From my experience a key question to ask is: What would the eventual law say? Will it make it a federal felony to possess an encrypted phone? Or a federal felony to sell one?
The FBI endorsed H.R. 695 the last time around, which would have done the latter. Read it for yourself:
"Whoever, after January 31, 2000, sells in interstate or foreign commerce any encryption product that does not include features or functions permitting duly authorized persons immediate access to plaintext or immediate decryption capabilities shall be imprisoned for not more than 5 years, fined under this title, or both..."
"After January 31, 2000, it shall be unlawful for any person to manufacture for distribution, DISTRIBUTE, or import encryption products intended for sale or use in the United States, unless that product--
`(1) includes features or functions that provide an immediate access to plaintext capability... requiring any person in possession of decryption information to provide such information to a duly authorized investigative or law enforcement officer..." (http://thomas.loc.gov/cgi-bin/cpquery/T?&report=hr108p4&dbna...)
Note the distribution ban above. That would have hit open-source and free software projects.
Put another way, implementation details matter. A lot of voters might agree with the general proposition that law enforcement should have a way to snoop on terrorists|child pornographers|drug kingpins. They might not agree that a 14-year HN reader with a forked version of Android|AOSP on Github should go to prison for 20 years because he dared to distribute an unencrypted OS.
"In the first prosecution of its kind, federal officials said that StealthGenie violated the law by offering the ability to secretly monitor phone calls and other communications in almost real time, something typically legal only for law enforcement."
It's interesting to me that some claim the software didn't work at all:
> Now during all of this Jones and crew simply couldn't get the klutzy software to work.
And none other than Mary Jo was brought in from the home team. Rather strange déjà vu.
It just smacks of fear-mongering. "They'll literally lock up your children!"
Here's one example. Let's say there's a 16-year old girl and a 17-year old boy who are in a consensual dating relationship and, you know, take some racy photos of one other. The photos were taken consensually, not shared with anyone else, and stored only on their own computers/accounts. And let's say they're living in Florida and under state law, they're legally old enough to have sex with each other.
It would be fear-mongering to expect that these two happy teenagers would ever be prosecuted and convicted on "child pornography" charges, right? Except they were. And, as I wrote in 2007, a Florida appeals court upheld their criminal conviction:
Yes, sorry, Timmy and Mark, sometimes a judge and jury will let it go that far. Sometimes they will "literally lock up your children..."
Firearms might be a good analogy here. You don't need to actually shoot a robber for your firearm to be effective. The mere presence of it is often enough to scare them off.
I don't think anyone will argue with you on that one.
This and the fact that 'compiled' code is sometimes altered by applying some money-based side effects gives us some pretty ridiculous results.
Correct me if I'm wrong but there's no easy way to fix this problem.
BEFORE: go to jail
APPLY: expensive lawyer, public pressure
Prosecutors had every intention of sending Aaron Swartz to prison. We don't need more stupid laws, we need to remove the existing ones.
If you make this sentence mean anything at all, which requires redefining "criminals" as something like "moral wrongdoers, independent of whether their wrongdoing is actually a crime", then it still isn't true, as the existence of a law prohibiting an act is neither necessary nor sufficient to create disincentives to committing the act.
Now that we've gotten to quoting dictionary definitions to words, I think we've killed any good spirit that may have been left in this conversation.
Oh they will, and in a few short years this will be the new status quo, and people will be wondering how we used to allow child pornographers and drug traffickers to hide behind encryption. YOU don't have anything to hide, do you?
Besides, when was the last time government-induced fear mongering failed? Not in the last decade.
The question isn't whether sanity would prevail in court. (I'm somewhat optimistic that it would, eventually.) The question is, given the current fear-driven mindset, isn't it probable that something like that will be written? And how do we stop it from being written (or at least enacted)?
Sanity in the court room is the last line of defense, not the first...
" Smartphone communication is “going to be the preferred method of the pedophile and the criminal. We are going to lose a lot of investigative opportunities."
Apparently "what about the terrorists?" isn't as effective anymore. Let's hope the public will see through their manipulative talking points.
 - http://www.businessinsider.com.au/the-us-government-and-the-...
Except your example is real, just like back in the 80s when the govt (CIA?) helped smuggle in cocaine.
fwiw my friend's dad was our chief of police for years, and he only ever wore a shirt and tie.
