Police, FBI, NSA, DOJ... UK Freak Out Over Encryption
#11
More law enforcement officials are coming forward to express their dismay at Apple's and Google's decision to encrypt cellphones by default. And the hysteria seems to be getting worse. As was recently covered, FBI director James Comey stated that no one was above the law, while failing to realize there's actually no law preventing Apple or Google from doing this.

The chief of the Chicago police went even further:
Quote:“Apple will become the phone of choice for the pedophile,” said John J. Escalante, chief of detectives for Chicago’s police department. “The average pedophile at this point is probably thinking, I’ve got to get an Apple phone.”
Now, Washington DC's police chief, Cathy Lanier (who we've praised previously for her implementation and enforcement of a tough [on cops] citizen recording policy) is echoing Escalante's ridiculous statement.
Quote:“This is a very bad idea,” said Cathy Lanier, chief of the Washington Metropolitan Police Department, in an interview. Smartphone communication is “going to be the preferred method of the pedophile and the criminal. We are going to lose a lot of investigative opportunities.”
First off, law enforcement rarely ever encounters encryption. These facts are borne out by the US Courts' annual statistics on warrant requests. That they'll encounter it more often from now on has nothing to do with the scary stories they've been telling to justify their collective freakout. Those criminals didn't use it, for the most part. And if they did, it was circumvented nearly 100% of the time.

Second, implying that pedophiles are suddenly going to start buying iPhones/Androids is a non-starter. Plenty of encryption options already exist and most pedophiles and criminals already own cellphones. Police have captured plenty of criminals and pedophiles without cracking encryption. See "first off" above.

Third, and this is where the irony sets in, Lanier's department is a big fan of encryption. From 2011:
Quote:D.C. police became one of the latest departments to adopt the practice [encrypting police radio communications] this fall. Police Chief Cathy Lanier said recently that a group of burglars who police believe were following radio communications on their smartphones pulled off more than a dozen crimes before ultimately being arrested and that drug dealers fled a laundromat after a sergeant used his radio to call in other officers — suggesting that they, too, might have been listening in.

"Whereas listeners used to be tied to stationary scanners, new technology has allowed people — and especially criminals — to listen to police communications on a smartphone from anywhere," Lanier testified at a D.C. Council committee hearing this month. "When a potential criminal can evade capture and learn, 'There's an app for that,' it's time to change our practices."
Journalist wondered what sort of impact this decision would have on public safety, if only certain individuals were allowed to hear as-it-happens discussions of dangerous events. All the cops could think about was the ones that got away. Now the encryption's on the other end and the police are using both the public safety argument and counting their escaped criminals before they've actually escaped justice.

I guess encryption only works for the government. All others need not apply. Lanier's statement -- combined with the DCPD's encrypted transmissions -- means she only wants to encrypt the communications of the department's "pedophiles and criminals."

Now, going back to James Comey complaining about Apple and Google being above the law. Nothing that exists can legally prevent them from providing this encryption to their customers… at least for now. Surfing high on a wave of hysteria, former FBI Counsel Andrew Weissman has arrived to push for exactly that: new laws.
Quote:They have created a system that is a free-for-all for criminals,” said Weissmann, a law professor at New York University. “It’s the wrong balancing act. Having court-ordered access to telephones is essential to thwart criminal acts and terrorist acts.”

Weissmann said there was little the Justice Department could do to stop the emerging policies. The companies are permitted to have encryption systems. The only way to ensure law enforcement access is for Congress to pass legislation, he said.
The answer to a move prompted by the exposure of government overreach is… more government overreach. Weissman's horrendous idea will find some sympathetic ears in Congress, but not nearly as many as it would have found a few years ago. Any legislation prompted by law enforcement officials' iPedophile hallucinations will be decidedly terrible and loaded with negative side effects and collateral damage.

And let's not forget that, since the beginning of criminal activity, there have always been panics about new technology placing ne'er-do-wells ahead of pursuing flatfoots. Here's one from 1922, pointed out by the ACLU's Chris Soghoian:

Here's a text version:
Quote:The automobile is a swift and powerful vehicle of recent development, which has multiplied by quantity production and taken possession of our highways in battalions, until the slower, animal-drawn vehicles, with their easily noted individuality, are rare. Constructed as covered vehicles to standard form in immense quantities, and with a capacity for speed rivaling express trains, they furnish for successful commission of crime a disguising means of silent approach and swift escape unknown in the history of the world before their advent. The question of their police control and reasonable search on highways or other public places is a serious question.

