Manhattan DA Asks Apple and Google To Roll Back – Not Weaken – Encryption (Kinda the Same Thing, Mister).
It’s just like a lawyer to sing a differen tune to confuse the issue. Last week, Manhattan District Attorney Cyrus Vance Jr. spoke at the International Conference on Cyber Security (all quotes from tomsguide.com):
[He] said that law enforcement officials did not need an encryption “backdoor,” sidestepping a concern of computer-security experts and device makers alike.
Instead, Vance said, he only wanted the encryption standards rolled back to the point where the companies themselves can decrypt devices, but police cannot. This situation existed until September 2014, when Apple pushed out iOS 8, which Apple itself cannot decrypt.
This almost sounds reasonable, except that what Apple had under iOS 8 is, essentially, a backdoor. After all this time, the DA still seems to be missing the point: eliminating backdoors is not about stymying law enforcement. It’s about plugging up a weakness that someone – not necessarily anyone – can exploit.
In the case of iOS 8, that “someone” is Apple.
Not to Our Knowledge
DA Vance further bet on the reasonability of his request by noting that (my emphasis):
“Apple admitted that its own decryption technology for iOS 7 was never compromised, to its knowledge,” Vance said. “At least up to iOS 7, there was no increase in risk in Apple maintaining the ability to unlock its own phones. I don’t see why the company can’t continue to provide the same strong encryption it previously provided, yet while still maintaining the ability to decrypt its own phones.”
It’s a funny thing, that string of words, “to its knowledge.” Apple’s admission that iOS 7’s backdoor was not compromised, “as far as they know,” is not the same thing as saying that it hasn’t been compromised. It just literally means that Apple doesn’t know. The reality is that that this is a “known unknown” – we know there is a backdoor, but who knows whether it has been exploited, when, and by whom?
If military engineers in China or Russia (and I bring them up because no one accuses the Russians and Chinese of having substandard engineers or mathematicians, although the truth is geniuses can be found in any nation) figured out how to exploit the backdoor, does the DA really think that they’d go around bragging about it, or notifying Apple so that they can patch it up…as opposed to using it for their own national security means and ends?
This Other Example Works Against the DA
Another example the DA gave for going back in time when it comes to encryption:
Vance cited a recording of a telephone call made from New York City’s Riker’s Island jail to an outside line. In the call, a defendant in a sex-crimes case tells a friend about the miraculous powers of the new smartphone operating systems.
“Apple and Google came out with these softwares that can no longer by encrypted by the police,” the defendant allegedly said, mixing up encryption with decryption. “If our phones [are] running on iOS 8 software, they can’t open my phone. That might be another gift from God.”
Again, ammunition for weaker encryption. After all, who wants to knowingly set criminals free? The thing is, there is a twist here that works against the DA.
You know what the above story also happens to show? Recorded proof that the defendant is hiding evidence in his smartphone. As such, the defendant can be forced to unlock his phone when presented with the appropriate court order. Wouldn’t it impinge his Fifth Amendment rights? you might ask.
Nope, because it’s a foregone conclusion that there is evidence related to his criminal charges on that phone. Indeed, the above is incredibly similar to another oft-cited case involving privacy, encryption, forced decryption, and suspects’ Fifth Amendment rights, aka, Fricosu. Follow the link to read a transcript of Fricosu’s phone call that resulted in a judge ordering her to decrypt a hard drive.
While some were quite vocal that the judge’s decision to force Fricosu to decrypt her hard drive was the wrong one, the majority saw it for what it was: a defendant shooting themselves in the foot and losing their constitutionally granted protection. The rule to never say anything unless your lawyer is present is a steadfast one if you’re under investigation and interacting in any way inside a government installation.
Of course, a person could refuse to follow a warrant’s instructions. And for that, they’d be in contempt and would be put in jail, which is kind of what the suspects are trying to avoid in the first place by not providing it.
See? No backdoors necessary.
On “The Industry is Enabling Criminals”
One last parting shot. The FBI and others have noted that Apple, Google, and other companies who’ve revved up their encryption are enabling criminals – as if encryption’s only purpose is to let the bad guys go free.
Would the FBI and others cry out that the US justice system is enabling criminals by providing them with legal counsel and a chance to defend themselves, and that we should dial back to when Miranda rights and other protections weren’t in place?
(Interestingly enough, answering “yes” would explain a lot.)
The DA’s position, and his proposed solution, is easy and natural to sympathize with. But in the end, it still doesn’t address some of the major problems regarding encryption that’s been weakened on purpose. And, it doesn’t address at all an argument that Apple made earlier in the year: that they’re effectively being hijacked to become an extension of the justice system.
Seeing how Apple made this a central position in their defense against the FBI’s lawsuit on the decryption of the San Bernardino shooter’s iPhone, it seems more than a little odd that the DA hasn’t taken it into account for his speech at the conference.
Related Articles and Sites: