349 comments

[ 5.4 ms ] story [ 308 ms ] thread
(comment deleted)
(comment deleted)
>Apple and Google know that they will be losing customers, more and more

Until they actually do lose some customers this silly meme should die. Where are these customers allegedly going, back to dumb phones?

(comment deleted)
No, I have not noticed that. What's their market share?
I've noticed the increase in availability for secure phones (as in, there were zero before and now there is one), but even working in information security, I've never heard of anyone outside of Ars Technica or the like actually buying one, let alone using it. I wouldn't really call that a sharp increase in popularity except, of course, the sharp increase of going from zero to one.
Most drug dealers or johns I see just buy a prepaid phone from Walgreens, i.e. a booty phone. Tracfone doesn't verify whatever you activate with, you can just make up whatever name/address.
That's not really a secure phone or black phone, that's just a prepaid phone. Nothing inherently secure about it other than it's difficult to trace. The parent was talking about purposefully secured phones with encrypted phone call and messaging, etc.
Maybe not lose customers now, but have customers that censure their own communication over public channels, and generally see these channels as insecure and potentially dangerous. Over years, that makes GMail and GDrive less valuable and their competition more attractive.
What a terrible article. Excerpt:

They have created a system that is a free-for-all for criminals

So we should give up all rights to privacy to help catch criminals?

What concerns me about this is companies marketing something expressly to allow people to place themselves beyond the law

Maybe that says more about your laws than the desire for privacy?

My sympathies for the FBI's concern about people being "beyond the law" is lessened a great deal given the past decade of revelations of illegal actions at FBI forensic centers, and the complete lack of prosecutions, not to mention the NSA spying, etc. Even the TSA is in violation of the law (fourth amendment protects against search without warrant, USC 18-242 makes violating that a federal crime, and a felony if done while armed.)

I'd like to see the government stop being "beyond the law".

Okay the TSA argument is brought up all the time, and the overall consensus as that you are voluntarily giving up your fourth amendment rights by consenting to the search.
Which is nonsense. I don't voluntarily and implicitly give up constitutional rights just because I chose a particular mode of transportation. Even if there was some sort of magic implication, surely I could cancel this out by loudly declaring "I decline to forfeit my Fourth Amendment rights and I do not consent to a search".
Including quotes detailing a position you disagree with doesn't make an article terrible.
And they're not even the words of the author, they're a law professor and FBI Director. Necessary opinions from experts and subjects of the story. It would be a terrible article if they were absent.
> What a terrible article

Those are quotes from interview subjects, not editorialization. If the subject's opinion is horrible, you want that to show through in the article.

The interesting thing is that they're quotes from an NYU law professor who was the "top lawyer" for the FBI from 2011 to 2013. I do wish the reporter had asked him what responsibility he felt for so abusing the public trust that corporate America (of all possible parties!) felt they needed to respond in a way that could seriously raise the hackles of the federal government.

When people abuse the trust put in them, they deserve to lose that trust.

What's next?! Requiring warrants to search criminals' homes? Giving criminals jury trials? Banning cruel and unusual punishment of criminals?
Criminals shouldn't be able to use our freedoms against us. Accused criminals use our system of justice and freedom as shield that only weakens America further.
This is a bit like protesting door locks because they make it harder to pop in and look around.
I don't support what the government is trying to do here, but minimizing this issue like this is not doing us any favors.

The issue isn't that law enforcement can no longer "look around" your phone. The issue is that they can no longer get a warrant and use what is on your phone as evidence in an investigation or court case without the phone owner's cooperation. Basically your phone goes from being personal property that can be used against you as evidence to an extension of your mind that is now subject to 5th amendment protection. That is a big shift.

In terms of your originally analogy, encryption isn't a simple door lock, it is a magical warrant proof lock. I certainly understand why law enforcement wouldn't be happy about this.

There have always been tools and procedures for destroying documents to prevent unwanted access.

What's very very bad about this, in addition to the direct effects on people's privacy, is that it creates a class system of people who are allowed access to strong encryption while the cattle being farmed on this plantation are not.

What's very very bad about this, in addition to the direct effects on people's privacy, is that it creates a class system of people who are allowed access to strong encryption while the cattle being farmed on this plantation are not.

What do you mean?

This restricts access to strong encryption by a broad range of ordinary people. It's discriminatory. It creates a class system. Shepherds and mutton-eaters vs. the sheep. "Privacy for the rich/powerful/savvy, but not for you."
Yes, I understood that. What I didn't understand is what you meant by "this". Do you mean, the move by Apple and Google? Or the FBI? And in any case, how so?
Yes, but everything on your phone came from someplace where a warrant will produce evidence.
> Basically your phone goes from being personal property that can be used against you as evidence to an extension of your mind that is now subject to 5th amendment protection.

Actually, it does not go that far. The 5th Amendment protects people from being forced to inciminate themselves. Otherwise, a person could be charged with contempt of court, obstruction of justice, or similar crimes. Someone who refuses to decrypt their data when subject to a warrant will face that penalty, just like someone who refuses to answer a subpeona or destroys documents relevant to a counrt case.