Finger off the trigger, Sheriff.
Of course he's holding a cocked firearm with his finger on the trigger. He pretty much doesn't have any other state.
His trigger discipline is still inexcusable.
cue cries of "every gun is always loaded"
Got it. At least you're consistent.
I'm trigger happy pointing out police militarization, which manifests in overt ("tanks") and subtle ways (military dress).
Perhaps it's a stretch, but I believe that militarization doesn't ease the tendency of the police to desire and acquire powers they shouldn't have.
I don't really understand why you don't want to be able to identify your police officers though - even the UPS drivers wear uniform.
"Who is this random person yelling and waving a gun?" Should I pull over for this random person with flashing lights in their grille?"
It's already bad enough having some traffic enforcement types in unmarked cars or in cars with "ghost" decals.
OTOH, her uniform is very "Aladeen" and while fussing about her uniform is a mostly trivial distraction, having a uniform that is a bit less "Aladeen" would probably short-circuit such criticism. If there weren't more important problems with this person, I would fully support mocking her ridiculous uniform.
"The notion that someone would market a closet that could never be opened – even if it involves a case involving a child kidnapper and a court order – to me does not make any sense."
"They" in this case is the chief of a metro police department, whose forensic and surveillance resources are more often spent on pedophiles and drug dealers than terrorism. What else would they say?
If the article's authors wanted a "what about the terrorists?" quote they would have gone to a counter-terrorism official, just like they rang someone at the DEA for a "but drug organizations!" quote.
You're reading a paint-by-numbers article about government impotence and corporate supremacy like it's finely crafted pro-government propaganda.
Let's hope the public will see through their manipulative talking points.
You (and most HN commenters) didn't. Why should they? e.g.:
a) "Beyond lobbying the companies, there is little law enforcement can do without congressional action."
b) "A half-dozen police and federal officials interviewed said that Apple, in particular, was taking an aggressive posture on the issue."
When you take away the outrage-kindling, the gist of the article is that the stodgy old Washington government is incompetent and hip California tech companies are glorious. Not exactly a controversial opinion among the commentariat.
You're saying "pedophiles and drug dealers" as if it wasn't 99% drug dealers.
From what I can tell, the only thing most Americans are concerned about at the moment is whether the iPhone will bend if you keep it in your pocket for too long. Disinformation is a plausible strategy, but most Americans simply do not, and have never, cared (and a significant portion of those who do, think it's perfectly justifiable and would tell you Edward Snowden needs to swing from a rope, once you reminded them of who he is.) Would it even be necessary?
Also, all of the comments in this thread (not this one specifically) make me wish HN threads root comments defaulted to collapsed so people might avoid duplicate root comments. Maybe...
Would that it were.
You are using the application processor (the "computer") to do that work, but there are two other computers inside your phone - the baseband processor and the SIM card. Your carrier has access (OTA updates, etc.) to the baseband processor and can load new code/functions on it without your knowledge at any time. Depending on the SOC your phone is based on, the baseband processor can have DMA access to your application processor. What that means is, the baseband processor (which you have no control over whatsoever) can read your RAM directly.
Your cryptosystem that you describe probably works quite well on a desktop or laptop computer, but your carrier completely and totally owns your phone and everything on it.
... and we haven't even gotten to what they can do with the SIM card ...
 Yes, the SIM card is a computer with its own processor, RAM and programs running on it right this moment.
Defense (Army / CIA / NSA) battles terrorists.
Keep an eye on the names of the agencies involved. This is an FBI / Law Enforcement story, so the excuses are going to be different than the NSA-case a few months ago.
Here are the same or similar articles:
-WSJ 8 and 5 days ago
-Washington Post 5 Days ago
-NYTimes 4 days ago
-TIME 3 Days ago
-Fortune 3 days ago 
Things that people are completely missing about this story:
-Big difference between domestic & local law enforcement and NSA/DoD/CIA. Nothing prevents backdooring of a phone or someone spying as the user enters their simple password. Local law enforcement doesn't have these resources and has gotten used to access to all kinds of evidence that never existed. What Apple may or may not have done just pushes the cost up.
-I think Apple is very scared about being locked out of the Chinese market right now. The new iPhones have not been approved yet last I heard. This is a big fucking deal that would wipe out a huge chunk of Apple's market cap. They are not going to budge because some local law enforcement officers claim only child molesters use iPhones.
