catch criminals?

 _What concerns me about this is companies marketing something expressly to
allow people to place themselves beyond the law_

Maybe that says more about your laws than the desire for privacy?

~~~
MCRed
My sympathies for the FBI's concern about people being "beyond the law" is
lessened a great deal given the past decade of revelations of illegal actions
at FBI forensic centers, and the complete lack of prosecutions, not to mention
the NSA spying, etc. Even the TSA is in violation of the law (fourth amendment
protects against search without warrant, USC 18-242 makes violating that a
federal crime, and a felony if done while armed.)

I'd like to see the government stop being "beyond the law".

~~~
pyromine
Okay the TSA argument is brought up all the time, and the overall consensus as
that you are voluntarily giving up your fourth amendment rights by consenting
to the search.

~~~
dmix
But failure to comply = restrictions of freedom of travel.
[https://en.wikipedia.org/wiki/Freedom_of_movement_under_Unit...](https://en.wikipedia.org/wiki/Freedom_of_movement_under_United_States_law)

It is not voluntary for airports to use TSA. Therefore you have no alternative
options when it comes to air travel. Saying traveling by ground is an adequate
alternative is nonsense.

------
edwhitesell
If the government had proven itself trustworthy enough to follow it's own
processes for accessing information only after obtaining a warrant, I could
agree with the argument. However, things escalate when one side can't trust
the other. Encryption is needed.

~~~
dmfdmf
This is my view. Law enforcement from the Feds on down have lost the trust of
the American people.

They have lied to us, misrepresented what they are doing and now use the
scoundrel's argument "what about the children?". The growing threat of a mass
surveillance govt is real and in the long run a bigger threat to freedom than
the so-called terrorist. I find the idea of a mass surveillance govt more
terrifying than a few religious nuts with bombs or even hijacked planes.

------
zachdunn
This is a bit like protesting door locks because they make it harder to pop in
and look around.

~~~
slg
I don't support what the government is trying to do here, but minimizing this
issue like this is not doing us any favors.

The issue isn't that law enforcement can no longer "look around" your phone.
The issue is that they can no longer get a warrant and use what is on your
phone as evidence in an investigation or court case without the phone owner's
cooperation. Basically your phone goes from being personal property that can
be used against you as evidence to an extension of your mind that is now
subject to 5th amendment protection. That is a big shift.

In terms of your originally analogy, encryption isn't a simple door lock, it
is a magical warrant proof lock. I certainly understand why law enforcement
wouldn't be happy about this.

~~~
alasdair_
We should ban the ownership of non-trivial safes for the same reason then. We
should also prevent people from writing things in non-approved languages, in
case in makes the understanding of things more difficult when a warrant is
served.

Hell, if I just hide my information in a stack of a million other paper files,
that would be enough to thwart all but the most determined investigator from
accessing it without my cooperation.

~~~
csandreasen
A long time ago I worked in a guarded military vault with lots of safes - I've
never seen one that would take more than an hour or two to break into. The
idea is to slow an attacker down long enough that they can be detected and
security can get on the scene to deal with them.

None of your examples would prevent an investigator from finding evidence,
only delay them. Strong encryption enabled by default could slow down an
investigation to the point where it would go on past the heat death of the
universe.

------
bad_user
> _Smartphone communication is “going to be the preferred method of the
> pedophile and the criminal. We are going to lose a lot of investigative
> opportunities.”_

Wow, the think of the children lines are so overused, I wonder why they aren't
obnoxious for regular folks. And I'm a father of a 4-year old and I can really
understand the natural urge to protect children from pedophiles, but this is
becoming ridiculous, plus as a father I also don't want my child to grow up in
a world in which he has no privacy rights. If a device for reading one's mind
would be invented, it would instantly be used by government agencies, because
investigative opportunities and if law enforcement could do that, than so
could criminals and oligarchs - yet our laptops and phones are an extension of
our mind and we really aren't far from such a dystopian future.

These people act as if this technology existed since the dawn of men. What on
earth did people do before being able to snoop on our digital footprint? And
is there any evidence that these _investigative opportunities_ are lowering
criminality or are we talking hypothetically?

------
donohoe
So..

its revealed that the NSA is abusing our privacy, and people react
accordingly, and now legitimate law enforcement efforts are being thwarted.

Don't blame the tech sector, let them blame the NSA's over-reaching charter

~~~
chroem-
Nobody's law enforcement efforts are being thwarted. They just want to
convince demographic A that their devices are unhackable and completely NSA-
proof, and convince demographic B that anyone who values their civil liberties
is a terrorist pedophile that hates freedom.

These companies are documented data providers for the NSA.

