NYT should be ashamed for publishing such claptrap.
Police and "justice" authorities should be ashamed of their tacit admission that they are too incompetent to do their jobs without trampling on peoples' civil rights and/or neutering technology.
And I should be ashamed of myself for falling for the psy-op and believing that there aren't actually backdoors built into these systems and for forgetting that this could very likely be propaganda to make me think that all I need to do to protect my privacy is buy the latest device and/or make sure I always install the latest updates.
>NYT should be ashamed for publishing such claptrap.
Would you rather they only print things you agree with? Would rejecting op-eds by some general rule sufficient to exclude this one improve things?
I think I'd rather live in a world in which both sides of every issue get to have their say than in which the losing side is excluded if they're sufficiently "bad".
Edit: that last part isn't quite my position, poorly worded; I'm fine with excluding e.g. neo-nazis and the like, my problem is when "sufficiently bad" includes things like arguing for less encryption.
> I think I'd rather live in a world in which both sides of every issue get to have their say than in which the losing side is excluded if they're sufficiently "bad".
The problem with giving "both sides" of an issue equal time is that it can legitimize completely indefensible positions. Global warming is a prime example of this. Virtually every scientist who is familiar with the data is convinced that global warming is happening right now and that drastic action is needed in order to stave off catastrophe. Only a tiny minority disagree. For decades, people on both sides of the issue have been interviewed as though this is something that is genuinely controversial when the truth of the matter is that scientific consensus exists that global warming is real and is happening right now.
Full-disk encryption is one of the best ways to protect users from having their privacy invaded. Cell phones contain a wealth of personal information and can be the starting point for identity theft. The benefit to consumers...the vast majority of whom are lawful...outweighs the risk that law enforcement will be locked out of collecting potentially useful information in the course of an investigation.
To say that full-disk encryption stymies the finest law enforcement minds in the world is ridiculous. There are other ways to collect information. They can serve the cell phone company with a warrant in order to get calling records and text messages. If they can find the e-mail address associated with the user's device, they can serve Google & Apple with a warrant to access GPS data and e-mail correspondence.
I understand that it's a blow to law enforcement to have something like cell phones be suddenly off limits, but technology always enables people to commit crime in new ways. Eventually, the police always catch up.
I didn't say equal time. If most experts in a field think X, then if you get 20 op-eds from random members of the field, you should get most supporting X. This can be confounded by one side being more vocal than the other, but the problem isn't that both sides are allowed to speak.
Let's say you're right, what decision rule do you propose for the NYT editors to decide when to exclude an opinion?
I'd rather they hire a qualified person who understands the issue to prevent any side, including the side I don't agree with. They failed at that miserably in this case and the previous poster was right: they should be ashamed of publishing this garbage. More like shit, really.
The problem with doing just that is that you run the risk of misinterpreting or subconsciously strawmanning the opposition. That's what op-eds prevent; they're an unfiltered statement of a view. If everything runs through a rewriter, the reader misses whatever arguments the rewriter feels are too weak to be included.
So you're defending their practice of using ill-informed opinions made by people who don't understand the facts? I'm sorry, but that is not too much to ask of a publication. I'm not talking about getting an expert, simply someone that understands the basics of encryption. Vance doesn't even understand the basic principles. It's like me writing an article about giving birth. I don't understand it because I'm not a woman. He doesn't understand encryption because he refuses to, didn't try, or is too stupid. Let's not pretend that stupidity rules the world when malice is a much more likely explanation.
I just went through the article again slowly. I can't find anything that would support your conclusion of "Vance doesn't even understand the basic principles." If you see a specific factual mistake in that article, point it out.
Agreed. Doesn't make it any less crap, but it's good to see the opinion of the other side. I can sympathize with the position, even if I disagree. Investigations are hard enough to conduct as it is without having a potential treasure trove of information locked away.
iMessage logs between users must be fairly hard to get. In yesteryear you could rely on SMS transcripts from the carriers.
I agree with what you are saying but this piece is of little value. It is a poorly written appeal to emotion in the form of a vague anecdote devoid of logical arguments, and frankly is an insult to the intelligence of the readers of the publication. It should not have been rejected by some general rule, it should have been rejected on its merits.
>in the form of a vague anecdote devoid of logical arguments
"Between October and June, 74 iPhones running the iOS 8 operating system could not be accessed by investigators for the Manhattan district attorney’s office — despite judicial warrants to search the devices." is a bit more than an anecdote.
If there are factual inaccuracies, they should have an editor's note or something correcting that. (I expect they fact check op-eds as well and won't print one with outright falsehoods).
The NYT is allowed to publish propaganda like anyone else and they shouldn't be "ashamed" for doing so. Every side has a right to publish their opinion.
