Every once in a while, people in positions of power indadvertedly reveal not only that their view of reality is distorted, but also that they really have no idea what they are talking about.
Recently, in response to leaked revelations that the NSA and other law enforcement agencies had pretty much free access to all of your personal communications, Apple and Google both announced that they were turning encryption on by default on iOS and Android. This is significant because Apple and Google will not have access to the encryption keys, which means that they cannot turn over your data to the government, even if they wanted to.
Law enforcement immediately launched a misleading PR offensive saying that this change would be a boon to criminals, including an article in the Washington Post that incorrectly claimed that without the ability to easily read everyone’s private communications, a kidnapping victim would have died.
Even though that story was shown to be false, that didn’t slow down the misinformation. The chief of detectives for Chicago’s police department declared:
Apple will become the phone of choice for the pedophile. The average pedophile at this point is probably thinking, I’ve got to get an Apple phone.
This is insane.
Next, no less than the head of the FBI came out and said to reporters:
I am a huge believer in the rule of law, but I also believe that no one in this country is beyond the law. … What concerns me about this is companies marketing something expressly to allow people to place themselves beyond the law.
Rough translation is that anything you can do to protect your privacy should be illegal because it means that you can hide a crime from law enforcement.
Techdirt responded with a brilliant satire “FBI Director Angry At Homebuilders For Putting Up Walls That Hide Any Crimes Therein“. After all, encryption is nothing more than a wall to protect your privacy, and walls can be (and often are) used to hide crimes. And not just walls. I’m sure that pedophiles have often thought “I’ve got to get some curtains for my windows.”
But the FBI wasn’t done spreading fear:
There will come a day — well it comes every day in this business — when it will matter a great, great deal to the lives of people of all kinds that we be able to with judicial authorization gain access to a kidnapper’s or a terrorist or a criminal’s device. I just want to make sure we have a good conversation in this country before that day comes. I’d hate to have people look at me and say, ‘Well how come you can’t save this kid,’ ‘how come you can’t do this thing.’
This is bullshit.
What’s next? Will law enforcement agencies slam the manufacturers of paper shredders, because they can be used to hide evidence of criminal activity? Will they announce that they could have prevented the Great Recession in 2008 if only paper shredders hadn’t been widely available to investment bankers to hide their illegal and reckless financial transactions?
14 Comments
It’s constantly amazing to me how well fear works in this country. I’m in a forum for seniors and I asked them if they realized that fear was being used to manipulate the population. Not a one agreed with me. They assured me they were not afraid. Then they proceeded to post in adjacent threads that Ebola was a huge danger, that the children coming across the border were bringing disease, that the Muslims were out to kill us all, that Obama wanted to destroy the country via the ACA. Totally incapable of seeing the forest for the trees. And it’s not just seniors. We are inundated with fear from some of our advertising, from many of the TV shows and movies we watch, from the newscasts, and from politicians. We have small fears like our deodorant won’t work well, to fear that that person knocking on the door at 4 in the afternoon might be the boogeyman. It’s so ingrained that most don’t recognize it.
This is just more fear mongering which has been so successful in the past and no doubt will continue in the future.
“the heartbreak of psoriasis” — did anyone even know what psoriasis was before they launched that campaign?
Book recommendation: The Culture of Fear by Barry Glassner. It’s a worthwhile read on the topic of FUD.
Iron knee, I did because my family has it. Sadly, the choice of having patches that aren’t eye appealing or turning off my immune system seem a bit extreme of a choice.
But agree with the fear comments. I’m a chef, and the number of people I’ve had to explain that sugar is not a poison to the body because of Facebook is simply astounding.
Encryption at rest has been available on phones (at least in Android) for literally *years*. All that’s changed is that turning encryption on has become the default.
Never mind that the proverbial criminal has already had access to this tech by flipping a bit.
This PR stunt is such unadulterated BS that one has to wonder what the *real* agenda is..??
Daniel is absolutely correct. Encryption has always been available to anyone who wants it, including criminals. Which means that all this fuss about criminals and encryption is utter hogwash.
They are not worried about Apple giving access to encryption to criminals (either that or they are idiots who don’t know anything about tech). They are really worried about everyone having encryption on by default. So you can probably figure out what their real agenda might be. Obviously, they can’t tell you that. Hence the blatant lies.
Thank God for the 4th Amendment, if the Constitution means anything anymore.
Initially, I thought Snowden a traitor and deserved anything he had coming. A private citizen should not, in my opinion and as a matter of national security, be allowed to assume the role of sole arbiter and judge of the nation’s espionage activities. That seemed a no-brainer at the time. Imagine the consequences, for example in WWII or other periods of REAL national emergency, if anyone could leak vital military or strategic secrets of legitimate national interest. We’d all be speaking German or Japanese today.
But with his revelations and all the others that have emerged over the past few years of the NSA, CIA, FBI and all the other spy agencies out there (how many are there these days?!) who have evidently overreached and violated that Amendment indiscriminately and recklessly, it’s hard not to see him in retrospect as something more of a hero and a catalyst that has helped turn the tide against this ever encroaching police state we seem to be inching towards under the guise of national security.
Our digital hi tech is a double edged sword and I commend Apple and Google for sharpening the edge more in favor of the average Joe. The flip side, I fear, is that the average Joe is becoming ever more vulnerable to the vultures, both in and outside of gov’t, that prey on the unsuspecting and defenseless 24/7. Who has the time or resources to be ever vigilant and savvy to defend against it? And Congress, who should be our allies and most vigilant, is asleep at the wheel as usual, or afraid of doing anything that may appear to be weak on defense. We have let a ragtag bunch of terrorists (Frankenstein monsters of our own making, btw) scare us half to death and led us to overreact, overspend, and overturn our democratic principles.
For the richest country in the history of the world, it’s a sad commentary and prognosis for the future.
“Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.” – B. Franklin
More true today than ever.
OK as someone who supports a federal law enforcement group and performs analysis on said communication devices I can tell you a couple things.
First, the fear goes both ways. By that I mean, law enforcement can’t call apple and ask them for the data on anyone’s phone. Once they sell it to you they no longer own it and what you do with it is your choice. What we could do in the past was when a locked phone was encountered we could send it to Apple with a warrant signed by a judge and they could retrieve the data and send it back to us. The service provider (not apple)for your phone number can and regularly does provide a history of calls made to and from the device that utilizes the phone number WITH proper legal subpoena.
Second- the only time law enforcement would want to search your phone is after you have been arrested either in the act of committing a crime or by indictment. At that point they can request a search warrant from a judge to look at your phone.
Third – the only case where Law enforcement does not need a warrant is at a border crossing. In those cases the US reserves the right to search any person and belongings of people entering the country.
Now that being said, I am talking about regular Law enforcement (RLE), not spooks. RLEs cannot listen to conversations without probable cause spelled out in an affidavit and court order granted by a judge. So the scenario for RLE could be a suspect who regularly uses his phone to facilitate a murder for hire business utilizes chat apps, text messages and the navigation app on his phone to arrive at his next victim’s house uses an Apple phone. With encryption on we might have to release the suspect. If we had access to it we could keep him from getting to his next appointment.
IMO – the spooks etal have completely overreached their authority in the name of national security in many instances, but now RLEs will pay the price. The spooks will not, they can still conduct warrantless phone taps etc. while the RLEs never could.
I call FUD. You are conflating two very important concepts in your first point. There is a key distinction between data and metadata. In the old-school phone world, law enforcement could get a history of phone calls made. That is metadata. All it shows is that a phone call was made from some phone number to another number, and it tells you the duration. But law enforcement NEVER had access to the content of the phone calls in a retrospective manner. You can place a tap for future phone calls, but there is no going back in time.
With email encryption, law enforcement can STILL get the metadata: which email address sent a message to which email address. That information must be unencrypted, because there is no way to send the message otherwise. The email service providers, just like the old-school phone companies, can provide that access. (Yes, I’m ignoring the fact that it’s possible to set up your own email server bypassing the need for a service provider, because that’s actually a different matter…) What encryption protects is the CONTENT of the emails. Building in a way to decrypt emails and phone data is the same as letting law enforcement have the ability to go back and listen to every phone call you have ever made. This is a radically different ability than what was possible with phone calls. You must distinguish data from metadata.