------
mullingitover
Google and Apple's marketing teams must be relishing this. I'm guessing it's
very dangerous in their departments right now with the champagne corks flying
everywhere.

~~~
eli
I doubt that. I'm sure they anticipated this response, but I think you greatly
underestimate how many people subscribe to the "nothing to hide" theory of
privacy and/or are genuinely worried this might aid pedophiles or terrorists.

~~~
Ntrails
I can't see how you'll see a backlash against the companies on the move, if
only because there's no real competition and no value in being "the phone the
authorities can easily monitor"

The worst case scenario is that they get large amounts of press (not all
positive), fight for the rights of their users to have private data, and lose
to a government they never expected to defeat. That's still a win.

~~~
fnordfnordfnord
There is value in not being the pedo/terror phone. That's one of the
traditional attacks on information privacy.

------
blackaspen
The Director of the FBI James B. Comey says: "What concerns me about this is
companies marketing something expressly to allow people to hold themselves
beyond the law."

See, that's funny. Because what concerns me is that the government thinks they
are beyond the law.

------
saul_d
You can never trust any "encryption" that you don't handle entirely yourself.

This seems to be some more theater, aiming to deceive the general public with
regards to the "safety" of this "encryption".

~~~
lotu
Of course if you implement encryption yourself you almost certainly did it
wrong and are leaking data. This assumes you even know how to "do it
yourself".

~~~
saul_d
I didn't mean "write your own solution", I meant:

You can only trust public key encryption and you need to create all keys
yourself and you need to have 100% exclusive access to the private key.

And then, you need to pray and hope that the NSA hasn't figured out a way
around it and won't too soon.

------
biafra
I have full disk encryption enabled on my Mac since Lion. Why is it such a big
deal that I have it on my phone too? Or am I missing something and the keys to
my computer storage are leaked to Apple somehow?

~~~
feld
By default it is backed up to iCloud through your keychain...

This is why I enabled encryption with the fdesetup command manually so the GUI
can't "have a bug" that backs it up to iCloud/keychain anyway.

[https://developer.apple.com/library/mac/documentation/Darwin...](https://developer.apple.com/library/mac/documentation/Darwin/Reference/Manpages/man8/fdesetup.8.html)

edit: you want to ensure you don't use the -keychain option, and then you want
to write down the recovery key it prints out and store that somewhere safe.

------
EGreg
Once again this is an issue of centralization. Imagine everything is
decentralized - mesh networks, open source server software, social networks
etc. How is a government going to enforce that no one runs a private encrypted
network? And using one step of tunneling how would it make sure no one runs a
VPN? Short of a total physical police state like the USSR under Stalin the
only thing they could do is mandate backdoors in physical devices. Because
manufacturing is going to be the last bastion of centralization. If you think
I'm joking, see this and this:

[http://www.popularresistance.org/new-intel-based-pcs-
permane...](http://www.popularresistance.org/new-intel-based-pcs-permanently-
hackable/)

[http://wccftech.com/intel-possibly-amd-chips-permanent-
backd...](http://wccftech.com/intel-possibly-amd-chips-permanent-backdoors-
planted-nsa-updated-1/)

[http://www.technologyreview.com/news/519661/nsas-own-
hardwar...](http://www.technologyreview.com/news/519661/nsas-own-hardware-
backdoors-may-still-be-a-problem-from-hell/)

And lest you think only governments do this, a lot of hardware DRM has been
almost entirely the result of the entertainment lobby and licensing:

[https://plus.google.com/app/basic/stream/z13qtnxhuojytbjbr04...](https://plus.google.com/app/basic/stream/z13qtnxhuojytbjbr04ci3cowrmtehsy324)

As you can see the main targets are still INSTITUTIONS. Once they are
decentralized it will be harder to control who makes the software. If you want
to read my own thoughts on these things, see these two links:

[http://magarshak.com/blog/?p=114](http://magarshak.com/blog/?p=114)

[http://magarshak.com/blog/?p=169](http://magarshak.com/blog/?p=169)

------
ChuckMcM
Again, I find the narrative interesting. It would be more compelling if the
government had shown that it could be trusted with the ability to snoop, too
bad they screwed that up.

------
IkmoIkmo
I remember reading about Hal Finney about a year ago, and then about the
cypherpunks and all, including about PGP. And I was surprised to see how
recently an encryption standard was deemed a weapon, and sharing the algorithm
was deemed exports of weapons, a punishable offense, particularly if say, an
Iranian would come to read the algorithm on some forum post! That meant jail-
time, treason!

Ridiculous, I thought surely we'd be a bit more enlightened about these things
in the 1990s. It felt almost comical, as if it was a joke.

