There are ways to circumvent encryption on a case-by-case basis (e.g. planting a keyboard bug). However, these require targets to be picked and accessed one at a time, and leaves detectable traces. That’s OK for a government that obeys the law and conducts limited searches based on individual suspicion, but it just doesn’t work for Feds who are building naked selfie collections.
If that is happening, it is unprofessional and unacceptable and I fully support executing the employees responsible, but the acts of a handful of petty criminals hardly constitute a government that disobeys the law.
Yes, but where does that leave police? I’m not talking about the G-men, I’m talking about the detectives in every jurisdiction across the country who are busy solving murders, rapes, robberies, drug trafficking, and so on. I have a hard time believing that these police departments are going to hire computer security experts to get a warrant to use spearphishing attacks on criminal suspects to get them to click a link that implants a virus that allows a backdoor into the data held on a phone that most likely has incriminating information.
Sure, that may be an option for the FBI to go after the ten most wanted, but you think Jimmy McNulty is going to use these complex tactics against Avon Barksdale when he has problems getting a police cruiser that isn’t in maintenance?
(italics mine)I’m sure you do.
The fact that this routinely goes on completely unpunished* does constitute a government that disobeys the law.
*I’m interested in justice, not dick-measuring, so I’ll settle for a year or so of jail time and a five-figure payment to each victim
I’m not seeing the problem – simply reallocate some of the money that’s been going to put Jimmy McNulty inside an armored SUV cradling a machine gun.
Are you just misunderstanding the concept of data at rest and data in motion? The encryption we’re discussing here is the data on the phone, meaning data at rest. If you make a call using traditional mobile technology then it can still be accessed by a court order for a wiretap.
In fact, law enforcement still has access to much more information from mobile phones with encryption than they do if someone has no phone. There is still plenty of data that various parties could provide even if encryption prevented access to the physical device. Some examples of data that could still be accessed with a warrant to someone besides the phone owner would be iCloud backups, records of SMS messages, call records, GPS records, email, and lots of other information that has to travel over a network or is replicated in another location besides your phone. Apple and/or Google, among many others, host a ton of information from phones, like email, backups, photos, and more.
They would be able to do everything done in The Wire except perhaps capture the images in the SMS tests when the criminals used the clock code for meetings. Even for that, it would only be prevented by using a non-SMS messaging app that provided encryption, which is completely separate from the encryption for data at rest that we’re discussing. These apps have actually been around for a while though they’re more popular “post-Snowden” as everyone is now denoting the era.
Let’s also not forget in that instance on the fictional show you mentioned, the police were actually running an illegal wiretap.
There is no law in the US that prohibits encryption that is unbreakable. Prove me wrong.
I could imagine an encryption system that requires a rotating key that is generated at a remote location outside of the US jurisdiction. A user would be unable to produce a password and therefore should not be in contempt for not doing so.
The new tech that is in the news is only because it’s easier and more accessible.
I know this is mostly meant as a throwaway clever comment, but it also exposes your lack of understanding of the issue. One key reason why so much military equipment has ended up in the hands of local law enforcement is that it is either free or at a very low cost, either from DoD surplus or from grants issued by DOJ or DHS. So if you think that some police department paid $1 million for an MRAP and they could have used that money more wisely, you’re missing the fundamental point that they did not pay $1 million for the MRAP.
Now, I wasn’t literally talking about the precise things that Jimmy did in the TV show, but you make valid points. The main intent of my post is that using specialized methods to overcome encryption on devices by planting various tools is just simply beyond the reach of most police departments. (Steve MB got my point in the post before yours.)
You make totally fair points that quite a bit of data may be available in other ways. However, I don’t think you, me, or anyone else here is actually qualified to make broad statements about what sort of information the police need, or do not need, to make a case against a particular criminal or suspect. Sure, if someone takes a photo of their crime and it is synced to iCloud and the GPS tagging is on, that’s helpful to the police. But, what if someone knows a meager amount about technology yet knows to turn GPS tagging off and does not sync to iCloud? So that photo of the crime (or the calendar information of "Be at major drug deal at 2:30pm at the Bay City Warehouse, etc) only exists on the phone in an encrypted format? You seem to be arguing that if police couldn’t get that specific information, then they should just simply make their case elsewhere. I don’t think it’s fair to police to have probable cause, a judge’s sign-off, but no technical means to execute the warrant for potentially very valuable information (at least in this context).
It seems to me that such evidence would be extremely valuable, and quite likely beyond the reach of law enforcement due to both the encryption scheme used and the application of the Fifth Amendment (in which someone quite possibly – but not certainly – might not be compelled to give up passwords, combinations, or that sort of testimonial information).
I understand the issue just fine.
So let them get the technology to individually target suspects’ phones either free or at very low cost, either out of FBI surplus or from grants issued by the FBI. Problem solved.
Most grownups have figured out that life is unfair. If the police have probable cause and a judge’s sign-off to execute a warrant for paper documents, but they have no technical means to view the documents because the owner shredded and burned them, do we ban office equipment and matches? By your argument, yes.
