New York Prosecutor Calls for Law to Fight Apple Data Encryption

This is not the first time such a law has been proposed. In 1997, a House of Representatives committee approved a ban on domestic encryption without backdoors for .gov access. Here&#x27;s an excerpt from the SAFE Act, as it was called back then:<p><i>`Whoever, after January 31, 2000, sells in interstate or foreign commerce any encryption product that does not include features or functions permitting duly authorized persons immediate access to plaintext or immediate decryption capabilities shall be imprisoned for not more than 5 years, fined under this title, or both...<p>After January 31, 2000, it shall be unlawful for any person to manufacture for distribution, distribute, or import encryption products intended for sale or use in the United States, unless that product [...] permits immediate decryption of the encrypted data, including communications, upon the receipt of decryption information by an authorized party in possession of a facially valid order [and] allows the decryption of encrypted data, including communications, without the knowledge or cooperation of the person being investigated...</i> <a href="http://thomas.loc.gov/cgi-bin/cpquery/T?&amp;report=hr108p4&amp;dbname=105&amp;" rel="nofollow">http:&#x2F;&#x2F;thomas.loc.gov&#x2F;cgi-bin&#x2F;cpquery&#x2F;T?&amp;report=hr108p4&amp;dbna...</a><p>Think of how that would have affected Linux (Android uses dm-crypt for FDE), open source, Github, etc.<p>That 1997 bill is remarkably similar to what the FBI and its law enforcement allies, including the district attorney quoted in the linked article, want today. And remember that bill was not theoretical. It was approved and sent to the House floor for a vote -- and was defeated only because of a hastily-assembled alliance of tech firms and privacy groups.<p>I disclosed in a 2012 article for CNET, before I left to found <a href="http://recent.io/" rel="nofollow">http:&#x2F;&#x2F;recent.io&#x2F;</a>, that FBI general counsel&#x27;s office has drafted related legislation mandating backdoors even before the current flap over Android and iOS FDE.<p><i>&quot;If you create a service, product, or app that allows a user to communicate, you get the privilege of adding that extra coding,&quot; an industry representative who has reviewed the FBI&#x27;s draft legislation told CNET.</i> <a href="http://www.cnet.com/news/fbi-we-need-wiretap-ready-web-sites-now/" rel="nofollow">http:&#x2F;&#x2F;www.cnet.com&#x2F;news&#x2F;fbi-we-need-wiretap-ready-web-sites...</a><p>HN readers may want to pay attention...

Greenyoda&#x27;s comment that &quot;speaking a language the police don&#x27;t understand should be a crime by this logic&quot; is I think the neatest encapsulation of the issues. It gets around all the technical issues and worries and strikes at the heart of the problem - the police should and can put away criminals without needing access to the private conversations the criminals have. Fingerprints, CCTV, loot stashed under the bed have all been good enough for a long time now.<p>The crimes that are committed solely online are few and mostly fraud by deception. There are clear issues with deceiving people in a language they don&#x27;t understand.<p>So I like the metaphor (or analogy I&#x27;m not sure)

<i>&quot;Federal and state governments should consider passing laws that forbid smartphones, tablets and other such devices from being &#x27;sealed off from law enforcement,&#x27; Manhattan District Attorney Cyrus Vance said today...&quot;</i><p>If they ever pass these laws, the next step would be to outlaw encrypting the hard drive on your laptop or using PGP to encrypt your e-mail. Also, speaking on the phone in a language that the police don&#x27;t understand could be made a crime.

This is really about law enforcement being too lazy to do their own jobs properly. Here&#x27;s a story:<p>I run a dating website and was contacted by law enforcement to provide contact information for a user suspected of soliciting sex from a minor. The information was forwarded to police on behalf of the parent of the minor. As per our privacy policy, we informed the police that we will need a court authorized subpoena before handing over details about one of our users. They also informed me NOT to ban the user or otherwise disrupt his account in any way until they receive the evidence they need from me.<p>Weeks passed, then months, and finally I had our attorney reach out and contacted them again to ask what happened with the case, and it turns out the subpoena was blocked on some kind of administrative issue. They didn&#x27;t bother telling us so that we could ban the suspect from the site sooner. In addition, they could have easily gotten the information they were looking for by using the dating site to act as a minor and get the information themselves directly from the suspect (they had the username). Our attorney told us that never once did the investigator log onto the site themselves.<p>This is one small story, but just goes to show you the extent of the laziness that pervades law enforcement today.