Now this. Two consumer companies we all know and love, implement an encryption
standard by default that has been openly available to the world for many
years, and we already see talk of preventing it through congress. It feels
like we're back in 1993.

Just gonna leave this here: [http://weknowmemes.com/wp-
content/uploads/2012/01/how-would-...](http://weknowmemes.com/wp-
content/uploads/2012/01/how-would-you-like-this-wrapped.jpg)

How would you want it wrapped? Protect the kids or anti-terrorism.

They literally wrapped this one up twice, mentioning both the terrorism and
the pedophiles. Sigh.

------
underbluewaters
"“This is a fundamental tension,” Howe said. The “balance between how much
privacy you’re allowed to have and how many rights the government has” is a
question that has continued historically in the U.S., he said."

Uh.. I thought I had unalienable rights as a human being, from the Creator or
whatever. It's not about privacy the government "allows" me to have.

------
jxf
I don't think they care so much about preventing encryption --after all, you
can already encrypt your iPhone or Android device, if you really want to.

What they're much more concerned about, IMO, is that this could now be the
_default_. No longer would there be a presumption that someone has "something
to hide" if they're encrypted when everyone else is, too.

------
djyaz1200
"Well I ain't passed the bar but I know a little bit, enough that you won't
illegally search my shit!" -Jay Z

------
matthewmacleod
So this does actually pose an interesting conundrum, I think.

Setting aside the specifics of this matter, I think that most people would
accept that in some circumstances, covert surveillance of suspected criminals
is an acceptable law enforcement tool. Of course, it must be subject to
suitable (not rubber-stamped) judicial approval, rigorous guidelines,
limitations etc.

From that perspective, secure and encrypted communication channels that are
now becoming more generally available and usable by the public reduce the
ability of law enforcement to gather evidence using traditional surveillance
tools. It's no wonder that they would react negatively to them, even assuming
there were no malicious intentions.

I wonder what the balance will be? Does law enforcement have to simply accept
that surveillance of this sort will no longer be possible? I can't see any
logical way of simultaneously retaining useful control and allowing regulated
legal access to communications.

~~~
guelo
Getting access to your personal life recorder, which is what smartphones are,
is not a "traditional surveillance tool" as you call it. It's a new
surveillance tool that has shown up over the last 7 years. Before cops had
access to every single thing you do via the smartphone, civilization did not
collapse.

------
shmerl
First the government puts itself above the law by engaging in unconstitutional
surveillance. And then they complain that some companies retaliate by
tightening up the encryption? Even though they have some valid point, it's
very hypocritical. I doubt this would have happened if not for the Big
Brother's behavior to begin with.

------
hyperbovine
I am actually encouraged by this. I feel like 8-10 years ago they would have
never even bothered complaining to the press--just swooped in with some
invisible court order and forced tech companies to do their bidding, with (of
course) no ability to publicly disclose any of it.

------
AndrewKemendo
_James Soiles, a deputy chief of operations at the Drug Enforcement
Administration, said the stakes in resolving the dispute are high._

Stakes for who? For LEA of course they are, they make the job much harder.

Maybe this will help end the drug war and some of the other silly things we
do.

~~~
mindcrime
We could eliminate this guy's concerns by just shutting down the DEA
altogether. End of problem.

------
mark_l_watson
I remember in the 1990s when the FBI and NSA were doing the good work: going
after organized crime syndicates on the web, making public advice for US
businesses to secure their networks, releasing Linux and Windows security
patches, etc.

Times have changed.

------
coldcode
It doesn't matter what these articles say. Under what Constitutional law is
law enforcement going to force Apple and Google to change their encryption
systems? Perhaps the NSA and the (still unconstitutionally vague) FISA court
can force them by putting a secret gun to Tim's head but ordinary non-secret
law enforcement organizations have no legal way to challenge this that would
pass even this Supreme Court which is where anything would eventually wind up
years from now.