-Google is in a similar boat except they are already locked out of China, likely will get locked out of Russia soon. They would like to be able to still make money in Brazil and the EU.
-I think it is a good trend for the pushback from tech companies. There is no good answer for international legal compliance for user records. Records should be accessible once an account has been compromised locally, not because any judge in any country on earth can search all of your user data on any user in any other country. Between Dropbox, Dropcam & all of these other cloud services, right now a user has no idea who has access to all of their data all of the time. Time travel back two decades, no one is stealing all of your data over a dial up modem. Nor is a device recording every square foot of where you are at every moment. The tools law enforcement have access to right now are godlike
I'd really like to see the government NOT be able to hire PR firms. This is propaganda.
Ultimately I'm pleased that this kind of thing even makes the news. Ideally government becomes almost totally transparent and private matters become nearly opaque (there will always be the investigative aspect of law enforcement). Any reasonably sharp person can now see that the exact opposite is happening. Governments are demanding an ever increasing amount of secrecy while simultaneously requiring that the public give up all hope of privacy. Just to have had this idea escape the realm of conspiracy theory seems like a miracle to me.
Or they just want criminals to think that all they have to do is buy an Apple or Google phone, and they can't be caught.
There is a greater incentive to let Apple or Google do that kind of marketing and quietly exploit the vulnerabilities (ie, what's been happening with the NSA for some time now). If it had the appearance of working but actually didn't you wouldn't hear a peep from any government.
This is a much more difficult situation for the agencies than when RIM/Blackberry ran all the messaging through their own service.
I love that, in an article arguing against secure privacy, the official requested anonymity.
Would we really be having these discussions if Americans (speaking as an American here) were better-educated on our own rights, our own foundation, the very fibers of our own history?
I mean, this is such a simple amendment, so crystal-clear and eloquent. After reading it (see below), how can there possibly be any doubt as to how the proverbial wool is being pulled over our eyes?
Fourth Amendment to the United States Constitution
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
If a warrant is issued, the government has the right to search and seize under the forth.
My argument is that they may search for and/or seize the physical medium containing the data. If I encrypted that data — on a disk, a piece of paper, a network connection —, the question, I think, is why should I, a citizen, tell you, the government, the key with which I encrypted that data?
As a citizen, I am not required to speak just because it might (or even will) help a government investigation. Likewise, I don't see why I should be required to divulge a key. Especially if there isn't yet a crime that people know to have been committed.
In other words: [No person] shall be compelled in any criminal case to be a witness against himself
What's the difference between ISIS and WMDs? Barack Obama and George W. Bush?
Did they ever figure out what Saddam did with the large stock of WMD that we know he had prior? Trucked off to Syria before the invasion? Where did it all go?
There's a small group of people making Republican politicians do crazy things (shutting down the government, blockading Obama, various social issues [gay marriage/abortion]), but by and large the Democrats and Republicans are the same.
Going to the actual owners of the content makes perfect sense.
It's pretty clear that unless it's entirely your decision what goes on that device, what goes off and who has access to it, you didn't pay to own it, you paid for the right to access their content on their device under their terms. It doesn't matter if you paid money for it - they own it in every way that's relevant.
If not, then I'll concede I was massively too paranoid, which wouldn't be the first time when it comes to Apple (and Google.. definitely and Google cars, and Adobe as soon as they pulled that BS with Creative Cloud) But if so then (even if I was wrong about the U2 thing) I don't believe i'm speculating too wildly.
Apple owns the content to the degree that they can limit your access to it more than you can limit theirs - "ownership" in this case is not so much a legal as a practical matter. You can't really own something you don't control. I'll extend this to any app-based OS as far as it applies.
To add to the other great comments:
I understand that it is via warrant. In fact, the article states that Apple said, "It's not technically feasible for us to respond to government warrants [...]".
My concern is perhaps more nuanced. Put aside the warrant issue for a moment. That is to say, where do we draw the line and say, "This type of sweeping, 'open everything up and stop encrypting' request is a violation of, 'the right of the people to be secure in their persons, houses, papers, and effects?'"
In summary, my contention is that forcing companies to open up in this manner violates the explicit right of the people to be secure.
I don't think we can put aside the warrant issue when talking about your right to be secure. Your right to be secure is only against unreasonable search.