As for the email equivalent of taps, again, you can do that without breaking the crypto. You can install keyloggers or other monitoring software that will record the data before it is encrypted. You can get a warrant and install that. Allowing encryption by default does not prevent this at all.
The problem with the complaints about encryption is that they ignore reality: We do not know how to build in backdoors that will not compromise the general security of the system. If we build in a legitimate backdoor for law enforcement use, I guarantee you that the bad guys will know about that backdoor, too. And those bad guys will use the backdoor a lot more often, as they empty everyone’s bank accounts. The history of computing is filled with plenty of case studies. Weakening crypto, adding backdoors, etc., will have very little benefit (i.e., crypto has never stopped a prosecution because evidence can be gathered in other ways) but will cause significant harm (fraud, privacy invasions, and other crime).
I understand what you are saying Michael, but I’d ask you to consider this in your analysis since you brought up the email scenario. Physical evidence whether it’s housed in an electronic device or a file cabinet is still evidence. If the “electronic” file cabinet that has become our phones is different then the locked one in your office, then why?
If you store personal correspondence, mail, account statements in your locked file cabinet at your office or home and law enforcement has a search warrant that includes documents for your residence or office you would have to turn over said file cabinet. I don’t see how that is any different from the electronic file cabinet that is your phone. Just like your phone they cannot listen to live conversation without a court order, but if someone sends you a fax while they are searching your office, they can intercept that live transmission. If you are a child predator and store your files on your computer, or your phone, what is the difference?
I do understand the backdoor issue. And yes other evidence can be gathered, but there are times when immediate access could save lives. I do understand the abuses by the powers to be, but what you are advocating for is similar to saying if law enforcement doesn’t have the key to the office or home they cannot go in.
The difference is psychology. Email is perceived as a communication medium, not a database. Yes, the fact that users have a record SHOULD be an indication that email is not like a phone call. But that is not true. Usability study after usability study shows that people consider emails equivalent to phone calls and they consider anyone else reading their emails to be a privacy violation. They do NOT perceive emails as equivalent to storing files of (oh god, everybody has to mention it…it’s becoming the new Godwin’s law) child porn.
You can either have laws that reflect the reality of people’s perceptions (which will make the laws more effective) or you can have laws based on some absurd ideal fantasy of how people should behave in an ideal world. The latter kinds of laws are always problematic, ineffective, and unnecessarily punishing. Psychological harm is harm.
PSgt, you are actually making the opposite case with your locked file cabinet example. If I have records stored in a locked safe and that safe is the object of a search warrant, then I am obliged to open that safe for law enforcement. It should be the same for information on my phone.
There are safes that will automatically destroy documents if someone tries to force their way into the safe, and they are not illegal. I’m sure criminals love those too.
And by the way, until very recently the FBI was claiming that they should not have to get a search warrant in order to read everything on your phone. And the FBI is supposedly not “spooks”, they are supposed to be RLE (hah!).
I agree with your last statement, none of the guys I work with are particularly fond of that 3 letter agency.
So, ” I am obliged to open that safe for law enforcement. It should be the same for information on my phone”
You really don’t think that they do not ask that question? On Apple phones we’ve run into they don’t even need encryption, all they have to do is enable the pass code and we cannot get into them, but there is no penalty if do not comply.
I really do get the overreach of law enforcement and particularly our spy agencies. (Some in the 3 letter group you mentioned do think they are part of that group). If the intent and checks and balances in the 4th amendment are followed, ie. probable cause reasoned before a judge and made available to defense, we shouldn’t need to deal with this, but given the anything goes attitude since 911, we unfortunately find ourselves in the position of siding with those that would take advantage of this tool to hide criminal activity. But, most screw up somewhere.
There’s been a lot of discussion, but with respect to this piece of news, most of it misses the point. The point is that there has been no change. Let’s focus on Android, because it’s the bigger market share, and there’s no reason to believe that criminals prefer one brand over another. The ‘news’ is that the default has changed, not that Google has removed a back door.
It’s hard to emphasize just how content free this hysteria is. One must assume that stirring up a phantom is a ruse for RLE to claim more powers. A good way might be to pretend something’s ‘happened’, to start a political conversation.
Whether or not strong encryption should be legal (or, for instance, safes that destroy their contents) is a different conversation and nothing to do with Google’s announcement.