back to article Phone crypto shut FBI out of 7,000 devices, complains chief g-man

The FBI has been locked out of almost 7,000 seized mobile phones thanks to encryption, director Christopher Wray has said. Speaking at the International Association of Chiefs of Police conference in Philadelphia in the US, Wray lamented that device encryption kept the g-men out of “more than 6,900, that’s six thousand nine …

  1. Steve Knox
    Paris Hilton

    Weak Logic

    The problem does not arise in the UK, where it is a criminal offence to refuse to give your password to State investigators.


    Is the penalty for withholding one's password as severe as or worse than the penalty for the various crimes such evidence may be used for?

    How does imprisoning or fining one suspect assist in tracking down others?

    Or are you saying that suspects are so polite in the UK that, on hearing that it's (GASP) not proper for them to withhold their passwords, they all immediately surrender said passwords?

    1. Pinjata

      Re: Weak Logic

      Correct me if I'm wrong but why I've heard in the UK people are jailed indefinitely if they don't surrender their passwords.

      1. Snorlax Silver badge

        Re: Weak Logic

        "Correct me if I'm wrong but why I've heard in the UK people are jailed indefinitely if they don't surrender their passwords."

        Contempt of court, most likely?

        1. Lee D Silver badge

          Re: Weak Logic

          Pretty sure the European Court of Human Rights would hear about that quite quickly.

          Lucky we're not pulling out of that organisation or anything....

          1. Graham Dawson Silver badge

            @Lee D Re: Weak Logic

            We aren't.

            The ECHR isn't part of the EU. EU member states are independent signatories to the European Convention on Human Rights - by virtue of their membership of the Council of Europe - which establishes the Court amongst other things.

            Other notable signatories include Turkey and Russia, for what it's worth.

            But regardless, we aren't leaving the ECHR.

            1. John Brown (no body) Silver badge

              Re: @Lee D Weak Logic

              "But regardless, we aren't leaving the ECHR."


              Various Ministers and even PMs have lamented the "shackles" imposed by the ECHR and wondered out loud about withdrawing from it. And certain portions of the media are always whinging about "terrorists" not being deported because their "yooman rights" allow them to stay to look after their pet cats or something,

            2. Teiwaz

              Re: @Lee D Weak Logic

              But regardless, we aren't leaving the ECHR.

              May was once allegedly overheard commenting on her preference for not being in the ECHR though...

            3. Bernard M. Orwell

              Re: @Lee D Weak Logic

              "we aren't leaving the ECHR."

              Has anybody else noticed a trend on el reg lately of people downvoting posts with hard facts in them? Some people just don't like truth or what?

        2. handleoclast

          Re: Contempt of court


          Contempt of court was the way the UK used to do it and the way the US still does it.

          1) Arrestee refuses to hand over crypto keys (claiming he/she forgot, never had them, whatever).

          2) Arrestee is brought before a judge who instructs arrestee to hand over crypto keys.

          3) Arrestee repeats excuse.

          4) Judge sentences arrestee to 3 months in prison for contempt of court.

          5) After 3 months, arrestee is released from prison into the arms of the police who haul arrestee in front of Judge. Because whatever the crime the person was arrested for, even if subsequent evidence shows the person to be innocent, that person is guilty of contempt of court until he/she hands over the keys (even if they no longer matter).*

          6) GOTO 3.

          Yes, people like Gary Glitter (had he been bright enough to encrypt his stash of kiddy porn) would claim to have forgotten their key. As would terraists. So I can see the temptation for the courts to do this.

          But, that does mean that you're seriously fucked if you forget a crypto key and the police ever have cause to investigate the encrypted device.

          It also means, as I've said before, be careful about encryption with hidden volumes (like TrueCrypt/VeraCrypt). If you use them you must use the hidden volume. Because if you don't, when the police ask you for the key to the hidden volume and you say you're not using one, you're fucked. They can't prove you are, but you can't prove you aren't, so hand over the keys you don't have because you never had them.

          Except for TrueCrypt (and therefore probably VeraCrypt) there was a patch that allowed nesting of hidden volumes to any arbitrary depth. So there's no way you can prove you're not using a hidden volume beneath the ones you've handed over the keys for. So you are fucked if you use those two systems (and possibly others) at all.

          Here in the UK people realized it was an abuse of contempt of court powers to do this. What if the judge ordered you to ride a unicycle over a tightrope while juggling running chainsaws? So now we have a law that specifically states it is a criminal offence not to hand over crypto keys when the police request them. That's a big improvement. /s

          *The naive amongst you are going to say that if the police find out you're innocent while you're serving time in prison for not handing over your keys, you'll be released. Hahahahahahahahahaha.

          All your computer equipment will have been confiscated for detailed analysis. As will all the computers at your place of employment you potentially had access to. That sort of detailed analysis takes days, if not weeks. By the time you're released, your employer will be out of business so you won't have a job to go back to. There will be nagging doubts about whether or not you really did something wrong, so you'll be unemployable.

          So when you're released, you're going to go to court for compensation for your losses. Your former employers will want money too. Big money. That will generate very bad publicity for the legal system and the government. Maybe the Home Secretary gets replaced. Maybe even the PM.

          So the government will want to settle out of court on condition of no publicity. So your lawyer will scent blood in the water and go for the kill. There's big money to be had for a promise not to topple the Home Sec/PM. Or is there?

          It's much cheaper to ignore the fact that you didn't commit the crime you were arrested for. Because you're still guilty of not handing over your crypto keys. And always will be (if you really did forget them). So no messy/expensive court case where you demand compensation. Because you're a vile criminal. A recidivist who has been given many chances (every 3 months) to reform and hand over his/her crypto keys yet continues to refuse to do so.

    2. Anonymous Coward
      Anonymous Coward

      Re: Weak Logic

      "Failure to disclose carries a maximum penalty of two years in jail, or five years in the cases of child indecency. "

      Not hard to find really.

      Recent usage of the law:

    3. ritey

      Re: Weak Logic

      My poor memory could land me in jail then :/

      1. 0laf Silver badge

        Re: Weak Logic

        In the UK yes it could.

        That was one of the advantages of the old TrueCrypt program. It could be set up with two containers allowing you to use one as a dummy. So when asked for a password you could give one and it would open revealing nothing of note. Assuming the encryption was up to snuff there would be no way to prove you had not given your password over willingly.

        1. K

          Re: Weak Logic

          "That was one of the advantages of the old TrueCrypt program"

          You make it sound like TrueCrypt is dead.. the original might, but there are several very active forks with even better features, take a look at VeraCrypt and CipherShed.

        2. c1ue

          Re: Weak Logic

          Yes, and no.

          Yes, you can create different containers and have one as a "decoy"

          But any competent investigator will look at the encrypted space and compare vs. the container size.

          1. Pinko_Commie

            Re: Weak Logic

            That's not the way it worked at all.

            Because of the way TrueCrypt containers worked, all "free" space was filled with random data.

            So an "empty" container of 100GB would take up 100GB on disk, a 100GB container with a 50GB hidden container within it would also take up 100GB of disk space, plus it would also have 100GB of "space", as there is no way for TrueCrypt to differentiate between data encrypted with a different key or random data, so unless you supply the password for the inner container, truecrypt would assume that it is just random written free space.

            If you mounted the outer container (which contains the hidden volume) then you could actually write to the full container amount, which would destroy the inner container.

            The only way to prevent this would have been to mount the outer container in a special way by giving it BOTH passwords.

            The only way you could know if there was an inner container would be to provide the correct password for said inner container, as there is no way to tell if the chunk of data after the header for the outer container is just random rubbish or an encrypted header for a hidden volume.

  2. Snorlax Silver badge

    Cry me a river

    "The problem does not arise in the UK, where it is a criminal offence to refuse to give your password to State investigators."

    "Stress-induced amnesia, m'lud"

    Penalties under paragraph 18, schedule 7 of the Terrorism Act 2000 aren't that heavy IIRC. Three months in prison and a level 4 fine or something like that?