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized"
You could argue that we should have the unqualified right to be secure, but the constitution disagrees. I think a better argument is that warrants are issued without probably cause or not explicitly describing what is to be searched.
More importantly, Apple's warranty canary was removed which either means they were served by National Security Letter or (if you're optimistic sort of person) that they are no longer committed to notifying consumers in the event that have been, which flies directly in face of all the PR talk of security commitment recently . Plus remember, Apple can push whatever software they want to your personal device. That's how smartphones work.
We are led to two questions:
A) Why wouldn't the same tactics, National Security Letters and ORCHESTRA-type attacks work ? Don't we remember from the Snowden leaks that NSA agents infiltrate tech companies and backdoor software at the source when other avenues are closed or gridlocked?
B) Why all of the publicity about about how secure Apple's product are from snooping? Do we really think we can get away from ubiquidous global surveillance that easily?
I'm sorry. Investigative bodies don't publicly announce what technologies they can't track. There is no phone you can buy on the mass market that will keep your data safe with the exception of - perhaps? - the BlackPhone .
If this was tech companies claiming to no longer comply with NSL's, I'd be at very least suspicious as there'd be no way to test these doubts short of another Snowden. But this is law enforcement, subject to all kinds of scrutiny in courts across the US. It'll be much easier to see whether Apple and Google are successful at resisting their demands.
No it's not. It's just that "law enforcement" sounds more comforting than "tyranny".
Here's how to interpret "law":
Law = A written order issued by your rulers.
Lawful = Good = Anything your rulers want you to do.
Unlawful = Bad = Anything your rulers don't want you to do.
Law enforcement, verb = Forcing you to do what they want you to.
Law enforcement, noun = People whom laws don't apply to.
Don't be so obtuse. A law is a written order, adding the remainder is just an inflammatory accusation that undermines the public at large.
You may believe that the public or those governed by which ever particular law you select are too scared or ignorant and have the law imposed on them from outside interests but the greater numbers always win in the end. A particular rule of law may be arduous today and for many more consecutive days but one day the rule will change.
This is evident throughout history and will continue to be.
Undermines the public how?
> A particular rule of law may be arduous today
"Rule of law" is a misnomer. It's actually rule by those who decide what the laws are. That would be the "elected representatives", ie. politicians of course.
In other words, politicians are our rulers because they make the rules that are ultimately enforced at gunpoint, if you don't feel like obeying at first.
But a law is just text somewhere. But even if the text contains a decree on what everyone must or must not do, that alone does not change people's behaviour one bit.
For example, if I write down on a piece of paper that you have to give 30% of your income to me, will you do it? OK, what if I threaten you with imprisonment if you don't?
You and what army?
(Not trying to be snarky. That quote seems very apt.)
Laws are just arbitrary rules decided on by a small group of people, much like they were with Kings and their inner circles. Laws are enforced in much the same way too - there's no practical difference between getting assaulted by the King's Guard and getting assaulted by men in blue costumes.
They can and they do.
Scream it all you want, but if there's no other way to the conclusion, there's still no way to use the evidence short of outright lying and falsifying evidence.
I don't think parallel construction is nearly as big of a threat as people seem to make it out to be. It gives law enforcement nothing more than a hint and some unusable evidence. There still needs to be a path that works legally.
And that's not even getting into the fact that iOS is heavily reverse engineered, often searching for backdoors and cryptographic vulnerabilities and Android is open source and publicly reviewable. I've reviewed some of the key derivation code myself as I was curious if it was being done properly.
I'm all for paranoia, it just need to be useful paranoia under a given threat model. Beyond that, it's nothing more than speculation and a waste of time.
I'm of the opinion that this is not a ruse or scheme, and that law enforcement are genuinely dissatisfied with this. Note that law enforcement and the NSA have a tenuous relationship at best.
Even if the NSA still do have privileged access after default mobile encryption is fully rolled out, law enforcement generally will not be able to tap into that except in extreme and rare cases.
Well... there's no real need to say that, because it's already the case. If they want to open your locks, they will.
The government can probably break many consumer-grade encryption schemes if they so choose to as well, but much like having to break in to your house through your locks instead of merely unlocking them, it raises the cost of law-enforcement doing so, and incentivizes them to make more restrained choices (eg, not taking literally everything they can get their hands on).