The baffling extent to which they are successfully utilised to facilitate commission of crime of all degrees, from those against morality, chastity, and decency to robbery, rape, burglary, and murder, is a matter of common knowledge. Upon that problem a condition and not a theory confronts proper administration of our criminal laws.
Law enforcement techno-panic. Dating all the way back to the "silent approach" of a 1920's-era internal combustion engine.

Originally Published: Thu, 02 Oct 2014 22:46:55 GMT
source
Reply
#12
FBI Director James Comey has doubled down on his basic attack on technology and privacy with a speech at the Brookings Institution entitled "Going Dark: Are Technology, Privacy, and Public Safety on a Collision Course." He admits that he wants "every tool" available to law enforcement, and he's worried about that darn tech industry for wishing to keep users' information private. He calls it a "public safety problem." Others may disagree.
Quote: Unfortunately, the law hasn’t kept pace with technology, and this disconnect has created a significant public safety problem. We call it “Going Dark,” and what it means is this: Those charged with protecting our people aren’t always able to access the evidence we need to prosecute crime and prevent terrorism even with lawful authority. We have the legal authority to intercept and access communications and information pursuant to court order, but we often lack the technical ability to do so.

We face two overlapping challenges. The first concerns real-time court-ordered interception of what we call “data in motion,” such as phone calls, e-mail, and live chat sessions. The second challenge concerns court-ordered access to data stored on our devices, such as e-mail, text messages, photos, and videos—or what we call “data at rest.” And both real-time communication and stored data are increasingly encrypted.
Of course, many of us look at that encryption itself as a public safety issue on the other side. Greater encryption allows people to communicate safely, securely and privately -- which is an important public safety consideration. The simple fact is that crimes have been committed throughout human history without the ability of law enforcement to eavesdrop on people. It's merely an accident of history that so much communication recently has had backdoors and holes by which eavesdropping was even possible. Closing those doors doesn't mean law enforcement can't solve crimes, and it's silly to mandate backdoors when it's not necessary and can create more problems.

Comey seems particularly annoyed that the tech industry is locking stuff up in response to the Snowden revelations, because he argues, that's blocking all sorts of other stuff he'd like to have access to:
Quote: In the wake of the Snowden disclosures, the prevailing view is that the government is sweeping up all of our communications. That is not true. And unfortunately, the idea that the government has access to all communications at all times has extended—unfairly—to the investigations of law enforcement agencies that obtain individual warrants, approved by judges, to intercept the communications of suspected criminals.

Some believe that the FBI has these phenomenal capabilities to access any information at any time—that we can get what we want, when we want it, by flipping some sort of switch. It may be true in the movies or on TV. It is simply not the case in real life.

It frustrates me, because I want people to understand that law enforcement needs to be able to access communications and information to bring people to justice. We do so pursuant to the rule of law, with clear guidance and strict oversight. But even with lawful authority, we may not be able to access the evidence and the information we need.
Again, there's an interesting sense of entitlement there. There's lots of information law enforcement would like to have, and even may legally have the right to have, but which they cannot have. And that's been true throughout history, and law enforcement has survived and crimes have been stopped and criminals caught and prosecuted. What Comey is advocating here is to make everyone less safe just in case law enforcement wants it. That's a problem.

Bizarrely, Comey is quite upset that companies are now marketing the fact that they keep you secure.
Quote: Encryption isn’t just a technical feature; it’s a marketing pitch. But it will have very serious consequences for law enforcement and national security agencies at all levels. Sophisticated criminals will come to count on these means of evading detection. It’s the equivalent of a closet that can’t be opened. A safe that can’t be cracked. And my question is, at what cost?
The cost of privacy and trust. Which are, you know, kind of important too...

And then he goes back to his simply wrong declaration that this is about making people "above the law." But that's not true. There is no legal requirement that this information be available. It's not above the law at all. Being above the law means ignoring the law and getting away with it. But, to Comey, being above the law is apparently doing stuff that makes the FBI's job marginally more difficult.
Quote: I hope you know that I’m a huge believer in the rule of law. But I also believe that no one in this country should be above or beyond the law. There should be no law-free zone in this country. I like and believe very much that we need to follow the letter of the law to examine the contents of someone’s closet or someone’s cell phone. But the notion that the marketplace could create something that would prevent that closet from ever being opened, even with a properly obtained court order, makes no sense to me.