    1. Anonymous Coward
      Anonymous Coward

      Re: Cry me a river

      Not terrible for you, maybe but you will:

      A) Lose your job

      B) Being determined not to be of good character

      C) Be unable to work for government, and would have terror related conviction, so: unemployable.

      If you are foreign, like I am, you WILL be deported.

      1. Anonymous Coward
        Anonymous Coward

        Re: Cry me a river

        Well assuming you are refusing to give up your password because you're guilty of the crimes you are accused of, rather than standing on principle, none of those things sound bad. If you go to prison you will also lose your job, be determined not be of good character, be unable to work for government / unemployable, and if you're foreign be deported. The difference is, those things would happen after you spent many years or decades in prison, rather than a maximum of two years if you refuse to give up your password.

        So tell me again what the downside is...

  3. Franco Bronze badge

    I'll give Wray credit for not doing the usual and demanding backdoors to everything and accepting that there are legitimate uses for encryption.

    Won't stop Amber Fudd though, she's hunting wabbits and won't shut up until she gets her way or (hopefully) loses her job.

  4. mark l 2 Silver badge

    I think it is up to 5 years in prison for refusing to give a password for an encrypted device in the UK. Which if your up on terrorism offence charges is a lot less than you could be receiving.

    How are the criminals managing to wipe devices after they have been seized unless the plod are not handling the evidence correctly and allowing the device to connect to the internet after it is in their possession. I was always under the impression they cloned the devices as part of their chain of evidence so that they did their investigation on the image of the software rather than on the original device?

    1. Lee D Silver badge

      If the lockscreen is on, and you don't have the passcode/word, how do you think you can go about cloning it?

      The passcode unlocks the real decryption key, which unlocks the data. The shim that takes your passcode and does that will wipe the data if you try too many passwords. So you need to dismantle the phone, clone all the storage (difficult enough with today's miniature chips), and then password brute-force against the storage while then checking to see if what you decrypted ends up as nonsense or (in a single, solitary instance) your stored data.

      Manufacturers - including Apple, surprisingly - refuse to co-operate or supply fake shims, backdoors, etc. so there's no help there. You're basically into full brute-force, which could take... well, centuries if they'd chosen a decent password.

      And that's if they didn't further-encrypt the data on the device using some other program.

      And the penalty for them is a few years in prison for failing to reveal, or to have an entire terrorist cell know who it was who gave up the information that landed them in the spotlight. I think most terrorists with a brain would keep schtum at that point.

      Plus, after a few years in jail, claiming that you don't remember the password would probably get a lot of medical experts on your side saying that most people wouldn't remember it by then, even if they originally had and wanted to co-operate.

      1. c1ue

        You're still thinking old school write blockers.

        You don't actually have to dissassemble and connect up a write blocker anymore. Just boot with a different OS compatible with the MB/CPU/chipset.

        1. Anonymous Coward
          Anonymous Coward

          You don't actually have to dissassemble and connect up a write blocker anymore. Just boot with a different OS compatible with the MB/CPU/chipset.

          Nope. The chipsets have keys in them on which they base the crypto and salt it (at least Apple's do, no idea if Google's Android does the same in hardware). It's the combination of physical hardware and password that gives you the key, so if you lift the data from the device you render it impossible to decrypt.

          1. Anonymous Coward
            Anonymous Coward

            Not to mention, even if you could get the signing keys to sign an OS with (which you can't) where are you going to get this "different OS compatible with the MB/CPU/chipset" of an iPhone? Pretty sure there isn't a Linux distro for it!

          2. Dinsdale247


            I call bulll on all of this. This encryption is nothing a good programmer couldn't overcome with a dummy iphone, jtag and a debugger.

            The intrinsic problem with modern computers is that if you have physical access to the hardware, there is little real security.

            1) Take dummy iphone, add passkey that you know

            2) Interupt boot process and put it on a debugger. iOS is still Unix, this isn't difficult, the bootloader and OS are coming from somewhere on disk...

            3) Watch iphone processes/memory on jtag until you see your dummy value. Now you know how the value is extracted.

            4) Repeat with real iphone that you want to crack.