There has been a ruling about that in the USA recently http://blogs.wsj.com/law/2014/06/26/mass-supreme-court-defen...
"Legally, you must give us the key which probably does not exist"
Sure, they're dissatisfied. But the roots of their dissatisfaction seem to be that they've tasted the forbidden fruit, and now believe that they have a fundamental right to watch our communications. Their fundamental attitude is that they should have visibility, and that anyone who wants privacy must be trying to hide something. It's just the old saw "you don't need secrecy if you've nothing to hide", restated from the law enforcement perspective.
Like when they pull someone over for having a tail light out? I can't reconcile your statement here with what we already know about parallel construction.
Are law enforcement agencies not getting data from the NSA to use in arresting and prosecuting defendants via parallel construction?
Maybe they're lying. Maybe Snowden 2.0 will come out next year and tell us the truth and instantly destroy their credibility. That's a gamble I wouldn't take with my company, but it's plausible.
See I figure, if you're a threat to National Security, the NSA still has options. They just don't include monitoring over the wire or asking Apple or Google for it.
edit: The Intercept article  you mention above suggests to me more that they aren't yet finished implementing it properly and less that they are lying. I would take it as a work in progress.
Don't believe me? Quick, think of one of the largest and most consistently flagrant private entities who violates the privacy of its users on a regular basis, and is well known for it.
Did you say Google? Facebook? Now quickly think of two of the largest companies on the Internet, both in revenue, and traffic volume.
Apple isn't taking nearly the risk you're suggesting, because people just don't care.
And then you go on to claim Facebook and Google as examples of your "violation of privacy". That's like saying my email provider violates my privacy because my email goes through their servers. Or the post-office violates my privacy because my snail mail goes through them. Quite a bit of a stretch, if you ask me.
What people do care about is targeted invasion of privacy, for lack of a better phrase. It's one thing having anonymized data "abused" for targeted advertising and selling as aggregated statistics. But it's completely different if you have an entity that can read your emails at will, and decide to throw you in a cage if you say the wrong thing to the wrong person.
I think those of us that are willing to pay the premium for something that promises more have higher expectations. If they are lying, I believe we'll know within the next year or two and we'll get to find out if you're right.
Just to clarify, I'm skeptical on both sides - both companies were in the prism leaks after all. But I haven't seen weasel wording and I'm curious if I missed it.
Skepticism seems warranted. With Apple, I try to be skeptical, but with Google, I always assume that I am the product until they demonstrate otherwise.
But Apple does. And though most people won't consciously notice that their products are well designed, it is a big part of what makes Apple "magical".
People do care. We care and while we may be a tiny minority right now, there are a lot more of us than there were 10 and 20 years ago.
Since Apple's software isn't open source, it's possible they're lying. However, if they are, at some point the government is going to try to present evidence they gleaned through this lie, and that fact will leak out.
I think it would be an enormous risk for Apple to blatantly lie about something they put in black and white on their website. So I tend to think they're telling the truth.
Maybe one day, we'll get a real, bonafide, non-niche open source based phone where these things can be audited.
No, they are not. That is the whole point of parallel construction.
Granted, both are under the Attorney General (formerly Eric Holder)... but Holder's recent MO has been to improve race relations between the Police Agencies and the general public. (See his exceptional handling of Ferguson... but his less-than-exceptional handling of "Fast and Furious")
When the FBI sent in 40 agents to a town with only 52 cops, to investigate a single murder... Eric Holder was sending a very strong message to the Ferguson community.
Remember, Ferguson Police and the St. Louis Police were the bad guys in Ferguson. The FBI came in with their Black leader (at the time: Eric Holder) and reassured the community that the African American President (and African American-led FBI) got their back.
Eric Holder then announced that the 40 Agents were going to hold an independent investigation and conduct a 3rd independent autopsy.
With the FBI's arrival, the riots immediately stopped and trust was restored.
Now true, the Ferguson Police and St. Louis Police were _absolutely_ terrible. But the Federal response (specifically FBI's under direct order of Eric Holder) was extremely effective and exemplary IMO.
Remember, we have a federal system in the US. Cities are independent of the county, counties are independent of the state, and states are independent of the nation. Eric Holder holds no responsibility for the poor behavior of Ferguson City cops or St. Louis County Cops. But... he was able to use the FBI's influence to pressure the local cops to do the right thing.
Remember too: Eric Holder does not have the authority to prosecute Darren Wilson on murder or assault. The best the FBI can do is prosecute him (and the police department) on racism charges. Murder / Assault is a charge that can only be delivered from the local government in this case. For the most part, the Feds don't have much legal authority over the situation.
You should also look through the other linked articles. Some of them include features built into iOS devices that already circumvent encryption.
That said, I think all this syncing and cloud stuff - in its early days, at least - is way overcomplicated and more error-prone both in its features and its security than it needs to be. I expect mistakes from all implementations for quite some time to come.
The smartest CS undergrad at any vaguely reputable school could probably do this correctly. It shouldn't be a problem at all for one of the biggest companies in America if they actually care.
> then cryptography != security != privacy
Which is a more interesting point and assuming the left side was taken care of we could rapidly approach the right side by doing things like providing more granular permissions to applications.
You are very wrong about this.
> assuming the left side was taken care of we could rapidly approach the right side by doing things like providing more granular permissions to applications
It's actually an unsolved problem. Granular permissions have been tried before.
An easier methods maybe to get someone from Apple Store to do password reset on a phone #. Any local police can probably do this - kind of scary now I think of it.
How can Apple or anyone prevent this?
editing my comment since I can't reply to hellbanner:
Percentage doesn't matter, it only takes one. One person to destroy a hundred billion dollar company overnight. I am not saying "Tim Cook can not possibly be lying." I am saying "If Tim Cook lied, he just made a hundred billion dollar bet that he can keep a secret." Personally, I doubt he's that dumb.
Then again, RSA isn't in the business of making consumer hardware. I'm not sure what difference to expect that to make.
So now it is a bit farcical to say "these are all secure" now. But if you happen to know how the baseband processor works (say you are friends with Qualcomm), you can try to get the encryption password right from the memory.
i think all this "sound and fury" is likely a ruse to entice ios and android users into a false sense of safety post snowden disclosure. being able to encrypt your drive doesn't matter if your OS and its applications are exploitable. last time i checked, there is almost zero open source firmware out there, so your application processor can encrypt stuff hitting disk and the baseband processor can be used to get dma.
time to roll out the hypothetical child molester straw man...
Because, you know, security measures that aren't 100% perfect are on equal footing as no security at all. Seriously? That's a huge fallacy.
In the end, it's all about the cost. When speaking of the NSA, we are primarily concerned with mass surveillance, because lets be honest, if you're targeted directly then you don't stand a chance, since they can always infiltrate your home then watch your fingers typing your password. And if these companies are raising the cost of doing mass surveillance, with encryption doing just that, then that's a good thing. It is in their interest to do so because the bad press they are getting is hurting their bottom line - you may not see it, but post Snowden at least governments and big corporations are starting to think of software/hardware stacks provided by non-US companies and now they have the ultimate argument for the balkanization of the Internet, which can't be a good thing.
But lets also think about things closer to home. I'm not from the US, I couldn't care less about the NSA. But I do care about my personal data ending up in the wrong hands - personal emails and photos, details on my accounts, projects, written down feelings and so on.
There are always organized crime syndicates looking for generating a quick buck. There are always incompetent clerks in your government institutions that out of an oversized sense of responsibility are doing stupid things. For example my personal identification details ended up in a local newspaper by mistake, because of a non-public contract leaked out of a public institution. Now how can I trust these people to handle my data? How could I let any cop inspect my laptop or phone on the spot as part of routine checks, which from what I hear, are becoming more common?
Yeah, encryption is not a good solution in the face of insecure apps, binary blobs and a potent global adversary. Thing is, for most people that global adversary is not the immediate threat they are facing and even for that global adversary, encryption makes surveillance more expensive.
I have my Android encrypted and I do feel safer, because I've got my 2-factor auth generator on it and now at the very least I feel safe about losing it. So why are we talking about a false sense of security, when an encrypted phone is factually more secure than one that isn't?
“This is a very bad idea,” said Cathy Lanier, chief of the Washington Metropolitan Police Department, in an interview. Smartphone communication is “going to be the preferred method of the pedophile and the criminal. We are going to lose a lot of investigative opportunities.”
It's a nice thought.
> While Apple does not have the crypto keys that can unlock the data on iOS 8 devices, they do have access to your iCloud backup data. Apple encrypts your iCloud data in storage, but they encrypt it with their own key, not with your passcode key, which means that they are able to decrypt it to comply with government requests.
Once they have your metadata matching, they can subject you to increased scrutiny.
If Snowden is saying things governments don't want you to hear, it's highly strange that the government-controlled mainstream media keeps yapping on and on about Snowden and publishing "his" material.
Cue shadowban in 3.. 2.. 1..
Right. Rooting through phones without a court order is the NSA's job. That makes me feel better.
>"Apple will become the phone of choice for the pedophile. The average pedophile at this point is probably thinking, I’ve got to get an Apple phone."
Just to be clear I'm not commenting at all here on the question of limiting availability of crypto-lockers to the public.
Oftentimes those with an anti-firearms agenda point out that Glocks are preferred among mass murderers. Glock is to guns as Toyota is to cars; reasonably priced and notoriously reliable.
The basic idea applies to any dual-use technology, of course: criminals will prefer the better items for the same reason law-abiding citizens prefer the better items. Thus, "criminals prefer X" is not, by itself, any reasonable argument against X in a dual-use technology.
Blatantly violate the public trust repeatedly by Blanket illegal surveillance, discredit anyone who reveals it, call them a traitor.
Then when people & companies get pissed at this over-reach and the gloating (smiley faces on NSA slides) and start putting up technological fixes to ward-off against this bullshit begin fear mongering.
I think all manner of Masks, Steel doors, etc should be immediately outlawed -after-all some one can kidnap children wearing a mask and WE CANNOT CATCH THEM!
Steel doors slow down access by law enforcement THINK OF THE CHILDREN!
BS at its finest.
They have created a system that is a free-for-all for criminals
So we should give up all rights to privacy to help catch criminals?
What concerns me about this is companies marketing something expressly to allow people to place themselves beyond the law
Maybe that says more about your laws than the desire for privacy?
I'd like to see the government stop being "beyond the law".
It is not voluntary for airports to use TSA. Therefore you have no alternative options when it comes to air travel. Saying traveling by ground is an adequate alternative is nonsense.
Those are quotes from interview subjects, not editorialization. If the subject's opinion is horrible, you want that to show through in the article.
When people abuse the trust put in them, they deserve to lose that trust.
They have lied to us, misrepresented what they are doing and now use the scoundrel's argument "what about the children?". The growing threat of a mass surveillance govt is real and in the long run a bigger threat to freedom than the so-called terrorist. I find the idea of a mass surveillance govt more terrifying than a few religious nuts with bombs or even hijacked planes.
The issue isn't that law enforcement can no longer "look around" your phone. The issue is that they can no longer get a warrant and use what is on your phone as evidence in an investigation or court case without the phone owner's cooperation. Basically your phone goes from being personal property that can be used against you as evidence to an extension of your mind that is now subject to 5th amendment protection. That is a big shift.
In terms of your originally analogy, encryption isn't a simple door lock, it is a magical warrant proof lock. I certainly understand why law enforcement wouldn't be happy about this.
Hell, if I just hide my information in a stack of a million other paper files, that would be enough to thwart all but the most determined investigator from accessing it without my cooperation.
None of your examples would prevent an investigator from finding evidence, only delay them. Strong encryption enabled by default could slow down an investigation to the point where it would go on past the heat death of the universe.
What's very very bad about this, in addition to the direct effects on people's privacy, is that it creates a class system of people who are allowed access to strong encryption while the cattle being farmed on this plantation are not.
What do you mean?
Encryption might make it hard for them to find much of use, but that's not our problem. A really sturdy safe will make it difficult to execute a warrant too, but that's not an argument for deliberately compromising the integrity of safes.
I can, of course, understand why law enforcement wouldn't be happy about this. They shouldn't be happy about this. But the rest of us should be perfectly happy to tell them to pound sand.
Strong encryption may be tougher to break but I disagree that it's entirely different. It's merely a quantitative difference. It's a standard principle that the police can break into whatever they can if they have a warrant, but they can't force you to make things easy for them ahead of time.
If the situation has changed and there are legitimate law enforcement needs that simply didn't exist in the past, then they should request a change to the social contract through legitimate channels and propose the necessary amendment to the constitution. Law enforcement's failure to even try going through proper channels speaks loudly to how little they actually respect the law.