------
donniezazen
My expectation is anyone participating in illegal activities would already be
using encryption. Encryption is readily available and and isn't very tedious
as long as someone walks you through it. It is not like terrorists use Google
docs and write their plans in plain text. What am I missing? The best I can
infer from desperation of government is that they want to control people by
collecting as much info as possible.

~~~
vinceguidry
Your intuitions and reality are very different. In general terrorists and the
like aren't savvy like your average HN-reader. They're savvy like that weird
kid in school who had all the Anarchist Cookbooks and likes to build and set
off pipe bombs for fun. They can teach you how to not blow off your hand,
that's about it.

I don't know how many times you've tried to 'walk someone through' using
moderately complicated software, but I've had to do it enough times to realize
that there's no such thing as foolproof. I once advised a lady who kept three
phones because she was worried that her ex-husband was breaking into her
communications.

At one point she called me frantic that her husband had broken into her phone.
I calmed her down and asked her what had happened. He'd called/texted her at a
number she had been trying to keep secret from him. I surmised that she had
accidentally sent him a text from the secret phone and had her go through her
recent communications until she'd found it.

Information security is something that doesn't seem terribly hard to most
geeks, because many of us have an intuitive understanding of threat models and
how things work underneath. We can be skeptical of companies that say that
they take security seriously. Most everyone else is utterly reliant on
commercial solutions and has no idea how to understand how following a set of
procedures makes them safe, or what happens when they fail to follow them,
what the failure modes are.

It is completely unsurprising to me that criminals use their cell phones to
document criminal acts, it falls totally in line with how people tend to think
about technology. So I believe law enforcement when they say that cell phone
searches have become an important tool to help them investigate crime.

Do I believe they should have that access? To me the answer is unclear. It
would be easy to conflate LE with the NSA and say hell no. But there are some
very bad people out there that cell phone searching gives us a critical
advantage over. If it were up to me, I'd say to solve this problem at a
different level by legalizing the drugs whose trade promotes criminality. In
absence of that, legal searches procured through warrants seems to be better
than nothing, and we should fix abuses through regulatory action rather than
blanket, reactionary bans on useful enforcement techniques.

~~~
icebraining
It's not like LE hasn't had its own fair share of power abuse.

But regardless, I think you're missing that for LE to obtain those keys with a
warrant, we must entrust them to two private multinationals without any court
order. And by trusting those two companies, it's not only included trusting
their board but also their protection from hackers and rogue employees. For
example, Google already had an incident of an employee tapping a minor's
account and getting personal information:
[http://techcrunch.com/2010/09/14/google-engineer-spying-
fire...](http://techcrunch.com/2010/09/14/google-engineer-spying-fired/)

(This is, of course, assuming the encryption actually works as announced.
Personally, I don't trust it)

------
fab13n
"What concerns me about this is companies marketing something expressly to
allow people to place themselves beyond the law."

This guy has it exactly wrong: it allows people to place themselves beyond the
_illegal snooping_ of NSA et al. The one to blame here is the NSA, together
with those who failed in their duty as counter-power to administrative abuse.

------
tn13
Am I the only one who thinks this is just a farce ? Apple and Google probably
simply claimed this to save their reputation and "Law Enforcement" is putting
up a fight which it has already planned to lose publicly but Google and Apple
will co-operate through the backdoor while giving a false sense of security to
its user base ?

------
ma2rten
_We want to attack command-and-control structures of drug organizations, and
to do that we have to be able to exploit their communication devices._

This doesn't make sense on so many levels. If a law was passed so than Apple
and Google had to reverse their decision, no drug cartel is going to store
incriminating data on their iPhones anymore.