We should ban the ownership of non-trivial safes for the same reason then. We should also prevent people from writing things in non-approved languages, in case in makes the understanding of things more difficult when a warrant is served.

Hell, if I just hide my information in a stack of a million other paper files, that would be enough to thwart all but the most determined investigator from accessing it without my cooperation.

A long time ago I worked in a guarded military vault with lots of safes - I've never seen one that would take more than an hour or two to break into. The idea is to slow an attacker down long enough that they can be detected and security can get on the scene to deal with them.

None of your examples would prevent an investigator from finding evidence, only delay them. Strong encryption enabled by default could slow down an investigation to the point where it would go on past the heat death of the universe.

Whether or not giving up a password or unlock code is protected by the 5th amendment is itself a gray area that the courts are still sorting out.

I would prefer to have the password NOT be protected by the 5th amendment and have strong encryption on phones than not have strong encryption on phones. That seems like the only way to prevent casual warrantless rummaging.

They can get a warrant, and they can use anything they find as evidence.

Encryption might make it hard for them to find much of use, but that's not our problem. A really sturdy safe will make it difficult to execute a warrant too, but that's not an argument for deliberately compromising the integrity of safes.

I can, of course, understand why law enforcement wouldn't be happy about this. They shouldn't be happy about this. But the rest of us should be perfectly happy to tell them to pound sand.

As I've pointed out in another comment on the thread, I've never come across a safe that couldn't be drilled in a few hours, and that's without any government intervention to compromise their integrity. Strong encryption is an entirely different beast.
How about encasing something in 20ft of reinforced concrete and then sinking it to the bottom of the ocean?

Strong encryption may be tougher to break but I disagree that it's entirely different. It's merely a quantitative difference. It's a standard principle that the police can break into whatever they can if they have a warrant, but they can't force you to make things easy for them ahead of time.

You can keep coming up with analogies that are increasingly more difficult for the cops to get into, but ultimately it's just an exercise in sophistry. Only when people begin commonly storing their belongings inside 20ft of reinforced concrete at the bottom of the ocean will it become analogous to seeking a warrant to gain access to their phone.
Even so, there's nothing that says we have to make it easy, or even possible, for police to execute a warrant against us.
Law enforcement (and the powers it necessarily must be granted) is intended to be harder. That's the whole point of the various requirements and procedures that make up "due process". Yes, we could catch more criminals a lot faster if we relaxed those requirements, but history shows that always increases the error rate.

If the situation has changed and there are legitimate law enforcement needs that simply didn't exist in the past, then they should request a change to the social contract through legitimate channels and propose the necessary amendment to the constitution. Law enforcement's failure to even try going through proper channels speaks loudly to how little they actually respect the law.

> Law enforcement's failure to even try going through proper channels speaks loudly to how little they actually respect the law.

Why do you say they aren't going through the proper channels? Law enforcement officials have just as much right to make their viewpoints heard through the press as you and I have. If they feel the need to seek new legislation, they would need to make the argument in advance in order to gain support any bills being proposed. Unless the Supreme Court thinks otherwise, I doubt a constitutional amendment would be necessary, but that depends largely on what was being proposed. I haven't seen any evidence that any law enforcement official is disrespecting any law with regards to this issue.

Parallel construction is one huge disrespect for the law; it hides the real accusation and necessarily requires hiding evidence from the defendant. It is a blatant attempt to bypass the "fruit of the poisonous tree" doctrine and the 4th amendment. There are probably other legal problems too, depending on the specifics of the case.

I'm not really suggesting that an amendment is (or should be) necessary, because the surveillance that is going on (and being passed down[1] from the NSA to the FBI, DEA, and local departments). These activities should not be necessary at all for law enforcement, as the warrant system is easily sufficient to allow any necessary searches. Even if a specific device such as cell phone is inaccessible (despite having a valid warrant), that doesn't stop any policeman from conducting traditional (in person) surveillance or upstream wiretaps.

Yet police insist they need far broader access and we have numerous examples of the 4th Amendment warrant requirements being ignored[2]. IFF their claims have merit, the proper way to get exceptions to needing warrants would be an amendment, which has not been suggested. There could be some edge cases where "merely" a circuit court or SCOTUS ruling could "find" additional powers for police, but it doesn't matter - I don't see the the various TLAs trying to setup a test case on this matter, either. Instead we see many cases where law enforcement (and/or people in Obama's administration) have tried to prevent lawsuits from going forward.

[1] [pdf] https://s3.amazonaws.com/s3.documentcloud.org/documents/1011... Some of the training slides and request forms. Especially interesting is how often they repeat the need to keep the practice secret, including having a 24-hour hotline local police can use to get advice on how to hide the source even if they have to immediately give testimony in court. I believe (and a friend of mine who is a lawyer agrees) that these repeated statements like "To use it, we must protect it, or lose it." easily counts as mens rea.

[2] Riley v. California being a notable exception, though I know at least two friends that had their phones searched (in their presence) just a couple weeks ago in Oakland, CA; some departments haven't gotten the message yet, unfortunately.