That said, it is pretty clear from the disclaimers, this is in fact propaganda and should be given as much weight as such [i.e. none]
Now who's posting claptrap? The judge issued a warrant with perfectly valid cause. He could have (and likely did) issue warrants to search their homes, cars, offices or even conduct autopsies. But heaven forbid they see your Instagram. Due process was not violated.
Cyrus R. Vance Jr. is the Manhattan district attorney.
François Molins is the Paris chief prosecutor. Adrian
Leppard is the commissioner of the City of London Police.
Javier Zaragoza is the chief prosecutor of the High Court
of Spain.
These are the criminals from whom we protect ourselves by encrypting our data. Mr. Vance, especially, should be cognizant of constitutional guarantees to be "secure in [our] persons, houses, papers, and effects", and that full disk encryption provides technology to that effect. It's awful that someone was murdered, and it's not right that the murderer is still at large, but trying to bypass individuals' Fourth Amendment rights via third parties such as Apple or Google is even more dangerous because it threatens our entire society's freedom---never mind the fact that it would put users of those devices at risk when they are stolen or lost.
If you're going to make these arguments you need to allow that there are two sides to the argument. It's not that the other side is completely wrong.
The kinds of encryption being discussed go beyond the fourth amendment when it comes to reasonable searches and seizures. It's not an absolute right, and the kind of encryption we're talking about goes beyond any protections seen in the past (short of, perhaps, being able to physically store stuff in safety deposit boxes of banks in certain countries -- just as we might need to wait decades for encrypted data to be decrypted, it took decades for seekers of justice to access Nazi bank accounts).
On the other hand, we keep so much of our lives in our phones and computers (in a sense they are extensions of our minds). If we're going to make this argument, perhaps it should be more like the fifth amendment. After all, we may literally have our personal computers built into our bodies in the future, what rights would we have over the data in them?
There is some legal precedent for the fifth amendment argument -- whether personal diaries are protected is a subject of contention, and are not cell phone data stores very much like personal diaries?
Unlike the fourth amendment, the fifth amendment is pretty much absolute, so it's a stronger case.
The fourth amendment was not written with strong encryption in mind, just as the second amendment did not consider nuclear weapons. So far, even the NRA hasn't tried to argue that we have a second amendment right to tanks and nuclear weapons.
> The fourth amendment was not written with strong encryption in mind
The fourth amendment, and other constitutional issues, were discussed via encrypted mail. It's not like strong encryption (strong in the sense of 'beyond contemporary cryptanalysis', just as the cryptography we have today is maybe not secure against future developments, e.g. quantum computing) was an unknown concept 200 years ago. Indeed, a derivative of a device Thomas Jefferson used for the purpose was used by the US Army in the first part of the 20th century.
I might post on /r/AskHistorians about this 1785 Continental Congress resolution. Everyone, including Ludlow, seems to quote Unmailable rather than referring directly to source material, and I haven't been able to find any kind of archive of pre-Constitutional law (which might have a copy of the actual resolution in it).
In any case, that the government of the time was tampering with long distance communications, i.e., postal mail, with the express purpose of interfering with political discourse should serve as a reminder to everyone to be ever vigilant when some public servant or politician proposes to weaken safeguards against the same.
Good point! But the key was either something a person had to memorize or a physical object. So it comes down to questioning (which goes back to the 5th amendment) or search and seizure (which is what the 4th amendment is clearly about).
In any event, both the impenetrability of strong encryption and the scope (the value of the data that can be encrypted) are perhaps further beyond hand-executed codes than an atom bomb is beyond a musket.
> But the key was either something a person had to memorize or a physical object. So it comes down to questioning (which goes back to the 5th amendment) or search and seizure (which is what the 4th amendment is clearly about).
The same is true of modern encryption. At some point the key (or the passphrase used to secure the actual key) will either be written down (or stored digitally in plaintext) or memorized.
> The fourth amendment was not written with strong encryption in mind
I don't necessarily see why that must have been the case when the bill of rights was authored. For as long as language has existed, human beings have possessed the ability to encrypt sensitive communications without needing a computer to do it for them.
> The homicide remains unsolved. The killer remains at large.
> Until very recently, this situation would not have occurred.
Until very recently, people weren't carrying smartphones, so the murders would remain even more unsolved. At least the phone is a perfect medium for fingerprints. And anyways, what were the police hoping to find? A photo of the murderer? A note saying which direction the killer run? Most "useful" information (messages, phone calls, location data) is available from the network operators anyways.
The authors provide no evidence that this murder would or could have been solved but for encryption. It is a tacit appeal to emotion seeking to play on the revulsion of murderers that a non-technical audience can identify with while they downplay real risks that don't evoke the same strong emotions so that they will accept compromised security.