I think it’s time to ask: Where are we, as a society? Are we no longer a country governed by the rule of law, where no one is above or beyond that law? Are we so mistrustful of government—and of law enforcement—that we are willing to let bad guys walk away...willing to leave victims in search of justice?
And then there's this: He's not a scaremonger, but you should be afraid:
Quote: I’ve never been someone who is a scaremonger. But I’m in a dangerous business.
And, of course, he wants Congress to step in and fix things for him, making everyone less safe:
Quote: We also need a regulatory or legislative fix to create a level playing field, so that all communication service providers are held to the same standard and so that those of us in law enforcement, national security, and public safety can continue to do the job you have entrusted us to do, in the way you would want us to.
A "level field"? Really? The field has been tilted strongly towards the FBI and NSA for well over a decade. It's only now, with further encryption, that it's been leveling out...

Originally Published: Thu, 16 Oct 2014 21:07:01 GMT
source
Reply
#13
I believe the Justice branch of American gov't has this problem because someone from their securities section said they CAN get into any type of stored device as a guarantee. Now I know why when I was a Desktop Engineer that I never guaranteed my work. A guarantee means -by any means possible- get it done. Expensive. Very expensive to break data encryption of each storage device.
Reply
#14
FBI Director James Comey is apparently a likable guy, but if he's going to attack encryption, it might help if he actually understood it better than, say, the editorial board of the Washington Post, who recently argued against "backdoors" in technology, and for a magical "golden key" -- as if the two were somehow different. We wrote a quick take on Comey's Brooking's talk last week, but the deeper you dive into his talk the more and more evident it is that he not only doesn't quite understand the issues he's talking about, but that he doesn't even seem to understand when his own statements conflict with each other.

Just two days earlier, in a 60 Minutes interview, Comey had insisted, incorrectly, that the FBI can never read your email without a court order. This was simply false, and Comey had to 'fess up to that at the Brookings event when called on it. But if he needed to "clarify" that, it seems like he needs to do much more clarifying as well. Because much of his speech presented scenarios for why the phone encryption now being put in place by Apple and Google would have harmed investigations -- and after digging into those examples, it appears that his explanations were, once again, incorrect. Here are his examples:
Quote: In Louisiana, a known sex offender posed as a teenage girl to entice a 12-year-old boy to sneak out of his house to meet the supposed young girl. This predator, posing as a taxi driver, murdered the young boy and tried to alter and delete evidence on both his and the victim’s cell phones to cover up his crime. Both phones were instrumental in showing that the suspect enticed this child into his taxi. He was sentenced to death in April of this year.

In Los Angeles, police investigated the death of a 2-year-old girl from blunt force trauma to her head. There were no witnesses. Text messages stored on her parents’ cell phones to one another and to their family members proved the mother caused this young girl’s death and that the father knew what was happening and failed to stop it. Text messages stored on these devices also proved that the defendants failed to seek medical attention for hours while their daughter convulsed in her crib. They even went so far as to paint her tiny body with blue paint—to cover her bruises—before calling 911. Confronted with this evidence, both parents pled guilty.

In Kansas City, the DEA investigated a drug trafficking organization tied to heroin distribution, homicides, and robberies. The DEA obtained search warrants for several phones used by the group. Text messages found on the phones outlined the group’s distribution chain and tied the group to a supply of lethal heroin that had caused 12 overdoses—and five deaths—including several high school students.

In Sacramento, a young couple and their four dogs were walking down the street at night when a car ran a red light and struck them—killing their four dogs, severing the young man’s leg, and leaving the young woman in critical condition. The driver left the scene, and the young man died days later. Using “red light cameras” near the scene of the accident, the California Highway Patrol identified and arrested a suspect and seized his smartphone. GPS data on his phone placed the suspect at the scene of the accident and revealed that he had fled California shortly thereafter. He was convicted of second-degree murder and is serving a sentence of 25 years to life.

The evidence we find also helps exonerate innocent people. In Kansas, data from a cell phone was used to prove the innocence of several teens accused of rape. Without access to this phone, or the ability to recover a deleted video, several innocent young men could have been wrongly convicted.
Powerful stories, right? Just imagine if the data on those phones were locked up and unavailable to law enforcement? Well, imagine-no-more, because people have been looking into these stories, and Comey's fear mongering doesn't check out. First up, The Intercept looked into these cases and their results can be summed up in the URL slug which includes "FBI Dude Dumb Dumb."
Quote: In the three cases The Intercept was able to examine, cell-phone evidence had nothing to do with the identification or capture of the culprits, and encryption would not remotely have been a factor.

In the most dramatic case that Comey invoked — the death of a 2-year-old Los Angeles girl — not only was cellphone data a non-issue, but records show the girl’s death could actually have been avoided had government agencies involved in overseeing her and her parents acted on the extensive record they already had before them.