Two points with regards to that: 1) Parallel construction has nothing to do with the iPhone encryption issue. 2) People tend to overlook a few key points from the original Reuters article[1] that introduced the concept of parallel construction:

(emphasis mine)

"...Today, the SOD offers at least three services to federal, state and local law enforcement agents: coordinating international investigations such as the Bout case; distributing tips from overseas NSA intercepts, informants, foreign law enforcement partners and domestic wiretaps; and circulating tips from a massive database known as DICE. ...

...Wiretap tips forwarded by the SOD usually come from foreign governments, U.S. intelligence agencies or court-authorized domestic phone recordings. Because warrantless eavesdropping on Americans is illegal, tips from intelligence agencies are generally not forwarded to the SOD until a caller's citizenship can be verified, according to one senior law enforcement official and one former U.S. military intelligence analyst."

[1] http://www.reuters.com/article/2013/08/05/us-dea-sod-idUSBRE....

Nonsense - parallel construction (and any other widespread use of the capabilities the NSA/etc is providing to other "their customers" (DEA/FBI/various-local-PD)) is likely the primary reason for this attack on Apple and encryption on the iPhone. The data covered by that kind of encryption would likely be of very limited use for national security; the NSA gets most of the data at the backbone switches anyway, and encryption doesn't do anything to prevent relationship mapping from logs of routing metadata. Also, any kind of targeted investigation could simply bypass encryption by installing custom firmware. Several of the tools in the TAO catalog were based on that style of attack.

What would be lost with local iPhone encryption keys is the ability to gather large amounts of data by strong-arming Apple (Prism, possibly). Note that most of the people freaking out over Apple's changes are not NSA. It is law enforcement who is fearing losing their access; the same law enforcement that would be using parallel construction to actually use the data that logically they didn't have a warrant to search and seize. (if they did have a warrant, they can bypass the encryption with various other ways, which apparently includes compelling passwords)

As for the Reuters article, I linked to a specific document that was a follow-up to that Reuters article, which had very little to do with foreign governments, and a lot to do with protecting access to the surveillance infrastructure. If you want the TL;DR version (understandable; it's 300 pages of slides and forms), [1] is a decent overview though it lacks some of the relevant details.

[1] https://www.techdirt.com/articles/20140203/11143926078/paral...

This issue has absolutely nothing to do with the NSA. As you point out yourself, this applies only to data stored locally on the phone. When was the last time the NSA had physical access to your phone?

Your argument seems to be that law enforcement wants to keep the phones unencrypted so that they can seize them with a warrant, hand them over to the NSA, and then the NSA can hand the data back to the police using "parallel construction" in order for the police to hide where the data came from (i.e.: acquired lawfully by the police with a warrant)

> Law enforcement's failure to even try going through proper channels speaks loudly to how little they actually respect the law.

Why do you say they aren't going through the proper channels? Law enforcement officials have just as much right to make their viewpoints heard through the press as you and I have. If they feel the need to seek new legislation, they would need to make the argument in advance in order to gain support any bills being proposed. Unless the Supreme Court thinks otherwise, I doubt a constitutional amendment would be necessary, but that depends largely on what was being proposed. I haven't seen any evidence that any law enforcement official is disrespecting any law with regards to this issue.

(comment deleted)
"Basically your phone goes from being personal property that can be used against you as evidence to an extension of your mind"

Yes, and...? That sounds about right. An implanted device wired directly to your brain seems like the ultimate conclusion to this age of "wearables" we're just now entering.

They can just break down a door, though. They can't break proper encryption with a good passphrase.

Not that many people will choose a good passphrase...

The sections of government that care about searching people's property already have a plethora of ways to get around the supposed protections.
Google and Apple's marketing teams must be relishing this. I'm guessing it's very dangerous in their departments right now with the champagne corks flying everywhere.
I doubt that. I'm sure they anticipated this response, but I think you greatly underestimate how many people subscribe to the "nothing to hide" theory of privacy and/or are genuinely worried this might aid pedophiles or terrorists.
I can't see how you'll see a backlash against the companies on the move, if only because there's no real competition and no value in being "the phone the authorities can easily monitor"

The worst case scenario is that they get large amounts of press (not all positive), fight for the rights of their users to have private data, and lose to a government they never expected to defeat. That's still a win.

(comment deleted)
There is value in not being the pedo/terror phone. That's one of the traditional attacks on information privacy.
Well, until the law gets changed and they have to allow government access to the smartphones.

I've giving it better than 70% odds legislation is passed within 4 years that ensures just that.

They are going straight into "think of the children mode"

" Smartphone communication is “going to be the preferred method of the pedophile and the criminal. We are going to lose a lot of investigative opportunities."

Apparently "what about the terrorists?" isn't as effective anymore. Let's hope the public will see through their manipulative talking points.

Yeah, I let out an audible WTF when I read that. I wish this argument would stop.
Oh, it gets better.

"The notion that someone would market a closet that could never be opened – even if it involves a case involving a child kidnapper and a court order – to me does not make any sense."

Seriously. Perhaps one would call this sort of exotic and nefarious contraption a "safe"?
Well we all know that law enforcement gets a copy of every safe key made. you know just in case
I don't understand this argument. Wouldn't law enforcement still be allowed to access phone records unecrypted if they have an actual suspect and court order?
Yes but they want the data on the mobile device. For example, I use textsecure when texting my friends. Its encrypted locally and over the wire so the records would only help them show who not what I was talking about.
Probably harder and takes longer than searching through a confiscated phone from a suspect.
Bingo! You can, as far as I know, confiscate and search a suspect just based on probable cause, whereas you'd need to have at least a subpoena if not a warrant to get wiretap authorization or phone records.
A recent Supreme Court ruling[0] makes it unlawful for authorities to search confiscated cell phones without a warrant. They could, theoretically, confiscate your phone based on probable cause, but searching it would be a different matter.

[0] http://www.supremecourt.gov/opinions/13pdf/13-132_8l9c.pdf

Oh, excellent! At least that prevents overt searches.
With end-to-end encryption where the messages are encrypted and decrypted on the client it would not be possible for anyone with access to phone records or central servers to read what was said. They would need to obtain the private keys that are generated on the client devices themselves.
But they'd still be able to do that given a warrant? Or is this unwarrantable protection, for lack of a better word?
Nope. They could use a warrant to compel the sender or the recipient of the messages to unlock them or face jail time. But Apple doesn't have the keys.
wouldn't the 5th amendment protect against that?
er - possibly, I'm not a lawyer. I read it somewhere on the internet and it sounded credible at the time.
I think the most important thing here is that law enforcement must approach the individual. What happens next may end up a complicate web of legal acrobatics, but the individual at least knows the law is after them. That's a good thing, IMHO. If your privacy is being violated by police forcing you to open your phone to them... at least you know the "when", "how" and "what" info they're getting. I'm also pretty sure you'd at least have a strong suspicion on the "why" it's happening to you as well - fair or otherwise.
Assuming they can get the client device(s) before they are destroyed.
"With end-to-end encryption where the messages are encrypted and decrypted on the client it would not be possible for anyone with access to phone records or central servers to read what was said. They would need to obtain the private keys that are generated on the client devices themselves."

Would that it were.

You are using the application processor (the "computer") to do that work, but there are two other computers inside your phone - the baseband processor and the SIM card.[1] Your carrier has access (OTA updates, etc.) to the baseband processor and can load new code/functions on it without your knowledge at any time. Depending on the SOC your phone is based on, the baseband processor can have DMA access to your application processor. What that means is, the baseband processor (which you have no control over whatsoever) can read your RAM directly.

Your cryptosystem that you describe probably works quite well on a desktop or laptop computer, but your carrier completely and totally owns your phone and everything on it.

... and we haven't even gotten to what they can do with the SIM card ...

[1] Yes, the SIM card is a computer with its own processor, RAM and programs running on it right this moment.

It seems like what we need to do is separate the damn things. Build the phone as two independent machines that only communicate with each other over ethernet. Then the user controls the one that runs Android and the other one never sees plaintext.
Don't expect to see that architecture on the floor of a retailer near you anytime soon. Maybe in the EU??? NOT in the US.
I'm surprised they even admit it's mostly used in the war on drugs. As if we want the US government to help [1] the Sinaloa cartel dominate even more - sorry, I meant to "win the war on drugs" (ha ha!).

[1] - http://www.businessinsider.com.au/the-us-government-and-the-...

Hmm. Kind of like the reverse of the bit in Charles Stross' "Merchant Princes" novel series where the trans-dimensional smugglers donate to the Partnership for a Drug-Free America to help keep drugs illegal and the price up.

Except your example is real, just like back in the 80s when the govt (CIA?) helped smuggle in cocaine.

Hmm sounds to me like they are trying to convince people to use their phones for illegal doings.

Also, all of the comments in this thread (not this one specifically) make me wish HN threads root comments defaulted to collapsed so people might avoid duplicate root comments. Maybe...

(comment deleted)
That's an interesting idea. It's not often that people in law enforcement or military intelligence will come out publicly and say "if such-and-such adversary were to use this widely-available technology we'd be stymied!"
Possibly reminiscent of the Freakonomics suggestion for terrorists to buy life insurance from their bank.
Quote from Cathy Lanier, the police chief whose ridiculous uniform resembles that of a four star general.

fwiw my friend's dad was our chief of police for years, and he only ever wore a shirt and tie.

For what it's worth -- and here I have to wonder how much it's worth to criticize someone's point of view based on a photograph of them -- that's a dress uniform.

http://en.wikipedia.org/wiki/Dress_uniform

Dress uniform for police? That's not quite as bad as the paramilitary BDUs, but, really?
Police do have official events to attend. In my state capital there is a yearly event to honor fallen officers where representatives from every police force in the state show up in their dress uniforms for a mass memorial service.
They could wear suits. That might remind them they are of the people, and their first priority is to serve the people. They might also consider attending the memorial service for Mike Brown. In suits.
They'd have to only attend if off-duty then wouldn't they? One point of police uniform is to identify a person as being a warranted police officer on duty (then there's the appearance of officialdom and the sense of inferiority it breeds in others, the camaraderie, ...). You'd probably need to change the law if you want to allow regular warranted officers to be on duty in civilian clothing, jurisdiction dependent of course.

I don't really understand why you don't want to be able to identify your police officers though - even the UPS drivers wear uniform.

Thank you for making this point. The very last thing we need is to have police disguise themselves as regular folks. It creates a number of dangerous conditions for both the police and the public.

"Who is this random person yelling and waving a gun?" Should I pull over for this random person with flashing lights in their grille?"

It's already bad enough having some traffic enforcement types in unmarked cars or in cars with "ghost" decals.

OTOH, her uniform is very "Aladeen" and while fussing about her uniform is a mostly trivial distraction, having a uniform that is a bit less "Aladeen" would probably short-circuit such criticism. If there weren't more important problems with this person, I would fully support mocking her ridiculous uniform.

The ones who work at NSA/CIA wear shorts and suits. I don't think they are reminded of who they are and what their priorities are, by it.
Sometimes a photo tells you all you need to know about a person: e.g., http://i.imgur.com/4CIFpFe.jpg . Modern American law enforcement: a gang of wannabe tinpot dictators with weapons they have no business with, and that they probably have no idea how to use.

Finger off the trigger, Sheriff.

"Instead of criticizing one person based on a picture, I criticize thousands of people based on a picture! That'll show him!"
Yeah, stereotypically speaking, it's the 90% of bad cops that give the 10% a bad name. Funny, though, the "good" 10% don't seem to have a problem with that.
I understand where you're coming from. I have an uncle that feels the exact same way about black people and Muslims. Wait, what?
To the extent police work is someone's religion, I'd submit that these are exactly the police I'm talking about.
So you're a bigot against Police _and_ Muslims.

Got it. At least you're consistent.

Yes, my simplistic worldview often gets me into trouble. But this will come as no surprise to you, I'm sure.
The ratios are nothing like 90 bad:10 good. That kind of hyperbole is uninformed at best, and disingenuous at worst.
Not only is his finger on the trigger but the weapon is cocked.
Don't worry dude it's probably not loaded.

cue cries of "every gun is always loaded"

I don't know why you're getting down voted, maybe people don't know the first rule of gun safety: Always treat the firearm as if it is loaded. (which on the internet is "the gun is always loaded" shorthand.)
That's an M1911. They're designed to be carried in condition one, which means that the hammer is cocked and the manual safety is engaged, otherwise known as "cocked and locked."

His trigger discipline is still inexcusable.

And a law enforcement "professional" shouldn't be carrying a gun that is "cocked and locked" SA firearms are not safe for everyone involved.
You do realize that's Joe Arapio, right? He's the poster child for law enforcement that's so egregiously overreaching it's become self-parody.

Of course he's holding a cocked firearm with his finger on the trigger. He pretty much doesn't have any other state.

I agree that her uniform is largely irrelevant to the discussion. She also likely has no choice in it.

I'm trigger happy pointing out police militarization, which manifests in overt ("tanks") and subtle ways (military dress).

Perhaps it's a stretch, but I believe that militarization doesn't ease the tendency of the police to desire and acquire powers they shouldn't have.

They talk about a balancing act and a criminal underworld free for all but I haven't seen too many complaints from the FBI about the millions of Americans whose constitutional rights are infringed upon every day during the NSA's total government free for all (as well as the wide variety of stories pertaining to other agencies and local law enforcement which are abusing various forms of intelligence gathering).
They are going straight into "think of the children mode" ... apparently "what about the terrorists?" isn't as effective anymore.

"They" in this case is the chief of a metro police department, whose forensic and surveillance resources are more often spent on pedophiles and drug dealers than terrorism. What else would they say?

If the article's authors wanted a "what about the terrorists?" quote they would have gone to a counter-terrorism official, just like they rang someone at the DEA for a "but drug organizations!" quote.

You're reading a paint-by-numbers article about government impotence and corporate supremacy like it's finely crafted pro-government propaganda.

Let's hope the public will see through their manipulative talking points.

You (and most HN commenters) didn't. Why should they? e.g.:

a) "Beyond lobbying the companies, there is little law enforcement can do without congressional action."

b) "A half-dozen police and federal officials interviewed said that Apple, in particular, was taking an aggressive posture on the issue."

When you take away the outrage-kindling, the gist of the article is that the stodgy old Washington government is incompetent and hip California tech companies are glorious. Not exactly a controversial opinion among the commentariat.

> "They" in this case is the chief of a metro police department, whose forensic and surveillance resources are more often spent on pedophiles and drug dealers than terrorism. What else would they say?

You're saying "pedophiles and drug dealers" as if it wasn't 99% drug dealers.

(comment deleted)
If anything I'm more prone to believe this is disinformation meant to allay our fears and draw us into a false sense of security when using our smartphones. xnull's comment nailed it: https://news.ycombinator.com/item?id=8390150
Is there any evidence that smartphone purchasing or use has dropped significantly as a symptom of widespread fear of government spying and overreach?

From what I can tell, the only thing most Americans are concerned about at the moment is whether the iPhone will bend if you keep it in your pocket for too long. Disinformation is a plausible strategy, but most Americans simply do not, and have never, cared (and a significant portion of those who do, think it's perfectly justifiable and would tell you Edward Snowden needs to swing from a rope, once you reminded them of who he is.) Would it even be necessary?

The average consumer isn't who they are trying to convince, it's the security conscious who take measures to protect their privacy. They are the people who need to be tricked into thinking the iphone's passkey is bulletproof.
Law Enforcement (aka FBI / DEA) battles pedophiles and drug dealers. These guys typically make the "think of the children" arguments.

Defense (Army / CIA / NSA) battles terrorists.

Keep an eye on the names of the agencies involved. This is an FBI / Law Enforcement story, so the excuses are going to be different than the NSA-case a few months ago.

Remember how iOS 6 stopped all child pornography? What a great operating system.
I am actually encouraged by this. I feel like 8-10 years ago they would have never even bothered complaining to the press--just swooped in with some invisible court order and forced tech companies to do their bidding, with (of course) no ability to publicly disclose any of it.
Outside of having a plethora of security experts audit and certify these services I'd say this is about as close as you can get to a ringing endorsement. The only way it gets better is if other governments follow up with the same complaints.

Ultimately I'm pleased that this kind of thing even makes the news. Ideally government becomes almost totally transparent and private matters become nearly opaque (there will always be the investigative aspect of law enforcement). Any reasonably sharp person can now see that the exact opposite is happening. Governments are demanding an ever increasing amount of secrecy while simultaneously requiring that the public give up all hope of privacy. Just to have had this idea escape the realm of conspiracy theory seems like a miracle to me.

> I'd say this about as close as you can get to a ringing endorsement

Or they just want criminals to think that all they have to do is buy an Apple or Google phone, and they can't be caught.

> Or they just want criminals to think that all they have to do is buy an Apple or Google phone, and they can't be caught.

There is a greater incentive to let Apple or Google do that kind of marketing and quietly exploit the vulnerabilities (ie, what's been happening with the NSA for some time now). If it had the appearance of working but actually didn't you wouldn't hear a peep from any government.

The smartest thing for the govt is to complain but do nothing.
Unless they need to rebuild the reputations of companies that got hurt by the disclosure of their prior partnerships (ahem, which notably included Apple and Google).
After considering this and other comments saying the same I would tend to agree. There could certainly be a PR angle to the whole thing.
Bingo! This is a stunt to make people who do bad think they're going to be safe. It is all just a clever act. For those who believe this and do bad and get caught, ha!
Exactly. There's no real reason to believe they aren't forcing apple/google to say this while also forcing them to use a flawed encryption algorithm like the eliptic key method with a skeleton key vulnerability.
That might make sense if you believe their primary motive is to catch criminals.
Government has forced the issue before. I think BlackBerry, for example, had to allow Middle East governments access to their secure messages previously.
The difference now is that there can be dozens of different secure communication apps that the user can install. Potentially run on servers outside of the particular agency's jurisdiction.

This is a much more difficult situation for the agencies than when RIM/Blackberry ran all the messaging through their own service.

If the government were happy with their level of access, they wouldn't stop pushing for more because a) it reveals their hand and b) it weakens their position to acquire more power.
James Soiles, a deputy chief of operations at the Drug Enforcement Administration, said the stakes in resolving the dispute are high.

Stakes for who? For LEA of course they are, they make the job much harder.

Maybe this will help end the drug war and some of the other silly things we do.

We could eliminate this guy's concerns by just shutting down the DEA altogether. End of problem.
I have full disk encryption enabled on my Mac since Lion. Why is it such a big deal that I have it on my phone too? Or am I missing something and the keys to my computer storage are leaked to Apple somehow?
By default it is backed up to iCloud through your keychain...

This is why I enabled encryption with the fdesetup command manually so the GUI can't "have a bug" that backs it up to iCloud/keychain anyway.

https://developer.apple.com/library/mac/documentation/Darwin...

edit: you want to ensure you don't use the -keychain option, and then you want to write down the recovery key it prints out and store that somewhere safe.

"Well I ain't passed the bar but I know a little bit, enough that you won't illegally search my shit!" -Jay Z
This seems like one of the most obvious media presses I've ever seen. I can't decide whether it's good to see the press that security is getting, and have the same terrible LE quotes show up, or bad that there is such widespread dissemination that LE is unhappy about this and hey if you're a good citizen you will buy a phone we can more easily unlock.

Here are the same or similar articles:

-WSJ 8[1] and 5[2] days ago

-Washington Post 5 Days ago[3]

-NYTimes 4 days ago[4]

-TIME 3 Days ago[5]

-Fortune 3 days ago [6]

[1] http://online.wsj.com/articles/new-level-of-smartphone-encry...

[2] http://online.wsj.com/articles/fbi-director-raises-concerns-...

[3] http://www.washingtonpost.com/politics/fbi-chief-new-phone-e...

[4] http://www.nytimes.com/2014/09/27/technology/iphone-locks-ou...

[5] http://time.com/3437222/iphone-data-encryption/

[6] http://fortune.com/2014/09/27/apple-and-the-fbi-re-enact-the...

Whether or not its a coordinated media blitz or just journalists piggybacking on each other for content I don't know. That it is coming out at the same time new iPhones could go either way.