------
JacobEdelman
"Beyond lobbying the companies, there is little law enforcement can do without
congressional action. " Wait, what? Even with the privacy Apple and Google are
offering there are huge amounts of ways to access data useful to law
enforcement and the law enforcement seems to have the tools to force the
companies to give it.

~~~
sitkack
It shouldn't be legal for the government to request companies to do things
that aren't codified in laws. No "asking" or "buying". We decide what and how
the government functions. If the gov wants to do things differently, it can
ask congress. Not apple or google.

------
silveira
They always pull the pedophile card.

------
nanoscopic
If this annoys you at all, you should check out the 'blackphone'. It's not
cheap, but if you value your privacy and security it is the phone for you.
Full disclosure: I have nothing to do with this phone; it's just a cool
related project.

------
Shivetya
Okay, so we know this will be changed, Apple will be forced to allow
government the ability to access the information on the phone.

the question I have is, will we be told before this fix is pushed out to
phones and can be not update the phone to prevent its installation?

------
fndrplayer13
I think this adage puts it best:

You reap what you sow.

If the NSA hadn't so deeply and fundamentally violated our personal privacies
in addition to US and International law, I don't think we'd even need to have
this conversation. But now we're having it.

------
richardlblair
“going to be the preferred method of the pedophile and the criminal. We are
going to lose a lot of investigative opportunities.” - Cathy Lanier, chief of
the Washington Metropolitan Police Department

Oh, the delusional world Cathy lives in...

------
activepeanut
Reminds me of this:

[http://www.ign.com/articles/2000/12/20/iraq-scores-hordes-
of...](http://www.ign.com/articles/2000/12/20/iraq-scores-hordes-of-ps2s-at-
us-gamers-expense)

------
kristofferR
I'm amazed at the how FBI and the Justice Department somehow managed to not
notice that Apple was improving their security in iOS 8 until after iOS 8 was
launched, despite months of public beta testing.

------
zobzu
I like how cliche this is. They would have written word for word "think of the
children" that it would have been exactly the same.

------
SEJeff
Watch every Android vendor and Apple stock go down massively if this actually
happens due to all non US companies switching phone vendors.

------
Istof
Is that to provide users with a false sense of security since US law
enforcement can secretly ask for the decryption keys?

------
golemotron
Was there ever a law forcing the manufacturers of safes and locks to provide
access to law enforcement?

------
drcube
I assume they're going after the manufacturers of safes, paper shredders and
burn barrels, next?

------
jcromartie
Of course the anti-privacy crusaders lead with "think of the children!"

------
xxdesmus
Google and Apple to law enforcement: hah, funny, no.

------
kabdib
I read the article without noticing who wrote it.

Stewart Baker.

Yeah, that figures.

------
Athens
This is a cost saving measure with a good PR component to it. Its expensive to
comply with requests and uses up important resources. By taking the technical
ability out of the equation for getting into the device itself Apple is saving
itself time money and resources and looking good to the public for doing so
with no legal damages.

This does not actually fully protect any ones data though. Government has full
access to the cell phone companies that can with warrant provide location
information including dates and times, SMS information, and can still monitor
any un-encrypted traffic from a users phone. At worst Apple is providing a
false sense of security to individuals that do not understand the other part
of the equation, which is the Cell Phone companies and the Interweb can
monitor and log stuff. But I do believe Apple that iMessage, FaceTime and the
device itself is not intentionally open for spying on. But what about the
other apps. Whatapp, and Blackberry messenger and Skype and all the other apps
that sends data to 3rd parties. None of that is protected. But Apple only ever
talks about itself not 3rd party. Take a iPhone and use only Apple software on
it you will probably have the best protection in the industry for consumers.
But its limited to that.

END OF REPLY -------------------------------------

\----Start of slightly off topic but still on topic rant -----

Apples business model isn't based on data either. So when they say they don't
scan your emails to profit from it I believe them. They are probably the only
major ecosystem that does not need to do that. Yahoo Mail, Outlook (hotmail)
mail, Gmail all have business models that provide a free service in exchange
for your information. Its rooted into how they make money. Apple makes money
from the sale of Hardware and direct cost services.

At the end of the day anything NOT in your head is exposed and a potential
security risk. Even writing something on paper creates something to be
discovered. Not putting thoughts into a tangible readable and accessible form
is the first line of personal security. Followed by absolute control of what
ever you do put those thoughts onto. Paper, paper goes in pocket. Paper is
burned when no longer needed.

Computer, no wifi, no blue-tooth, no always on connection in your physical
possession is as secure as you will get with encryption in case you lose
physical possession. A smart phone can reach this level of security but
defeats all of the abilities it which makes it a smart phone. You can disable
data and wifi and use the phone only as a phone but at that point why do you
even bother owning it.

As the CEO of Google once said, if its something that can hurt you don't do
it. In this case don't make a record of it. Dont take pictures, dont text
about it, don't use a calender to plan it out. Keep it in your head. No one
ever takes responsibility for there own stupidity when it comes to security.
Go back to a book and pen if you are worried. But that can be seized and read
if arrested.

Technology used right can offer better protection then ever before.

------
venomsnake
That cat is out of the bag. People wan't encryption that is why Apple is
offering it. And even if they thwart the effort on ios, android will be much
harder to tame.

------
tedks
If you support this sort of system, you are saying that individuals should be
able to place themselves above democracy. Like it or not, we have a legal
system that entitles the government to execute lawfully obtained warrants.
Tech companies seeking to make this harder are acting against democracy.

It's time for Silicon Valley to decide what side it's on: Democracy, or the
alternative.

~~~
lutorm
Our democratic system has enacted laws that say encryption is legal. Why do
you think following the law is somehow "acting against democracy" here?

~~~
tedks
It's in the intent. I don't think anyone is denying that Apple and Google are
doing this to make it harder for police to search through user files. They
could have implemented this at any point since the inception of AES, and are
doing it now because of the backlash against PRISM. They want to demonstrate
to users that they care more about them as individuals than they do about
their role in a democratic society.

Notice also that your comment, and others respondents to me in this thread,
are not disputing my actual point, i.e., that bundling crypto features in
products is meant to put individuals above the reach of the democratic legal
system.

------
rrrx3
Get a fucking subpoena you asshole motherfuckers.