In another case, of a Lousiana sex offender who enticed and then killed a 12-year-old boy, the big break had nothing to do with a phone: The murderer left behind his keys and a trail of muddy footprints, and was stopped nearby after his car ran out of gas.

And in the case of a Sacramento hit-and-run that killed a man and his girlfriend’s four dogs, the driver was arrested a few hours later in a traffic stop because his car was smashed up, and immediately confessed to involvement in the incident.
The link provides a lot more details about each of those cases, suggesting phones had little to nothing to do with any of those stories, and if there were encryption on those phones it wouldn't have made the slightest difference. And it's not just the folks over at The Intercept recognizing this. The Associated Press called bullshit on most of the examples as well.

And, remember, these were the hand-picked examples the FBI came up with after weeks of time to prepare its case for not allowing such encryption. And they don't hold up under scrutiny.

During the Q&A, Comey was again challenged on these and asked for "real live examples" where encryption would be an issue and his answer did not inspire confidence that Comey has any idea what he's talking about:
Quote: Rescuing someone before they’re harmed? Someone in the trunk of a car or something? I don’t think I know – yet? I’ve asked my folks just to canvas – I’ve asked our state and local partners are there some examples where this – I think I see enough, but I don’t think I’ve found that one yet. I’m not looking. Here’s the thing. When I was preparing the speech, one of the things I was inclined to talk about was — to avoid those kids of sort of ‘edge’ cases because I’m not looking to frighten people. Logic tells me there’re going to be cases just like that, but the theory of the case is the main bulk of law enforcement activity. But that said I don’t know the answer. I haven’t found one yet.
In the talk, Comey also disputed the notion of a "back door," but rather claimed he wanted a "front door."
Quote: We aren’t seeking a back-door approach. We want to use the front door, with clarity and transparency, and with clear guidance provided by law. We are completely comfortable with court orders and legal process—front doors that provide the evidence and information we need to investigate crime and prevent terrorist attacks.
Right. So, just like the question of what's the difference between a back door and a magic golden key, Comey was asked about the difference between a front door and a back door, and his answer was... he doesn't know.
Quote: When asked technical questions about the solution he was suggesting, Comey didn’t have the answers. At one point, the host, Benjamin Wittes, a senior fellow at the Brooking Institution, asked Comey to explain his “front door” distinction, to which he responded, “I don’t think I am smart enough to tell you what 'front door' means.”
Yup. You're the director of the FBI and you just gave a key speech -- pushing for legislation -- which focuses on the idea of wanting a "front door" into technology, and when questioned on what the hell that means your answer is "I don't think I'm smart enough to tell you what 'front door' means"? This isn't making me feel any safer.

You know what would make me feel safer? A hell of a lot more encryption. And you know who agrees? the FBI. This is from the FBI's own website for "safety tips to protect your mobile device"
[Image: vJAV0Ne.jpg]
In case you can't read it, it says:
Quote: Depending on the type of phone, the operating system may have encryption available. This can be used to protect the user’s personal data in the case of loss or theft.
It also recommends passcode protecting your phone (which is how these default encryption systems now work). So, um, here we have the FBI telling people to encrypt their phones... and complaining that such things will lead to the end of the world, though it's unable to actually give an example, or even explain what its new proposal is really about. As Marcy Wheeler pointed out before the speech, this sort of clueless dichotomy seems to follow Comey around. In that 60 Minutes interview, he both talked about how dangerous the internet is, and why people need to protect themselves... and then attacked one of the most important tools for people to protect themselves.

It's almost as if Comey has absolutely no idea what he's talking about.

And that's because he almost certainly does not. He may understand other issues related to crime and law enforcement, but when it comes to encryption, it appears he's reading the hastily prepared script of someone else. The simple fact is that he's wrong. Strong encryption is in the public interest and not only protects people from questionable surveillance, but from bad actors as well. It's the best way to make us all safer -- much better than relying on FBI agents running around trying to snoop on phones.

Thankfully, so far, the folks in Congress don't sound particularly impressed by Comey's demand for "front doors" that he's not smart enough to understand. Hopefully it stays that way.

Originally Published: Mon, 20 Oct 2014 17:22:00 GMT
source
Reply
#15
The latest law enforcement official to enter into the "debate" over phone encryption is none other than NYPD Commissioner Bill Bratton, most famous around Techdirt for being "not Ray Kelly." Bratton sees eye-to-eye with pretty much everyothercritic of Google's and Apple's move to provide encryption by default: this is bad for us (meaning "law enforcement"), therefore new laws.
Quote:Police Commissioner Bill Bratton ratcheted up the rhetoric against Google and Apple Friday, vowing to push for legislation now that the tech giants have announced operating systems with encryptions that block law enforcement access.

