back to article US Attorney Gen latest to roast Apple, Google mobe encryption

Yet another US official has played the "think of the children" card, taking Apple and Google to task for implementing stronger encryption policies in their mobile platforms. Outgoing Attorney General Eric Holder said that child predators could use the encryption settings in mobile platforms to evade authorities and hide …

  1. kain preacher

    Any one that says think of the kids should lose their job and, oh wait Eric is leaving. Expect more BS to come out his lips. So because the cops are lazy and or can't doing their job I should lose my civil liberties ?

    1. Ted Treen

      Correction...

      "I should lose more of my civil liberties "

      There are precious few left which haven't been encroached upon, all in the name of "Preserving our freedom".

      And the powers-that-be still don't understand irony...

      1. BillG
        WTF?

        Re: Correction...

        Whenever a politician says "think of the children", what he's really saying is "think of me".

        Eric Holder absolutely has no moral high ground to stand on in this discussion because to him, a warrantless search is no longer the exception, it's the freakin' rule.

      2. kain preacher

        Re: Correction...

        I should of been clear. I meant all civil liberties . A police state does not work well with freedoms. Wounder who down voted me ?

    2. The Man Who Fell To Earth Silver badge
      FAIL

      Much ado about nothing

      All I see in this is the cluelessness of the government. Android, for example, has had full phone encryption built in since at least 4.1, maybe earlier. It's under "Settings", "Security", "Encrypt Device" and "Settings", "Security", "Encrypt external SD card"

      1. phil dude
        Thumb Up

        Re: Much ado about nothing

        Yes, in fact if you enable screen locking in android it forces encryption to be enabled.

        I was worried it would cryptify a phone sd card!!!

        P.

      2. N13L5

        Re: Much ado about nothing

        The "cluelessness of the government" isn't cluelessness. They are just following their instructions.

        German Politician Seehofer put it plainly on TV: "Those who are elected have no decisions to make, and those who make the decisions haven't been elected."

  2. Number6

    I'm thinking of the children, which is why I support Apple and Google to work towards preventing abuse of privacy by government organisations which clearly think they're above the law.

    1. Tom 35

      court-authorization

      Some secret Kangaroo court that rubber stamps anything the spies want doesn't count as court-authorized.

      1. tom dial Silver badge
        Flame

        Re: court-authorization

        The overwhelming majority of all search warrants, including those for communication data, are authorized by ordinary state and county courts in ordinary criminal matters. Some, perhaps many, are kept secret until they are executed, and they almost never are issued in circumstances where the subject of the search is allowed to object ahead of time.

        1. chris lively

          Re: court-authorization

          Yes, that is true. It's also true that such things come out as soon as a trial starts giving the accused a chance to review whether the warrant was legally issued and that the police properly executed it while restricting themselves to the items contained within it. This is to prevent fishing expeditions. (" Well Judge, we thought there was kiddie porn but it turns out that we found a spoon with spaghetti sauce on it that we think might be meth instead...")

          The problem comes in from the FISC and FISA court's. They have no oversight. Worse they can do things such as force companies to provide any and all information they have for any and all of their clients. Apparently this is a common occurrence. For example, in 2013 FISC forced Verizon to provide all call detail records to the NSA on an ongoing and daily basis. Although believed to be true for a long time, we only know the details because of Snowden.

          These courts commonly exceed what is normally allowed by the law. Further the various agencies such as the FBI routinely hide, or even flat out lie about where and how they came by their information, sealing it behind words such as "State Secrets" so that the accused has zero ability to mount a defense.

          Besides calling attention to the daily spying on citizens whose only "crime" is to be alive, the only other thing a regular citizen can do is to ensure such spying isn't effective. Which means, at the very least, encrypted communications where possible. Because such things are usually beyond an average citizens ability to set up, encryption by default has to be the way to go.

          The problem isn't those who are guilty. The problem is that the term "guilty" can (and does) change just as easily as the political landscape. The current administration has pursued political targets using the IRS, which is doing a bang up job trying to avoid congress. Meanwhile prior administrations have take similar actions or worse.

          I do not want to be in a position where I wake up one day and am jailed for political reasons. That is the province of 3rd world countries and banana republics. It is not what the Land of the Free is founded on.

  3. Drusenija

    I wonder if anyone has told them (law enforcement) if they hadn't overstepped the line so much then these companies (Apple, Google, etc) may not feel compelled to put this type of encryption into their devices?