            Oversimplified? Absolutely; but it's still totally do-able.

            1. Anonymous Coward
              Anonymous Coward

              Re: Hardly

              I call bulll on all of this. This encryption is nothing a good programmer couldn't overcome with a dummy iphone, jtag and a debugger. The intrinsic problem with modern computers is that if you have physical access to the hardware, there is little real security.

              You can call bull all you want, but it merely suggests you have never worked with secure electronics :). It's a lot harder than you think if you have to get physically inside a chip to get critical data that is only ever expressed in the way it encrypts (and the code held in that security enclave chip is what explicitly ties the data to the physical device). It's not like the satellite cards of old which could be scraped until you got to the good bits: those chips will detect external access and act accordingly by either losing data or even wilful self destruct.

              I don't know how Apple does it, but there are many ideas out there to defend a chip from physical access. I worked on very secure systems that used chips that had a little wire cage in the epoxy - you started shaving that down and you would have tripped several tell tales already which meant that the chip would zap itself the moment you powered it up again. Some were even designed so they needed a constant source of power to retain data, power the chip also used to detect any attempt to breach chip casing integrity and act on it by killing the core key.

            2. Anonymous Coward
              Anonymous Coward

              Re: Hardly

              The iPhone keeps the encryption keys in the secure element, and the encryption is NOT based solely on your password or PIN, but is entangled with a key unique to the secure element. Also the OS doesn't even get the encryption key for the flash, there's an AES unit on the SoC between the NAND and the OS that does the actual decryption. But since the key will be unique to any iPhone even if both use the same password/PIN, even if you get hold of the encryption key, it would do you no good.

              Apple has a very detailed writeup of how they handle all this stuff available. Maybe you should read it before you spout off a bunch of nonsense.


              1. Dinsdale247

                Re: Hardly

                Thanks for the pdf. I will definitely give it a read. However, all you need to know is the mechanism that grabs the hash off the unit. It's a matter of simply tracing the system calls. If you load something before the OS, (see the article on why Intel ME is so dangerous) then you can read what it's doing to your hearts content. There are still drivers reading things off of NOR and NAND. Uses an AES encryption chip you say? hmmm.. lets check the PCIe system calls, or did they use SPI? No mater what you are doing, the system still uses system calls that make comparisons. If you can read the memory (i.e. debug it) then it's not safe. Once you know the mechanisms, subverting them is trivial if you have physical access.

                I'm not saying skiddies are going to do this. But surely the FBI whining that it's unable to get into iphones is rubbish (or more cunningly, subterfuge).

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Hardly

                  Thanks for the pdf. I will definitely give it a read. However, all you need to know is the mechanism that grabs the hash off the unit. It's a matter of simply tracing the system calls.

                  Secure chip guy again here. Could I recommend that you stop talking/typing for now and read at least the Apple PDF first?

                  Your statements suggest you lack a substantial amount of core knowledge on how good encryption works in both hardware and software, and Apple has done quite a good job of it. As a matter of fact, they've done such a good job with their devices that they've pissed off the agencies who would like us to have nothing more secure and an abacus and an etch-a-sketch.

              2. Dinsdale247

                Re: Hardly

                From said article "When an iOS device is turned on, its application processor immediately executes code from read-only memory known as the Boot ROM."

                Perfect. So now I know where to start.

                Find out what address the bootloader loads to. Then, find it's output (to memory). Once we know what it's confirmation code is, overwrite the executable in memory and return said code. Start debugger, load kernel. Enjoy!

            3. Dinsdale247

              Re: Hardly


              In the next article I read... (On why Intel Management Engine is so dangerous)

              "The Management Engine executes mystery code that runs below the BIOS level, Weaver explained, and thus has the potential to access everything above it. "The theoretical problems that can expose you to are too numerous to list," said Weaver."

              I'm not making this up. If you have physical access to the machine and you keep both the secrets and the mechanisms on the same device, there is no way to stop someone from getting your keys. Arm bootloaders are garbage too. I don't imagine Apples is any better (if it's not using das u-boot).