“It does a terrible disservice to the public, ultimately, and to law enforcement, initially,” he said. “It really does impede our investigation of crimes.
That's some mighty fine spin by Bratton. Something that will make a vast majority of the public's data less susceptible to hackers' attacks is a "disservice to the public" because in a very small number of cases, this encryption could hamper an investigation. Because some criminals might use this encryption, no one should be allowed to have it.

Bratton also fired the following (cheap) shot across the bow of the cell phone giants, insinuating that the companies are profiting from law enforcement pain, deliberately.
Quote:“For them to consciously, for profit and gain, to thwart those legal constitutional efforts, shame on them.”
Businesses turn profits. Otherwise, they're not businesses (or not in business for long). Offering encryption by default does not -- in itself -- make Apple and Google more money. Nor does "thwarting legal constitutional efforts." It could actually be argued that this will cost both companies more money in the long run, considering they will both be facing additional legal challenges and very-specifically-targeted legislation.

Manhattan DA Cyrus Vance, who notes that he's in "lockstep" with Bratton's views, sounds like he's in lockstep with the former keepers of NYC's security state -- Ray Kelly and Michael Bloomberg -- when he opines that the balance between privacy and security should always be tilted towards law enforcement.
Quote:"I think that the balance, however ... can’t be one where saving people’s lives, solving serious crimes from child abuse to terrorism, is the price we have to pay for blanket privacy.”
I keep hearing "child abuse" and "terrorism," but keep envisioning law enforcement's desired encryption backdoor being used for the same thing Stingray devices and cast-off military gear are used for: plain vanilla drug warring and other assorted "normal" criminal investigations. Tears are shed over the pedophile who got away, but in practice, it's rarely anything more than Officer Smith flipping through the digital rolodex of some low-level meth dealer.

Originally Published: Wed, 22 Oct 2014 20:40:00 GMT
source
Reply
#16
James Comey's pleas that something must be done for the [potentially-molested] children of the United States seem to be falling on mostly deaf ears. Mostly. After realizing that there's nothing in current laws that compels Google and Apple to punch law enforcement-sized holes in their default encryption, Comey has decided to be the change he wishes to force in others.

Having set the stage with a Greek chorus comprised of law enforcement officials chanting "iPhones are for pedophiles," Comey is now making overtures to legislators, targeting an already-suspect law for further rewriting: CALEA, or the Communications Assistance for Law Enforcement Act. As it stands now, the law specifically does NOT require service providers to decrypt data or even provide law enforcement with the means for decryption. Up until this point, the FBI's director seemed to consider Congressional support a foregone conclusion.
Quote:Last week, FBI director James Comey suggested that encryption "threatens to lead all of us to a very dark place" and suggested that if Apple and Google don't remove default encryption from iOS and Android then "Congress might have to force this on companies."
Now, Congress members are firing back at Comey, reminding him that Congress doesn't have to do shit.
Quote:"To FBI Director Comey and the Admin on criticisms of legitimate businesses using encryption: you reap what you sow," California Republican Rep. Darrell Issa tweeted. "The FBI and Justice Department must be more accountable—tough sell for them to now ask the American people for more surveillance power."
Rep. Zoe Lofgren estimates Comey's legislative "fix" has a "zero percent" chance of passing. This tepid statement is the warmest response Comey's received so far.
Quote:“It's going to be a tough fight for sure,” Rep. James Sensenbrenner (R-Wis.), the Patriot Act’s original author, told The Hill in a statement.
Of course, in this anti-surveillance climate, there aren't too many representatives willing to openly support toxic rewrites like the one Comey desires. But give it a few more years and anything's possible. This is the time to start watching upcoming bills closely. It's not completely unheard of for unpopular legislation to be tacked onto other bills whose popularity (or complete mundanity) gives them a higher chance of passing.

Comey also still seems to think that it's simply a matter of wording. He's done all he can to portray the encrypted future as a nightmarish world where child abusers, drug dealers and terrorists run amok while law enforcement fumbles around in the dark. This clumsy propaganda machine has done little to soften up the public or its representatives. Now, he's shifting gears, pretending that it's not a "backdoor" he's seeking, but rather some sort of magical doggie door for law enforcement.
Quote:“We want to use the front door with clarity and transparency,” he said.
How that word picture converts to real life remains to be seen. Comey doesn't seem to have any idea but believes the answer runs through an amended CALEA. The good news is that no one's in any hurry to help him out. The FBI (and much of law enforcement) is so used to getting what they want (as well as being completely absent when it's time to reap what's been sown) with minimal resistance that this pushback has forced them to think on their feet -- something they're clearly not comfortable doing. Between talk of "golden keys" and the hilarious assumption that Congress would simply do as it's told, the FBI's anti-encryption fit-pitching is looking more ridiculous by the moment.

