Crossroads Blog | Institute National Security and Counterterrorism

Cybersecurity, encryption, law enforcement

US District Attorney Calls for Access to Encrypted Phone Data

U.S. District Attorney Claims that Encrypted Data Impedes Law Enforcement

U.S. District Attorney Cyrus Vance has indicated that encrypted data on cell phones impedes law enforcement investigations, according to an article in Bloomberg.  Vance is quoted as saying “The line to protect the public should not be drawn by two companies who make smartphones”, which was a specific reference to Apple and Google, according to the article.  According to Bloomberg, Vance unveiled a 42-page white paper on the issue of access to encrypted data during a cybersecurity conference in New York.

11-18-15-report-on-smartphone-encryption-and

The Bloomberg article highlights a number of areas within Vance’s report:

  • Going Dark: Vance indicated that after ISIL finds someone they deem to be a worthy recruit, they move communications to mobile apps that are encrypted end-to-end which renders the communications completely invisible to law enforcement;
  • ‘Safety Check’: Vance points to Facebook’s Safety-Check feature which allows users to instantly let their social media contacts know that they are alright as a sign that technology companies can promote public welfare.  Vance indicates that this spirit of “public-mindedness” should shame smartphone manufacturers into negotiating a solution to encrypted data access;
  • Encryption Technology: Vance claims he is only interested in “data-at-rest” and not in-flight data (data at rest resides on a device while data in-flight is traveling from one device or entity to another).  Vance says that consequently his proposal could not be used for electronic eavesdropping since the data is not moving;
  • Congressional Action: Vance has urged Congress to pass legislation requiring developers of operating systems for smartphones or tables either made or sold in the U.S. to ensure that data on the devices can be accessed by law enforcement if they have a valid search warrant;
  • Encryption Helps Criminals: Vance published an op-ed in the Washington Post that said the full-disk-encryption employed by companies like Apple and Google in the post-Snowden revelation era was helping criminals evade law enforcement.

My Opinion:

It is always refreshing when someone takes the time to understand an issue fully and completely.  Thus, when I saw that the Manhattan DA’s Office had published a 42-page white paper on smartphone encryption and public safety I was interested to learn more about Cyrus Vance, Jr. the Manhattan U.S. Attorney.

Strangely enough when I looked into Mr. Vance I did not see what I expected.  I did not find a practicing attorney with a background in technology.   I did not find someone that had technology credentials.  I did not find someone that had lectured on the intersection of cybersecurity and law.  That is OK, perhaps the message is still sound even if it is being proferred by someone whose understanding of encryption is probably limited to the impenetrable, walled fortress analogy.

So, I looked not at the author but rather at the content.  This is where things get interesting.  Vance’s white paper indicates that they are not looking for backdoors or the use of “golden keys” that can decrypt anything.  No, Vance merely wants hardware and software designs that render technology fully breachable by lawful government searches.

So, essentially Vance is looking to step back in time to a pre-encryption world where everything is fair game.  There is no cause for alarm because as we all know, just because the government has access to encrypted data there are safety checks and the government won’t look at anything unless someone, somewhere is able to convince a court that the purpose is “lawful”.

We also should not worry about lighter encryption making us less secure.  Based on Vance’s logic, we could simply outlaw the unlawful decryption of data and, therefore, prevent any unlawful breaches of poorly-encrypted data by would-be criminals.

Vance’s white paper makes it a point to limit the scope to data-at-rest; indicating that they take no position with respect to data-in-motion.  Essentially, this seems to indicate that on your mobile devices data from one device or one entity to another is not secure when it is sitting on a device but it may be secure and isn’t subject to the DA’s office wire-sniffing while it is in transit.  So, I guess that the concept of securely encrypted data then is like the shark, so long as it is moving it is safe but once it stops — oxygen levels, or encryption levels drop, and all bets are off.

Furthermore, this paper talks extensively and exclusively about handheld mobile devices.  What about laptops?  Those are pretty small and easy to carry.  Can I encrypt my laptop or my home computer?  Either Vance is pursuing this police-state as a phased-approach: Step 1: access all of the mobile handheld devices, Step 2: access all computing devices, Step 3: gain access to big data’s servers and storage — or Vance really doesn’t understand how criminals and terrorists could sidestep his world of unencrypted mobile devices by switching to larger, more powerful computing platforms.

Leave a Reply

Bitnami