  4. P. Lee

    Actually he's correct

    It does force the police forces to act in a way which can be tracked and monitored when they are looking for KP - which in turn means they need probable cause when they force Apple/Google to hand over data, rather than a dragnet which pulls in the whole internet. It makes their life harder. That's ok.

    The existance of crime and difficult law enforcement is the price we pay for a free society.

    1. Mike Ozanne

      Re: Actually he's correct

      Isn't the point here that Apple/Google can't hand over the data as they no longer hold the keys that allow it to be de-crypted....?

      1. gnasher729 Silver badge

        Re: Actually he's correct

        In earlier versions, Apple could, if they were handed over the phone and a search warrant in Cupertino, brute-force your passcode. (Your local Apple Store couldn't do it, and your local police couldn't do it either). This took about 1/10th of a second per passcode to check, so 15 minutes for the standard 4 digit passcode, but then you were always free to use an 8 or 12 or 20 digit passcode, or mixed numbers and letters, which at a rate of ten checks per second is uncrackable.

        Nowadays we are told Apple can't do even that anymore. But whether that is true or false, a 10 digit passcode is impossible for them to crack.

        1. phil8192

          Re: Actually he's correct

          A 10-digit passcode may not be impossible to crack, but it could slow the process down to the point that once it is cracked, the statute of limitations might have run out, making whatever evidence is gleaned from the device of no use to law enforcement.

  5. Gray
    Facepalm

    Okay, now I get it!

    If we are carrying a phone or other device containing encrypted content, then obviously we are child predators, or complicit with child predators, or are fellow travelers with child predators.

    We've become low-hanging fruit and the FISA system is going for it.

    1. Mark 85

      Re: Okay, now I get it!

      Wait for the next speech.. you'll also be a terrorist, a member of organized crime, and probably a mass murderer. I suspect he tossing as much as he can and waiting to see what sticks to the wall.

      1. g e

        Re: Okay, now I get it!

        @Mark85

        Tossing. Yup. That's exactly what he's doing.

      2. earl grey
        Trollface

        Re: Okay, now I get it!

        I suspect he tossing

        Well, you got that right....he is a tosser.

    2. g e

      Or even worse than the shadowy kiddie fiddlers...?

      We may be depriving a wealthy corp of some (theoretical/potential/unrealised) revenue by downloading their chod, only to delete it after consuming a small portion of it.

      Won't someone think of the wallet-stuffers megacorps?

  6. Hargrove

    One of my favorite quotes from Daniel Webster seems relevant.

    “Good intentions will always be pleaded for every assumption of authority. . . . . There are men in all ages who mean to govern well, but they mean to govern. They promise to be good masters, but they mean to be masters.”

    As for Eric Holder, the contrast between his highly visible reaction to Michael Brown's shooting and silence on Miriam Carey's tells us all we need to know about his intent.

  7. JaitcH
    WTF?

    Come on and cry, cry, cry me a river, cry me a river (Arthur Hamilton)

    Now that Edward Snowden's revelations are finally bearing fruit, the world's biggest Peeping Tom is learning the price of what it did. You cannot trust any government.

    Of course, GCHQ is even worse with minimal oversight and it's morals worse than a lawyer.

    There is always CALEA but with all the encryption becoming available the Feds are fighting a losing battle, which is good.

  8. Old Handle
    Big Brother

    GACACSAO

    What is this? I've never heard of it before. Nor can I find anything on the web to suggest it's a real organization. It sounds like something that was made up solely for the purpose of advancing the anti-privacy agenda.

  9. btrower

    fallacy of false choice

    People who want to spy on you are presenting a false choice that either you give them what they want or you accept child predators.

    Maybe they are just poorly informed or maybe they are dishonest. It is probably a bit of both. In any case, it is perfectly possible to have saturation monitoring of people that is only available when there is a genuinely pressing need.

    If they cared about the children they would be promoting a system that entirely protects the privacy of all of us and that had a trustworthy mechanism to allow legitimate access and entirely disallow illegitimate access.

    Give the keys to a variety of authorities and make it so that a significant subset of key holders is required to gain access.

    We already have clear evidence that state entities such as law enforcement and the judiciary simply cannot be trusted to make such decisions on their own. Until they have a better argument than 'trust me' I do not want to give them the power.