Come on, there isn’t a box called “military surplus iPhone hacking mo-sheen: press red button to hack bad doodz phones.” You surely know that this type of investigation is about people doing things, and people with technical expertise like this don’t come as surplus equipment.
No, and it’s pretty fucking stupid if you believe that’s what I have said.
In these cases, the information is not destroyed. It’s perfectly secured and also totally available to someone – if they have the password. If a phone or paper record is physically destroyed, its contents are available to nobody. The question is, if electronic evidence is completely under control and at the disposal of a person under the investigation, should that information be beyond the reach of the justice system? Like I’ve said several times, this is probably increasingly inevitable, but it doesn’t serve the cause of justice well. You bias is showing in that you assume that this is all about big government spying on innocent people: the key evidence that may be beyond the reach of anyone could equally easily be exculpatory evidence that would prevent an innocent person from going to jail.
It’s always a little disappointing when threads in GD are peppered by really, really, poorly thought out arguments like the ones offered in the previous post.
Yes.
No one should be compelled to provide information that may incriminate them. That means that I can encrypt my data, and law enforcement can ask for the encryption key, or get a warrant to try and obtain it, but they can never ever get it unless I divulge it. The justice system and third party systems can not and should not be trusted with the ability to acquire information they have no business having. Some law enforcement will be thwarted. So be it.
If the justice system desires this information, they can attempt to acquire it by other means.
What if those other means were to require the providers of the electronics to provide a backdoor for lawful warrants? Then you wouldn’t be incriminating yourself, and law enforcement would be able to get the data on the child molester they’re trying to take off the streets, or whatever.
The Fifth Amendment protects you against being forced to be a witness against yourself.
It doesn’t protect you against officers searching your belongings – if they find contraband it’s not you being a witness against yourself. (The Fourth Amendment requires that such searches be conducted pursuant to a warrant or under one of the recognized exceptions to the warrant requirement.)
So the question is: is making you supply the password considered testimonial evidence against yourself?
That argument makes sense if you assume that militarization of law enforcement is a simple matter of transporting physical equipment to the Podunk Sheriff’s Office, no special knowledge or training required. That is, it makes no sense at all.
Irrelevant. The issue is that “sometimes it will be physically impossible to obtain certain information, warrant or no warrant” is a simple fact of life that must be accepted.
Since it is inevitable, arguing about it is as useless as arguing over the number of angles that can dance on a pinhead.
Maybe you should direct this complaint to the government functionaries whose behavior led people to that assumption.
That invites damage up to and including the destruction of the economy, given the fact that a built-in backdoor renders the system fundamentally insecure.
Currently there is no law or ruling that compels providers of electronics to oblige law enforcement. I would be opposed to any such requirement. The government can not be trusted not to abuse such ability.
Even if there were such a law, there would exist encryption that would be able to thwart it - and then we’re in the same situation.
The case law is recent (and thus not settled at a high level), but the answer so far is that they can’t demand the password per se, but can demand unencrypted copies of specific information pursuant to a warrant.
And that is unacceptable.
Actually, most of the critics of the DoD program are upset that police departments do not get training on the equipment that they acquire: “The 1033 Program does not require training on how, when and where to use the equipment. As a result, it becomes dangerous in the hands of someone who doesn’t know how and when to use it. It’s like giving a child a gun.”
Or…
I wonder if you have the same feeling about corporations who stash profits overseas in order to avoid U.S. taxation: “Eh, whatevs. Sometimes regular people just have to pay more in taxes because corporations are free to hide their profits where they don’t have to pay their fair share. It happens, get over it.”
I can direct the comments to as many people as I like, and I do have blame for those who have misused legitimate surveillance tools in the past; but I also believe that there are quite a few ordinary people who have gone around the bend in thinking that the boogeyman is carrying out counterterrorism investigations on them – or they might soon. This paranoia of “teh government is spying on everyone!!!” and yet, the government appears to be doing nothing with all this information it is supposedly collecting on innocent Americans – people will laugh about the FBI reading emails that have the word “bomb” in them, and yet, nothing happens to those people who write those emails.
I see what you mean: I notice that Apple has been fundamentally destroyed as a corporation over the last 7 years of selling iPhones without this type of encryption. I also notice that Google is teetering on the brink of collapse because they, too, followed judges’ orders to produce information. My god, the calamity. Does Silicon Valley look like Mad Max: Beyond Thunderdome yet? I haven’t visited since 2012.
In a slightly different case, telephone companies are obliged to assist the government in espionage and terrorism cases. And for the most part, civil libertarians seem to be cheering the USA Freedom Act, which increases the burden on industry to retain such data as may be used in those investigations.
Is that different from making you unlock the trunk of your car, or your front door, once they’ve got a warrant? Granted, for cars & such they can just break in, but does the non-break-innable aspect of this encryption require a change in law?
It’s unacceptable that sometimes the police can’t find a fingerprint? That seems like a pointless complaint.