And if we could see inside people's minds crime could be solved as well. Your parent's comment is spot on, nothing has changed at all, just now the police can blame murders they have no intention of solving on Apple/Google.
>It is not "their own product". It is the customer's. He has bought it.
It is still their "Product" though, yes, they no longer own it. My car is a product of General Motors. My computer is a product of Lenovo. My Phone is a product of LG. Even though all are owned by me.
Literally speaking, you are correct, but I believe the insinuation was that Apple and Google still control the devices apart from encryption. And really, that's true; both Apple and Google have the ability to add or remove apps, remotely lock/wipe the device, and possibly eavesdrop on communications to and from the device. The carrier also has some measure of control; they can blacklist the IMEI so the device can't be used on their service, effectively forcing the owner to change providers, and they also possibly can eavesdrop on communications.
However, it seems the article author is under the assumption that Apple and Google still "own" the devices and are just leasing them to the user, which would imply that the companies should retain the ability to decrypt them at will. However, the user is the one who ultimately owns the device, and Apple and Google have started respecting that level of ownership by going hands-off with encryption and allowing the owner to choose whether to encrypt and who has access.
All of that said, I'd be surprised to learn there isn't some sort of limited back door, probably in the baseband.
A tragedy no doubt. However, governments have proven themselves many times over of not being able to responsibly limit their snooping to legal and just instances. This isn't Google or Apple's fault. This is the consequence of decades of blatant disregard for the privacy of law abiding citizens by our governments.
Hear, hear! If the U.S. Government hadn't broken trust then none of this would be happening.
While I feel for these families, I don't think it's a fair trade-off to have the government snooping on us all the time for the sake of a bunch of scared old white people.
That's what I thought when reading the article, there has been way too much abuse on the government part from various countries to make any kind of argument about this, actions have consequences unfortunately.
I'm sorry but this article is not only stupid beyond belief, it was written by the same prosecutor who prosecuted the Sergey Aleynikov case, obviously a zealous idiot. It shows he knows nothing about encryption ... or the law for that matter. This is a matter of civil liberties. Dead people were once alive and had civil liberties. But instead, this case is the exception rather than the rule. In every other case where authorities could not search the phone, justice was served (it's called the 4th Amendment, something Vance knows nothing about).
To have rights, you accept the slight increase in criminality that comes along with that. My right not to be unlawfully searched does indeed let some criminals get away because the cops can't search them. My right to privacy does indeed let some people get away with murder because the cops can't search my phone. That's the price and risk I take to have any civil liberties at all. Of course, someone like Vance who wants to remove civil liberties altogether (from this article), cannot possibly be expected to understand such an idea.
Vance is truly a scumbag (I hope there's an exception to HN's name-calling rules relating to people like him).
You mention Aleynikov. Here's what Vance is doing[1]:
An ex-Goldman Sachs Group Inc. programmer who
twice won reversal of guilty verdicts for taking
the firm’s high-frequency trading code when he
left for another job isn’t yet in the clear as
prosecutors press an appeal.
Manhattan District Attorney Cyrus Vance Jr. will
challenge the dismissal of charges against Sergey
Aleynikov, whose saga helped inspire Michael
Lewis’s “Flash Boys,” Joan Vollero, a spokeswoman
for prosecutors, said Monday.
Whatever anyone's opinion on the original merits of that case, the sheer vindictiveness of the prosecutor is appalling. A more likely explanation is that he's in thrall to Goldman Sachs.
This is an opinion piece by the City of London Police Commissioner, a Spanish drug prosecutor, a Paris chief prosecutor and a Manhattan district attorney. Hence this rubbish:
"None of our agencies engage in bulk data collection or other secretive practices"
The United Kingdom is ground zero for bulk data collection. They're been keyword-grabbing phone calls in real time, and had London under near total video surveillance since the 90s.
London is huge, there's nowhere near total surveillance. There's an abundance of CCTV in many areas of central London, and throughout the tube network, but it's very patchy elsewhere in the city.
This article is a load of bull, as other people have indicated. There's almost certainly a backdoor built into these devices, and that backdoor isn't something that will get trotted out for something as "trivial" as the poor killing each other. The government can already access these data, they're just looking to escalate their level of intrusiveness by making a political case for decentralization of the backdoor exploitation.
I'm really running out of "if they can do this bad thing, we'll be super fucked" because they've been able to get clearance to do or keep doing more and more invasive surveillance over the years. If local PDs can crack into our phones at will (and they are already there via stingrays and their airplane equivalents) we are going to be in for a bad time. Remember how petty and disgruntled the cops are? Now they've got the metadata and content data of your communications because you said the wrong thing at a traffic stop. That's assuming they aren't owning you from the moment your phone connects to the tower. "Exigent circumstances require it" and all.
Couldn't they use other methods to figure out the owner of the device? EMEI data? Pull the SIM? Get the serial number & figure out who bought it that way? Hell, if you got that much you could pretty easily get phone records & the like via warrant.
I feel like they just wanted what was on the phone, rather than who owned it.
Perhaps, but it wouldn't be the only UK law to do so, for example section 2 the Criminal Justice Act 1987 requires disclosure to investigations by the Serious Fraud Office, and schedule 7 of the Terrorism Act 2000 also compels the detainee to answer any question asked. Both of these also under penalty of imprisonment and/or fine.
You can set your iPhone to secure erase after 10 failed pass-code attempts.
In addition you can use long alphanumeric pass codes and even the default new passcode option is being increased to 6 digits (though you can choose a 4 digit option).
This renders the brute force option pretty useless. Which I'm fine with, I don't want to make things easier for crooks or identity thieves.
In this case they cut the power to the device before it can write to memory the failed attempt (IIRC) allowing them to keep trying over and over (with a small delay for the phone to restart every 9 tries).
Would that work against a determined opponent with physical access?
Unless the iPhone has some fairly high-grade encryption hardware I suspect you can just do fun things like copy the (encrypted) storage/key to brute-force it without the safety mechanisms kicking in.
According to this writeup, that may be worked around by resetting the device after every few attempts: http://www.zdziarski.com/blog/?p=5106 (penultimate paragraph)
For those in the US, here is contact information for the Manhattan DA's office. Although Cyrus R. Vance Jr. was speaking as an elected politician, the main operator and press office were not sure where to route incoming calls from voters, so here are a few options.
If you prefer email, I was told to use press@dany.nyc.gov
Please think about what you will say beforehand, be very polite, but be heard. And given that Vance wrote alongside DA's from France, UK, and Spain, there is no reason to not call if you live outside of Manhattan.
We should probably share similar information for the offices in London, Paris, and Madrid.
Politics & FUD aside...has anyone evaluated the technological feasibility of what they're asking for? It sounds like unobtainium. A backdoor that the manufacturer maintains that allows the State to unlock whatever data they like -- how does that not pose an unacceptable risk of future data breaches and security compromises?
This is insane. I quietly hope the explanation is cynical motivation that they expect these arguments will be effective, because I am otherwise genuinely terrified that these people are in a position of power with such a poor grasp of the technologies in question as would be required to actually believe what they're saying.
I consider full disk encryption to be a major feature of the phone (as I'm sure do many others). Part of me is glad to see people in government complaining about it because I'm assured that it works as intended.
In addition to what everyone else said, there is no evidence that the criminals wouldn't just run their own encrypted tools on top of these devices.
The ONLY people that will be harmed are the general public that did not violate any laws because they would be blocked by laws to use the tools to protect themselves from the criminals who does not give a flying fuck about the laws against encryption tools. These guys are fooling themselves if they think having a legal law authorizing backdoors will make everything okay.
Full disk encryption has been around for a decade or more for PCs, where is the outcry about that?
Are we supposed to believe that an iPhone 6 would contain everything needed to solve the murder? Last time I checked my iPhone isn't recording everything 24/7 and it was likely in his pocket or something too since it wasn't stolen or taken.
Furthermore if someone died and used privacy tools then so be it. For all we know he likely wouldn't want his entire life (personal photos, videos and messages) to be seen by a bunch of random people.
... which would also be available from the carrier, as would location records from both phones, etc etc. I don't get this opinion piece, the IMEI on the back of a phone should be more than enough (with a little police work) to figure out who owned it.
Long story short, the article is weak because a sample of one means nothing.
The real reason why things are gonna be end-to-end encrypted from now on is because we can and there is nothing anyone can do about it. Technology > policy.
Got to love a police where they assume not being able to access a device encourages crime. Parts of the article state that being able to access items used by criminals is important but the majority of phones are never used as such so by their own phrasing they should never have access to one.
I really will loathe the day where I am required by the cell phone company to take an update which negates the current encryption my phone has. People who think that day might not come are kidding themselves.
ISIS, and other terrorist groups, encode all their data and use TOR in an effort to hide from efforts to catch them so, yes, encryption is used for that.
Police and "justice" authorities should be ashamed of their tacit admission that they are too incompetent to do their jobs without trampling on peoples' civil rights and/or neutering technology.
And I should be ashamed of myself for falling for the psy-op and believing that there aren't actually backdoors built into these systems and for forgetting that this could very likely be propaganda to make me think that all I need to do to protect my privacy is buy the latest device and/or make sure I always install the latest updates.