Originally Published: Thu, 23 Oct 2014 17:25:05 GMT
source
Reply
#17
In September, both Apple and Google announced plans to encrypt information on iOS and Android devices by default. Almost immediately, there was a collective freakout by law enforcement types. But, try as they might, these law enforcement folks couldn't paint any realistic scenario of where this would be a serious problem. Sure, they conjured up scenarios, but upon inspection they pretty much all fell apart. Instead, what was clear was that encryption could protect users from people copying information off of phones without permission, and, in fact, the FBI itself recommends you encrypt the data on your phone.

But it didn't stop FBI director James Comey from ignoring the advice of his own agency and pushing for a new law that would create back doors (he called them front doors, but when asked to explain the difference, he admitted that he wasn't "smart enough" to understand the distinction) in such encryption.

So, now, of course, the FBI/DOJ gets to go up to Congress and tell them scary stories about just how necessary breaking encryption would be. And it's being done in total secrecy, because if it was done in public, experts might debunk the claims, like they've done with basically all of the scenarios provided in public to date.
Quote: FBI and Justice Department officials met with House staffers this week for a classified briefing on how encryption is hurting police investigations, according to staffers familiar with the meeting. The briefing included Democratic and Republican aides for the House Judiciary and Intelligence Committees, the staffers said. The meeting was held in a classified room, and aides are forbidden from revealing what was discussed.
It's almost guaranteed that someone will introduce some legislation, written primarily by the FBI, pushing for this (such a bill is almost certainly already sitting in some DOJ bureaucrat's desk drawer, so they just need to dot some i's, cross some t's and come up with a silly acronym name for the bill). So far, many in Congress have been outspoken against such a law, but never underestimate the ability of the FBI to mislead Congress with some FUD, leading to all sorts of scare stories about how we need this or we're all going to die.

Originally Published: Fri, 31 Oct 2014 15:10:43 GMT
source
Reply
#18
There are times that I wonder if former NSA General Counsel Stewart Baker is just trolling with his various comments, because they're so frequently out of touch with reality, even though he's clearly an intelligent guy. His latest is to join in with the misguided attacks on Apple and Google making mobile encryption the default on iOS and Android devices, with an especially bizarre argument: protecting the privacy of your users is bad for business. Oh really? Specifically, Baker engages in some hysterically wrong historical revisionism concerning the rise and fall of RIM/Blackberry:
Quote: Baker said encrypting user data had been a bad business model for Blackberry, which has had to dramatically downsize its business and refocus on business customers. “Blackberry pioneered the same business model that Google and Apple are doing now - that has not ended well for Blackberry,” said Baker.

He claimed that by encrypting user data Blackberry had limited its business in countries that demand oversight of communication data, such as India and the UAE and got a bad reception in China and Russia. “They restricted their own ability to sell. We have a tendency to think that once the cyberwar is won in the US that that is the end of it - but that is the easiest war to swim.”
While it's true that some countries, like India, demanded the right to spy on Blackberry devices, the idea that this was the reason for the company's downfall is ludicrous. First of all, RIM gave in to some of those demands anyway. But, more importantly, the reason that Blackberry failed was because the company just couldn't keep up from an innovation standpoint -- and that's because early on it made the decision to focus onenforcing patents, rather than truly innovating. RIM got fat and lazy by getting an early lead and then focusing on protecting it, rather than keeping up with the market. And... one of the reasons it got that early lead was because companies were willing to buy into the Blackberry in part because of its strong encryption.

The idea that encryption was bad for business because China and Russia couldn't spy on people is not only ridiculous and silly, but it appears to be Baker supporting authoritarian states spying on its citizenry. What the hell, Stewart?

Beyond that, Baker insists that, really, the public doesn't want encryption anyway, and if people only knew what was really going on with the "bad guys," we'd all be willing to give up our privacy:
Quote: Baker said the market for absolute encryption was very small, and that few companies wanted all their employees’ data to be completely protected. “There’s a very comfortable techno-libertarian culture where you think you’re doing the right thing,” said Baker.