Things that people are completely missing about this story: -Big difference between domestic & local law enforcement and NSA/DoD/CIA. Nothing prevents backdooring of a phone or someone spying as the user enters their simple password. Local law enforcement doesn't have these resources and has gotten used to access to all kinds of evidence that never existed. What Apple may or may not have done just pushes the cost up.

-I think Apple is very scared about being locked out of the Chinese market right now. The new iPhones have not been approved yet last I heard. This is a big fucking deal that would wipe out a huge chunk of Apple's market cap. They are not going to budge because some local law enforcement officers claim only child molesters use iPhones.

-Google is in a similar boat except they are already locked out of China, likely will get locked out of Russia soon. They would like to be able to still make money in Brazil and the EU.

-I think it is a good trend for the pushback from tech companies. There is no good answer for international legal compliance for user records. Records should be accessible once an account has been compromised locally, not because any judge in any country on earth can search all of your user data on any user in any other country. Between Dropbox, Dropcam & all of these other cloud services, right now a user has no idea who has access to all of their data all of the time. Time travel back two decades, no one is stealing all of your data over a dial up modem. Nor is a device recording every square foot of where you are at every moment. The tools law enforcement have access to right now are godlike

Stories need to be in the queue longer than the rate these were published by different news desks. This is obviously a PR push by skilled people placing stories. That is PR, public relations, press relations, people have a full time jobs getting stories placed.

I'd really like to see the government NOT be able to hire PR firms. This is propaganda.

"Law enforcement officials emphasized that they get court orders, and that they aren’t seeking to randomly root through phones."

Right. Rooting through phones without a court order is the NSA's job. That makes me feel better.

Again, I find the narrative interesting. It would be more compelling if the government had shown that it could be trusted with the ability to snoop, too bad they screwed that up.
> Their requests to the companies may include letters, personal appeals or congressional legislation, said a federal law official who requested anonymity to discuss the sensitive issue.

I love that, in an article arguing against secure privacy, the official requested anonymity.

This happens so frequently that I've become numb to it, but now that you point it out it's still ironic.
The Chicago Chief of Police genuinely said this:

>"Apple will become the phone of choice for the pedophile. The average pedophile at this point is probably thinking, I’ve got to get an Apple phone."

Well, if I was trying to break the law then, yeah, I would absolutely go an get an Apple phone if I didn't already have one.
I'd also buy a Toyota or a Honda car, since it's less likely to break down while fleeing the police. Clearly, reliable automobiles are part of a pro-crime agenda.
i hear they are going to ban air soon because pedophiles can use it prey on children.
So is that why the federal government poured our money into GM and Chrysler?

Oftentimes those with an anti-firearms agenda point out that Glocks are preferred among mass murderers. Glock is to guns as Toyota is to cars; reasonably priced and notoriously reliable.

There's so much stupidity in the gun debate on all sides. It's rare to see a cogent argument anywhere.

The basic idea applies to any dual-use technology, of course: criminals will prefer the better items for the same reason law-abiding citizens prefer the better items. Thus, "criminals prefer X" is not, by itself, any reasonable argument against X in a dual-use technology.

(comment deleted)
I think your analogy is unfair. A standard car does make it harder but isn't being specifically modifed to make the action of police/TLA more difficult. A more appropriate analogy would probably be an armoured car or military humvee, possibly a tank. Should the public be allowed to buy a tank? It has got other uses than evading police but it makes the police's job much harder as they need to up their technology (bazookas and their own tanks) in order to handle criminal use of the tech in question.

Just to be clear I'm not commenting at all here on the question of limiting availability of crypto-lockers to the public.

I think it's fair. These measures protect against all unwanted intrusion, whether criminal or government.
These PC/Mac attack ads have gone too far!
"Beyond lobbying the companies, there is little law enforcement can do without congressional action. " Wait, what? Even with the privacy Apple and Google are offering there are huge amounts of ways to access data useful to law enforcement and the law enforcement seems to have the tools to force the companies to give it.
I think the point is that these companies literally can't unlock the phones and give access to the data, since (according to them) they no longer have the keys to do so.
It shouldn't be legal for the government to request companies to do things that aren't codified in laws. No "asking" or "buying". We decide what and how the government functions. If the gov wants to do things differently, it can ask congress. Not apple or google.
So..

its revealed that the NSA is abusing our privacy, and people react accordingly, and now legitimate law enforcement efforts are being thwarted.

Don't blame the tech sector, let them blame the NSA's over-reaching charter

Exactly. The world has had some time to react to last year's revelations, and this is just getting started!
Nobody's law enforcement efforts are being thwarted. They just want to convince demographic A that their devices are unhackable and completely NSA-proof, and convince demographic B that anyone who values their civil liberties is a terrorist pedophile that hates freedom.

These companies are documented data providers for the NSA.

I don't think they care so much about preventing encryption --after all, you can already encrypt your iPhone or Android device, if you really want to.

What they're much more concerned about, IMO, is that this could now be the _default_. No longer would there be a presumption that someone has "something to hide" if they're encrypted when everyone else is, too.

So this does actually pose an interesting conundrum, I think.