    1. SolidSquid

      Re: fallacy of false choice

      They already have a decent mechanism for this, they can get a court order to require access to materials they believe are stored on the device. It's the same rule as with safes and accountancy books, if they know it exists and have good reason to suspect it's in that location, they can get a court order with the threat of prison time if the court order isn't followed

      The only thing this restricts is police cloning devices for later review during a stop and search. Currently the legal opinion of the police is that, if the device is on your person when stopped and they have reasonable suspicion of a crime (which is needed for the stop in the first place anyway), they can search it without a warrant. This makes that near-impossible to do, and means a lack of warrantless searching of any email accounts linked to that phone

      1. tom dial Silver badge

        Re: fallacy of false choice

        Police in the U. S. no longer are allowed to think that "if the device is on your person when stopped and they have reasonable suspicion of a crime (which is needed for the stop in the first place anyway), they can search it." The U. S. Supreme court ruled in two cases (Riley v. California and United States v. Wurie) that searching a cell phone requires a search warrant. There will be exceptions for special circumstances, but the general rule will be a warrant requirement.

        Encrypting the data on the device is a way that owners can help the police in the proper carrying out of their duties.

    2. Vector

      Re: fallacy of false choice

      "Give the keys to a variety of authorities and make it so that a significant subset of key holders is required to gain access."

      How would you feel about a door to your house that had locks to which those same authorities had keys? There's lots of locks, so just one agency can't get in. Not only do you have the concern about official intrusion, but somewhere out there are a bunch of keys to your house that you have no control over.

      These officials still fail to grasp that if there's any sort of backdoor, it will be exploited.

  10. Trevor_Pott Gold badge

    Eric Holder does not get a vote.

    1. Anonymous Coward
      Anonymous Coward

      ?

      For, or against, what?

  11. DryBones
    Pirate

    Captain Obvious to the Quarterdeck!

    As the number of those with power or authority who seem to be trustworthy shrinks, so too does the number of people willing to trust them. Funny, that.

    Fishing expedition canceled; too much ICE in the bay.

  12. Adam 1

    he has a point

    I mean, it is only in the last decade that people started to carry pocketable computers that happen to occasionally make phone calls. We seem to forget that before that point in time there was no way to catch criminals. It is only now that crime has been solved.

    1. phil dude
      Unhappy

      Re: he has a point

      An excellent point.

      I feel though this is an unfortunate side-effect of the connected world. We are now seeing (alleged) crimes that were committed perhaps a long way from "home district", and displaced in time. The problem for law-enforcement models is that there is an assumption of co-location or at least conspiracy between criminals and crimes. Hence, organised crime works to diffuse activities so as not to cause a disruption in apparent lawlessness.

      The US Supreme court has started some cogitation on the whole difference between searching a phone and searching the pockets of a suspect, and the fact that modern phones are intimately tied to personal data.

      I am willing to bet, that there are other detection methods to "out" these intrinsically sick people rather than searching any phone at will - the risks of abuse to the population at large are simply too great.

      Perhaps "thinking of the children" would be an easier sell from the Govt. if they didn't act like children of poor people were the problem.

      P.

  13. IMEIBlackListed
    Thumb Up

    Interesting

    I work for a cell provider and we can pull/push any content on to or from the device whilst it is powered on. This only stops cops on the street; and even then, only if your phone is completely powered off.

  14. Frankee Llonnygog

    Why do we need encryption?

    What's wrong with sending obscene messages in plain text, with attached genital selfies, like any good, right-thinking American politician

  15. ratfox
    Devil

    I hope he realizes how much advertising he is doing for the new features …

    1. Sanctimonious Prick
      Black Helicopters

      @ratfox

      Or maybe he's giving us a false sense of security?!? :D

  16. Stretch

    oh fuck off you lying sack of shit

    1. Anonymous Coward
      Anonymous Coward

      You do realize that he's already leaving, right?

      My only question is which job offer did he resign in order to accept?

      1. Sanctimonious Prick
        Black Helicopters

        re: Job Offer

        Google Security Expert :D

        1. Sanctimonious Prick
          Happy

          Re: re: Job Offer

          or GooSE for short :)

  17. Lamont Cranston
    Unhappy

    Theresa May was playing the same card during yesterday's conference speach.

    It's very important that we all give up any thoughts of privacy, so that she can protect us from the paedos and jihadis.

    The politics of fear is alive and well.

    1. davemcwish

      Re: Theresa May was playing the same card during yesterday's conference speach.

      Yup they're all at it and incompetence from the plod and other agencies responsible in e.g. Rotherham and Doncaster is used to scare the public and unfortunately it works. I'm not suggesting that they are deliberately being incompetent but it's certainly helping the authoritarian case

  18. a53

    "When a child is in danger, law enforcement needs to be able to take every legally available step to quickly find and protect the child and to stop those that abuse children." I don't have a problem with law enforcement agencies using legal means to achieve their aims. I do have a problem with them treating me as guilty unless I can prove myself innocent. I have a problem when they feel they have a right to go fishing. I have a problem with big agencies entrusting the data they mined about me to big IT schemes, because of their track record on keeping it secure.I have a problem because my right to argue against any case they bring about me is nullified by them refusing to let me or my solicitor see their evidence. The top dogs seem to feel that they are above such laws and that they should only apply to the unwashed masses.

    1. Old Handle

      Even if they could be trusted to obey the law, what he's saying is totally unreasonable. "law enforcement needs to be able to take every legally available step". In other words, if it's legal, we must also make it possible. Would it be legal to remotely disable a suspected kidnapper's car? I'm sure it would. Therefore every car must have a remote killswitch.

  19. Anonymous Coward
    Anonymous Coward

    Get a Frikkin WARRANT!

    Law enforcement needs to step back and read some existing law starting with my constitutional protections against illegal search and seizure. The very reason why people are encrypting taffic is due to the propensity for illegal search by the "Law".

    Newsflash: When law enforcement breaks the law, they cease to have any legal standing. They become criminals that require censure and jail time.

    Eric Holder is the most incompetent and political AG of any so far. He has an agenda that is blatantly reverse racist, selectively enforced laws, used politically motivated retribution against plaintiffs, etcetera.

    On top of all that, the entire upper level of the US Federal legal system is corrupt and must be swept away by any new president. Those people also need to be banned from ever holding office again.

    Only then will I trust anyone in the legal system.

  20. Mk4
    Alien

    The enforcement agencies don't make the laws...

    But they would like to, and in some cases have or tried to (e.g. GCHQ IMHO). There is a constant drum-beat globally on this "paternal care of the people" idea. This is trying to, and in recent cases has, circumvented the accepted normal law making process. Trying to influence vendors seems to be yet another way to circumvent normal law making processes. I agree with many of the other comments, and I would really like to do something to help to stop this. Any good ideas? (orgs to send some cash to?)

  21. Cipher

    What laws?

    When FBI director Comey says "...above the law.", I'm left wondering exactly what law he is referring to. Maybe Holder could elucidate on his way out...

    IANAL, but I would think that the Fifth Amendment regarding self incrimination is in play here. Have they implemented Constitution 2.0 removing that pesky Bill of Rights?

    Even sans Apple/Google's new encryption scheme, if a suspected pedo has encrypted pictures on his/her phone, what is the legal basis for forcing them to give up the keys?

    If the only evidence of crime lies on a phone, the police aren't doing there jobs. They need to get out and find/stop this stuff in the non-digital world, where the crimes against children originate.

    1. Charles 9

      Re: What laws?

      And if the concrete evidence is in HOSTILE TERRITORY?

    2. tom dial Silver badge

      Re: What laws?

      In the matter of search warrants, Fifth amendment protections probably apply to smartphones (encrypted or not) to the same extent as they apply to file cabinets (locked or not). Probably not very much.

      You don't have to give self-incriminating testimony, but probably are not allowed to conceal evidence of a crime.

  22. PleebSmash
    FAIL

    Even after he's announced his plans to retire, Holder tirelessly defends the interests of the U.S. police state. Truly an inspiration to us all.

  23. Jamie Jones Silver badge

    How I miss the days when there was no internet or smartphones...

    Ahhh, those wonderful days before the internet, and smartphones, when child abuse and terrorism didn't exist...

  24. earl grey
    Flame

    Oh BOO HOO

    ODFO

  25. Anonymous Coward
    Big Brother

    "It is fully possible to permit law enforcement to do its job while still adequately protecting personal privacy."

    Then fucking do that, Eric. So far, your primary interest seems to be in waxing various poles in the law enforcement and intelligence communities, instead of protecting the rights of the citizenry.

    And I heard about your retirement. On your way out, don't let the door hit ya' where the dog should of bit ya'.

  26. Anonymous Coward
    Thumb Down

    In a somewhat related story, the NSA's university recruiting/outreach person talks about hiring...

    http://www.cnbc.com/id/102046408

  27. Frank N. Stein

    What's the Gov worried about. Doesn't the NSA have "alternative means" to get in?