“But I’ve worked with these companies and as soon as they get a law enforcement request no matter how liberal or enlightened they think they are, sooner to later they find some crime that is so loathsome they will do anything to find that person and identify them so they can be punished.
Right. And that's what basic police and detective work is for. It doesn't mean that you need to weaken the security and privacy of everyone else. Anyway, let's see if Baker goes out and shorts Apple and Google's stock now that he believes encryption and protecting the privacy of their users is really so bad for business.

Originally Published: Wed, 05 Nov 2014 14:22:34 GMT
source
Reply
#19
Recently Techdirt wrote about the extraordinary tirade by the new GCHQ boss, Robert Hannigan, which boiled down to: "however much we spy and censor online today, it's still not enough." It was so full of wrong-headed and dangerous ideas that it was hard to capture it all in one post. Here's one thing we didn't have room for last time:
Quote:Isis also differs from its predecessors in the security of its communications. This presents an even greater challenge to agencies such as GCHQ. Terrorists have always found ways of hiding their operations. But today mobile technology and smartphones have increased the options available exponentially. Techniques for encrypting messages or making them anonymous which were once the preserve of the most sophisticated criminals or nation states now come as standard. These are supplemented by freely available programs and apps adding extra layers of security, many of them proudly advertising that they are "Snowden approved". There is no doubt that young foreign fighters have learnt and benefited from the leaks of the past two years.
Leaving aside the rather pathetic dig at Snowden at the end there, and the unsubstantiated statement that terrorists have benefited from his leaks, the key message here is that strong encryption is now used routinely by the wrong people, and that it presents an "even greater challenge" to the world's security services. If that lament sounds familiar, it's because suddenly, over the last few weeks, it has become the persistent refrain of law enforcement agencies in both the US and UK.
First we had the FBI Director James Comey talking about his agency's fears about things "going dark" because of encryption; then we heard from NYPD Commissioner Bill Bratton about how encryption "does a terrible disservice to the public"; a couple of weeks later, former NSA General Counsel Stewart Baker suggested the reason Blackberry had failed was because it used "too much encryption".

Now it seems that the baton has been passed to the UK. The day after Hannigan led the way with his piece in the Financial Times, the head of London's Metropolitan Police added his voice to the chorus of disapproval, as the London Evening Standard reports:
Quote:London's police chief today warns society against letting parts of the internet become a "dark and ungoverned" space populated by paedophiles, murderers and terrorists.

In a call for action, Met Commissioner Sir Bernard Hogan-Howe says encryption on computers and mobile phones is frustrating police investigations, meaning parts of the web are becoming "anarchic places".
What's particularly interesting is that as part of his visit to New York to make this speech, Hogan-Howe was also planning to meet all the senior US officials who had just voiced their concerns about encryption in precisely the same terms:
Quote:Sir Bernard has spent several days in talks with New York and Washington police chiefs about the threat of terrorism and what he calls "the challenges and opportunities" of technology. Today he was meeting FBI director James Comey.

He was also telling law enforcement experts behind closed doors at the New York police department that the internet is now a safe haven for criminality, adding: "Privacy is important but in my view the security of communications methods and devices is growing beyond what any genuine domestic user could reasonably require."
It's hard not to see this as part of a concerted and organized counter-attack against growing calls to rein in US and UK surveillance in the wake of Snowden's revelations. The common line on both sides of the Atlantic is that encryption has gone too far -- that "the security of communications methods and devices is growing beyond what any genuine domestic user could reasonably require". The clear implication is that only "paedophiles, murderers and terrorists" would want strong crypto, and that for law-abiding citizens with nothing to hide, crypto with backdoors is good enough.
But it isn't, of course. Law-abiding citizens with nothing to hide have a perfect right to real privacy online, just as they have a right to use doors, walls and curtains to screen off their private lives from the world's gaze. As Techdirt has noted before, placing backdoors in nominally secure systems simply makes them completely insecure, since there is no way to stop the bad people from using them too. Moreover, weakening crypto would not only make the Internet vastly less secure for billions of users, it would also undermine millions of online businesses and thus the economies with which they are now so deeply intertwined.

We can expect more of these blatant attempts to demonize strong cryptography, and to paint its mere use as a sure sign of terrorism and depravity. But we have been here before. During the 1990s the US government tried to introduce backdoors into secure communications using the Clipper chip. Civil society won those first Crypto Wars; now it needs to gird its loins to fight and win Crypto Wars 2.0.

Originally Published: Mon, 10 Nov 2014 16:18:45 GMT
source
Reply
#20
The discussion over cellphone encryption continues, with much of the "discussion" being FBI director James Comey's insistence that Apple and Google simply can't do the very thing they're doing... and offering zero legal reasons why they can't. There have been a lot of horribles paraded around during the past few weeks, mainly of the terrorist or pedophile variety. None of it has been very persuasive to anyone not wearing a badge. The converts continue to love the preaching while those on the outside look on in bemusement.