Why do you say they aren't going through the proper channels? Law enforcement officials have just as much right to make their viewpoints heard through the press as you and I have. If they feel the need to seek new legislation, they would need to make the argument in advance in order to gain support any bills being proposed. Unless the Supreme Court thinks otherwise, I doubt a constitutional amendment would be necessary, but that depends largely on what was being proposed. I haven't seen any evidence that any law enforcement official is disrespecting any law with regards to this issue.
I'm not really suggesting that an amendment is (or should be) necessary, because the surveillance that is going on (and being passed down from the NSA to the FBI, DEA, and local departments). These activities should not be necessary at all for law enforcement, as the warrant system is easily sufficient to allow any necessary searches. Even if a specific device such as cell phone is inaccessible (despite having a valid warrant), that doesn't stop any policeman from conducting traditional (in person) surveillance or upstream wiretaps.
Yet police insist they need far broader access and we have numerous examples of the 4th Amendment warrant requirements being ignored. IFF their claims have merit, the proper way to get exceptions to needing warrants would be an amendment, which has not been suggested. There could be some edge cases where "merely" a circuit court or SCOTUS ruling could "find" additional powers for police, but it doesn't matter - I don't see the the various TLAs trying to setup a test case on this matter, either. Instead we see many cases where law enforcement (and/or people in Obama's administration) have tried to prevent lawsuits from going forward.
 [pdf] https://s3.amazonaws.com/s3.documentcloud.org/documents/1011...
Some of the training slides and request forms. Especially interesting is how often they repeat the need to keep the practice secret, including having a 24-hour hotline local police can use to get advice on how to hide the source even if they have to immediately give testimony in court. I believe (and a friend of mine who is a lawyer agrees) that these repeated statements like "To use it, we must protect it, or lose it." easily counts as mens rea.
 Riley v. California being a notable exception, though I know at least two friends that had their phones searched (in their presence) just a couple weeks ago in Oakland, CA; some departments haven't gotten the message yet, unfortunately.
"...Today, the SOD offers at least three services to federal, state and local law enforcement agents: coordinating international investigations such as the Bout case; distributing tips from overseas NSA intercepts, informants, foreign law enforcement partners and domestic wiretaps; and circulating tips from a massive database known as DICE. ...
...Wiretap tips forwarded by the SOD usually come from foreign governments, U.S. intelligence agencies or court-authorized domestic phone recordings. Because warrantless eavesdropping on Americans is illegal, tips from intelligence agencies are generally not forwarded to the SOD until a caller's citizenship can be verified, according to one senior law enforcement official and one former U.S. military intelligence analyst."
What would be lost with local iPhone encryption keys is the ability to gather large amounts of data by strong-arming Apple (Prism, possibly). Note that most of the people freaking out over Apple's changes are not NSA. It is law enforcement who is fearing losing their access; the same law enforcement that would be using parallel construction to actually use the data that logically they didn't have a warrant to search and seize. (if they did have a warrant, they can bypass the encryption with various other ways, which apparently includes compelling passwords)
As for the Reuters article, I linked to a specific document that was a follow-up to that Reuters article, which had very little to do with foreign governments, and a lot to do with protecting access to the surveillance infrastructure. If you want the TL;DR version (understandable; it's 300 pages of slides and forms),  is a decent overview though it lacks some of the relevant details.
Your argument seems to be that law enforcement wants to keep the phones unencrypted so that they can seize them with a warrant, hand them over to the NSA, and then the NSA can hand the data back to the police using "parallel construction" in order for the police to hide where the data came from (i.e.: acquired lawfully by the police with a warrant)
Actually, it does not go that far. The 5th Amendment protects people from being forced to inciminate themselves. Otherwise, a person could be charged with contempt of court, obstruction of justice, or similar crimes. Someone who refuses to decrypt their data when subject to a warrant will face that penalty, just like someone who refuses to answer a subpeona or destroys documents relevant to a counrt case.
I would prefer to have the password NOT be protected by the 5th amendment and have strong encryption on phones than not have strong encryption on phones. That seems like the only way to prevent casual warrantless rummaging.
Yes, and...? That sounds about right. An implanted device wired directly to your brain seems like the ultimate conclusion to this age of "wearables" we're just now entering.
Not that many people will choose a good passphrase...