<i>“They’ve eliminated accessibility in order to market the product. Now that means we have to figure out how to solve a problem that we didn’t create.”</i><p>Ermm ... I&#x27;d argue that dragnet mass surveillance is exactly one of the causes. Good security should be the default position. That we&#x27;ve had poor security to date should be the considered the real aberration.

&gt; Earlier today Vance gave the keynote speech at the conference, hosted by the Federal Bureau of Investigation, saying he was going “rouge” by speaking out on the matter. He made an emotional plea that police might not be able to stop crimes against children or solve murders without access to the data.<p>They somehow solved these crimes before the advent of these devices.<p>Also, I personally regard stopping the NSA from spying on Americans - all Americans - without cause to be stopping a bigger, and more important, crime than stopping the number of crimes that the encryption would stop them from solving. It&#x27;s stopping a crime against millions of people that corrupt government officials have not only refused to properly investigate and prosecute, but have shielded for personal gain, knowing that they were circumventing the law of the land.<p>Stopping rampant corruption is a good thing, and it&#x27;s sad that it&#x27;s fallen to public companies rather than government prosecutors.

So they&#x27;re saying companies should force consumers to forfeit their right to privacy? If a prosecutor wants access to a person&#x27;s encrypted data, they should go after that person, not the company providing the encryption - they might as well ban HTTPS if they&#x27;re really going in this direction.

If only there was a law whereby if they could they could describe what they were looking for on the device and demonstrate why they needed access to the device to a sufficent standard that they can then get access. Maybe that would solve their problem ?<p>Oh wait...

Dear Apple and Google, please do our job for us because we are understaffed and underfunded.<p>Signed,<p>All the LEO that grew fat on anti-terror and surveillance money.

This is the best advertising possible for strong crypto. It raises awareness, and then shows crypto is a useful tool against these adversaries.<p>I can&#x27;t see a law like this standing on 1A grounds even if passed.

&gt; at a cybersecurity conference in New York<p>Anyone know which conference they&#x27;re talking about? I&#x27;m surprised they didn&#x27;t name it. (Probably one that the public doesn&#x27;t know about?)

Quote from the article:<p><i>Now that means we have to figure out how to solve a problem that we didn’t create.</i><p>Bummer. If all you had to do is solve the problems you created yourself, I would propose not creating the problem in the first place.<p>I understand the jam law enforcement is in but the arguments of Cyrus Vance seem disingenuous. In my eyes, he does a disservice to the cause.<p>(Edit: Formatting)

There is something about technology that gives law enforcement a tingle. Look at Vance&#x27;s high profile cases <a href="http://manhattanda.org/press-release" rel="nofollow">http:&#x2F;&#x2F;manhattanda.org&#x2F;press-release</a> : arson, multiple cases of embezzlement, securities fraud, sexual assault... Not one case that needs to break encryption to convict.<p>The lesson is that as soon as they realize they can&#x27;t do anything about it, it will cease to be a hot button issue. Just like the rest of the limitations on law enforcement. Encryption should be pervasive and routine. Then it will be ignored.

Is Vance really doing his job? The article says &quot;“It’s developed into a sort of high-stakes game,” Vance said. “They’ve eliminated accessibility in order to market the product. &quot; this implies it is something the average consumer wants (there aren&#x27;t enough criminals to make it marketable) again, this is something the consumers want. Vance should not be trying to prevent it from happening, just because it might save the children. Crimes were solved before, and they will continue to be solved. And people like Vance need to be fired for not doing there job.

&quot;He made an emotional plea that police might not be able to stop crimes against children or solve murders without access to the data.&quot; It&#x27;s FOR THE CHILDREN! Of course.

I love this quote... &quot;Now that means we have to figure out how to solve a problem that we didn’t create.&quot;<p>But they did create the problem via excessive blind collection of data, illegal warrantless searches. Falsified investigation trails and a number of other issues not-withstanding...<p>It&#x27;d be like telling safe manufacturers that they have to design in a trivial bypass for their safes so that law enforcement can get in easier... it wouldn&#x27;t fly.

So my question would be, if we see this coming down the road can we prevent our phones from being updated and losing the protection we have?

I wonder whether there is any legal basis for idea that technologies should be circumventable by law enforcement. I&#x27;m not talking about particular laws but rationales - something in judicial decision or common law.<p>I also wonder whether safe manufacturers ever were obligated to make safes that were accessible by law enforcement.

I wonder if they&#x27;ll make it illegal to install a door that can&#x27;t be kicked in?