It's not just Apple and Google at this point. Whatsapp, the messaging app Facebook recently purchased, will be providing end-to-end encryption. Twitter is fighting National Security Letter gag orders in court.

The Wall Street Journal's recent article provides a closer look at the reactions of the upper echelon of law enforcement (DOJ and FBI) but only finds more of the same.
Quote:The No. 2 official at the Justice Department delivered a blunt message last month to Apple Inc. executives: New encryption technology that renders locked iPhones impervious to law enforcement would lead to tragedy. A child would die, he said, because police wouldn’t be able to scour a suspect’s phone, according to people who attended the meeting.
"A child would die." That's the argument. That's almost the only argument.
Quote:I'd hate to have people look at me and say, 'Well how come you can't save this kid,' 'how come you can't do this thing.'" (Sept. 25)

Smartphone communication is “going to be the preferred method of the pedophile and the criminal.' [Washington DC Police Chief Cathy Lanier] (Sept. 30)

Eric Holder: 'When a child is in danger, law enforcement needs to be able to take every legally available step to quickly find and protect the child...' (Oct 1st)
Quote:As a result, child predators, terrorists, and other criminals could go free, he [James Comey] warned. (Oct. 30)
Unsurprisingly, when the subject was first broached in this fashion, Apple reacted as any company would when faced with the insinuation that its latest feature would kill children.
Quote:The meeting last month ended in a standoff. Apple executives thought the dead-child scenario was inflammatory. They told the government officials law enforcement could obtain the same kind of information elsewhere, including from operators of telecommunications networks and from backup computers and other phones, according to the people who attended.
There are other options, but the FBI and DOJ only want the easiest route. To get it, the same argument is presented again and again. The FBI, along with other law enforcement officials, have accused Apple and Google of marketing to criminals. The companies have reasonably responded by presenting the alternatives the FBI and others are willfully ignoring. Files stored on phones are often stored elsewhere. Talk to service providers. Demand the information from the suspects themselves.

James Comey says he wants to have a "discussion," but plugs his ears and shouts about pedophiles and dead children when options other than a law enforcement-only "back door/front door" are brought up. Apple and Google have told the FBI to change the law if it doesn't like the new reality. James Comey and the DOJ's second-in-command, James Cole, know this is the route they have to take if they want to force Apple and Google to drop encryption. They also know the current backlash against government surveillance makes this pursuit anything but a foregone conclusion.

And, so, Comey and Cole exhume the corpses of child victims and give them lead roles in their pathetic, ghoulish puppet show -- something they perform for any halfway-sympathetic audience. Comey and others in law enforcement know what it will take to pass legislation or amendments in their favor.
Quote:[Deputy Attorney General James] Cole predicted that [law change] would happen, after the death of a child or similar event.
So, it would appear that both sides of the argument are waiting for a watershed event to prove their respective points. Apple's Tim Cook believes "something major" will happen that will prove to customers that his company's decision to provide encryption by default was the right one. The DOJ and FBI, on the other hand, are apparently waiting for something much more tragic: the severe abuse and/or death of a child at the hand of criminal in possession of an encrypted phone.

One side is waiting for a horrible event their customers are shielded from. The other side is waiting for a horrible event to convert into legislative currency. If the side looking to exploit a tragedy strikes first, the second watershed event -- the one Tim Cook posits -- will have no positive outcome. The FBI isn't just willing to use dead children to achieve its aims. It's also willing to sacrifice the public's privacy and security at the same time.

Originally Published: Fri, 21 Nov 2014 18:26:57 GMT
source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  I just found out that Telegram has it's own crpto coin Ladyanne3 1 1,526 Jul 10, 2024, 07:39 am
Last Post: dueda
  Why Even the FBI Gave Up on the Pirate Bay: The Pirtate Bay History 101 RobertX 1 4,889 Jul 23, 2023, 07:58 am
Last Post: rezwaki
  Tell me which phone out of these would you choose? VantaBlac 2 6,181 Feb 10, 2023, 11:37 am
Last Post: VantaBlac
  For People Who Bring Their Laptops Out RobertX 7 22,740 Aug 29, 2021, 15:40 pm
Last Post: waregim
  onionflix took over btdb and sky? Iliketacos 0 13,286 Jul 01, 2021, 23:23 pm
Last Post: Iliketacos



Users browsing this thread: 1 Guest(s)