  28. Anonymous Coward
    Anonymous Coward

    'Outgoing Attorney General Eric Holder said that child predators could use the encryption settings in mobile platforms to evade authorities and hide illegal images and content on their devices from law enforcement.'

    and the NSA

  29. My backside

    Yeah, right!

    So Holder said "It is fully possible to permit law enforcement to do its job while still adequately protecting personal privacy." No it is not. Law enforcement absofuckinglutely does not care about citizens' privacy. And we now owe a debt of gratitude to Edward Snowden for showing us exactly that!

    Holder can go piss up a rope!

  30. tom dial Silver badge

    "child predators could use the encryption settings in mobile platforms to evade authorities and hide illegal images and content on their devices from law enforcement."

    They certainly could, and those with the least bit of smarts probably have been doing so for years. TrueCrypt, although no longer supported or recommended by its maintainers; dm-crypt, available for Android for three years or so and for Linux for about ten; and Bitlocker are not known to have vulnerabilities that either their producers or the government can use for circumvention. They probably have attained significant use within the porno and paedo community. The FBI director, and now the AG, are whining about something that will have little or no practical effect on criminal investigations.

    Apple, for commercial and public relations reasons, is abandoning its capability to decrypt devices, something that was a bad idea at the beginning and looked much worse after the recent uproar over alleged universal government snooping. For the same reasons they, followed shortly by Google, made encryption the future default for those who lock their phones, nearly all of whom have no reason to care about government surveillance. This will have no effect on the great majority of those who have reason to hide data and have taken the small trouble to do so.

    The government has ample capability to conduct surveillance when they need to.

  31. ecofeco Silver badge
    Big Brother

    Think about this

    What if it's really all just a big show, a put on, and the encryption keys are already held by the law enforcement agencies?

    Sleep well, electric sheep.

    1. xeroks

      Re: Think about this

      They don't need to. A four number code would be cracked in under a second with the right hardware. And they are likely to have the right hardware.

      As you say this statement is just an attempt to reassure the less astute bad guys that they can go back to their iphones.

      1. gnasher729 Silver badge

        Re: Think about this

        The four number passcode on an iPhone _cannot_ be cracked in under a second.

        The trick here is that the whole system is designed so that you can only try a passcode _on the iPhone that you want to crack_. You cannot use "the right hardware" which probably means expensive supercomputers, massive numbers of graphics card acceleration, to crack it. The only "right hardware" is the one iPhone that uses the passcode. And the checking algorithm is intentionally designed to take about 1/10th of a second per passcode.

        Moreover, you can only check passcodes with software that is signed by Apple. So unless you handed the phone to Apple with a search warrant, all you could do is type in each passcode. And depending on security settings, after 10 wrong passcodes all data on the phone is deleted. (And Apple says they lost the ability to check passcodes as well).

        You _could_ try to decrypt the actual flash memory, but that's 256 bit encryption with a different key for each file, so good look whatever supercomputer you are using.

  32. Frank N. Stein

    Is that phone encryption going to stop the NSA from monitoring your phone? Probably not, so Holder is full of it.

  33. Anonymous Coward
    Anonymous Coward

    Not sure if enabling FDE by default will make much difference

    Enabling fde encryption on android is only going to slow them down in most cases.

    Since the master key is encrypted using the users screen lock password which is usually short and predictable (who wants to enter a long random string every time they unlock their phone?) which means they can gain access using dictionary attacks.

    1. Anonymous Coward
      Anonymous Coward

      Re: Not sure if enabling FDE by default will make much difference

      But you can only try the PINs on the device itself, and it'll only take so many before locking down, right?

  34. Eguro

    "It is fully possible to permit law enforcement to do its job while still adequately protecting personal privacy."

    Oh I'm sure it is. Currently though, it seems to require a rather loose definition of adequate protection...

  35. UNOwen

    So spoketh Helen Lovejoy ...and now Eric Holder!

    I love reading the Register - not only for the insight, but, The Register IS 'savvy.'

    By this, I mean, The Register is the ONLY ... ANYTHING I can think of, off-hand, which has the guts to actually call it when it sees it- i.e., 'think of the children' - easily the most lame-brained, and over-used rhetorical tactic (if anyone reading this actually takes 'think of the children' seriously, and does not know the story of this declaratory phrase , read here; https://en.wikipedia.org/wiki/Think_of_the_children).

    Thank you - for having guts - in an age of gutless-ness.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like