Setting aside the specifics of this matter, I think that most people would accept that in some circumstances, covert surveillance of suspected criminals is an acceptable law enforcement tool. Of course, it must be subject to suitable (not rubber-stamped) judicial approval, rigorous guidelines, limitations etc.

From that perspective, secure and encrypted communication channels that are now becoming more generally available and usable by the public reduce the ability of law enforcement to gather evidence using traditional surveillance tools. It's no wonder that they would react negatively to them, even assuming there were no malicious intentions.

I wonder what the balance will be? Does law enforcement have to simply accept that surveillance of this sort will no longer be possible? I can't see any logical way of simultaneously retaining useful control and allowing regulated legal access to communications.

Getting access to your personal life recorder, which is what smartphones are, is not a "traditional surveillance tool" as you call it. It's a new surveillance tool that has shown up over the last 7 years. Before cops had access to every single thing you do via the smartphone, civilization did not collapse.
You're making a thoughtful point here (though one that I happen to strongly disagree with), so I'm not sure why the downvotes.

But anyway, it's worth noting that the publicly switched telephone network, email, SMS, etc. are all wholly compromised and will remain so for the foreseeable future. The reduction in law enforcement snooping ability being contemplated here is tiny by comparison, and they're making an incredible amount of noise about it.

If you support this sort of system, you are saying that individuals should be able to place themselves above democracy. Like it or not, we have a legal system that entitles the government to execute lawfully obtained warrants. Tech companies seeking to make this harder are acting against democracy.

It's time for Silicon Valley to decide what side it's on: Democracy, or the alternative.

Our democratic system has enacted laws that say encryption is legal. Why do you think following the law is somehow "acting against democracy" here?
It's in the intent. I don't think anyone is denying that Apple and Google are doing this to make it harder for police to search through user files. They could have implemented this at any point since the inception of AES, and are doing it now because of the backlash against PRISM. They want to demonstrate to users that they care more about them as individuals than they do about their role in a democratic society.

Notice also that your comment, and others respondents to me in this thread, are not disputing my actual point, i.e., that bundling crypto features in products is meant to put individuals above the reach of the democratic legal system.

>Like it or not, we have a legal system that entitles the government to execute lawfully obtained warrants.

The same legal system also says using encryption is perfectly legal.

Some people would say they are putting themselves above oligarchy.
But they're wrong. The United States is, whether you like it or not, a democracy. Voters can be influenced, but they still decide the outcome. Everything backends to them.

If you disagree with that, there are legal avenues. This is an example of an extralegal avenue of political change.

Gilens and Page think they have shown that's only true for trivial matters: http://talkingpointsmemo.com/dc/princeton-scholar-demise-of-...

People vote all the time in all kinds of undemocratic systems.

Are you seriously saying strong encryption is, or should be illegal?

The interview you link to points out numerous problems with that study, but beyond that, the very existence and success of activist groups disproves that premise. If the United States was truly an oligarchy, gay marriage or marijuana legalization would never have happened.

Lawrence Lessig is making serious progress with his Rootstrikers group, and the fact that he's doing so proves that ordinary citizens do have political influence. Battles aren't won overnight, but

>Are you seriously saying strong encryption is, or should be illegal?

Do you think I'm saying this? If so, where?

Or are you asking leading questions in order to put words in my mouth? In which case, are you seriously saying that democracy is an idea we should totally abandon in order to embrace the rule of whoever-can-summon-the-most-technological-power?

The oligrachs have little or no money to lose on those issues.

You used the word "extralegal." What does that apply to if not the use of encryption in mobile devices?

You might as well have thrown in the term "patriotism" while you on that buzzword kick.

There is nothing in the actions of Apple or Google that will prevent search warrants from being issued. Now you'll need to go directly to the person who owns the device in question. As for what happens then is likely to depend on the country and how the courts view this, from a self-incrimination perspective.

You can never trust any "encryption" that you don't handle entirely yourself.

This seems to be some more theater, aiming to deceive the general public with regards to the "safety" of this "encryption".

Of course if you implement encryption yourself you almost certainly did it wrong and are leaking data. This assumes you even know how to "do it yourself".
I didn't mean "write your own solution", I meant:

You can only trust public key encryption and you need to create all keys yourself and you need to have 100% exclusive access to the private key.

And then, you need to pray and hope that the NSA hasn't figured out a way around it and won't too soon.

If the government had proven itself trustworthy enough to follow it's own processes for accessing information only after obtaining a warrant, I could agree with the argument. However, things escalate when one side can't trust the other. Encryption is needed.
This is my view. Law enforcement from the Feds on down have lost the trust of the American people.

They have lied to us, misrepresented what they are doing and now use the scoundrel's argument "what about the children?". The growing threat of a mass surveillance govt is real and in the long run a bigger threat to freedom than the so-called terrorist. I find the idea of a mass surveillance govt more terrifying than a few religious nuts with bombs or even hijacked planes.

They always pull the pedophile card.
First the government puts itself above the law by engaging in unconstitutional surveillance. And then they complain that some companies retaliate by tightening up the encryption? Even though they have some valid point, it's very hypocritical. I doubt this would have happened if not for the Big Brother's behavior to begin with.