  5. LiarLiarLiar

    If I'm not wrong

    they can just go to the cell phone company to get any calls or messages made to that phone, since they keep that data for years. So what's the problem???

    1. katrinab Silver badge

      Re: If I'm not wrong

      The phone company can tell you there was network traffic that would indicate a Facetime call, but they can't tell you who the other party to the call was.

      1. Anonymous Coward
        Anonymous Coward

        Re: If I'm not wrong

        The phone company can tell you there was network traffic that would indicate a Facetime call, but they can't tell you who the other party to the call was.

        Apple can and will supply that data, but only if requested through proper police channels and accompanied by a properly issued warrant. If you do not follow exact, proper process, Apple will tell you to piss off like any company should.

        Look, it's not difficult. First, start to address the screaming lack of trust anyone has these days in authorities by restoring proper due process and citizen-accessible transparency. If that isn't fixed, don't act surprised if any civilian and business tells you to f*ck off if you want data, because there's no guarantee that data will not get abused or subsequently leaked.

        If I want data leaked I'll hand it to Equifax or any bank, thank you, I don't need the government to help me (no, I don't use Fakebook).

    2. Dave 126 Silver badge

      Re: If I'm not wrong

      The cell phone company can supply meta data of phone calls and SMS messages, but they won't have meta data about WhatsApp, FaceTime etc calls and messages.

      That'd not to say that meta data is useless to police and intelligence agencies. It's the Who and When, but not the What.

      1. c1ue

        Re: If I'm not wrong

        Depends on the specific setup.

        The cell operator actually can know who the sender/recipient is - that's what routing IP addresses are for.

        The data in transit can be encrypted - that's really what the "secure" messaging apps do.

        However, the network operator can do all sorts of things to compromise security including forced firmware/OS upgrades.

        1. Anonymous Coward
          Anonymous Coward

          Re: If I'm not wrong

          That won't work for iPhones, the operator can't force any OS upgrades or have any control whatsoever of the OS you're running. All they can do is push a carrier settings update, but that won't help unlock the phone or anything like that since it doesn't interface with the phone's security at all.

          Not sure it would work on some Androids either. Do OS upgrades for the Pixel go through the carrier or do those come directly from Google?

  6. rmason


    Yes, they can always get that.

    What they can't get at is everything else.

    Social media, messenging apps, pictures etc etc

    Going with either drugs or terrorism as the example, they aren't texting and calling each other. they're using whatapp which is encrypted (so they need the device) or WIKR which even self destructs/purges messages at a time set by either party.

    That is what they are after. The "everything else" that these devices can contain.

    1. Anonymous Coward
      Anonymous Coward

      Press the reply button, otherwise your response could end up 5 pages away.

  7. Lee D Silver badge

    And thus the primary purpose of device encryption has been fulfilled.

    Though I'm not at all happy that a potential terrorist may have got away with something because of this, I could not bring myself to say that this is in any way unexpected or reason to take specific action against it. It's like trying to outlaw fires in case criminals burn the evidence against them.

    That said, kinda puts paid to all that "acres of datacentres" nonsense, if they can't even decrypt a phone. either all that stuff was no help at all, or it doesn't actually exist.

    1. Dave 126 Silver badge

      The acres of data centers are to record today's communications for decryption in the future when either Moore's Law or a quantum computer reduce the time and cost of doing so. Why? Knowing in ten years time what the Chinese wrote to their Embassy today would still be useful, giving you context and background. Obviously some triage of what data you store is essential, so inter-embassy communication yes, every citizen's comms no.

      1. Yet Another Anonymous coward Silver badge

        Knowing that the Chinese communciated with their embassy 10 years ago isn't very useful

        Knowing that your political opponent in the primaries sent a dick pick to his girlfriend in college or made a joke about smoking pot 20 years ago is very useful - that's why you save everything.

  8. Anonymous Coward
    Anonymous Coward

    .in the UK,... refuse to give your password to State investigators.

    What's a State investigator? Never heard of them in the UK.

    1. Dave 126 Silver badge

      Re: .in the UK,... refuse to give your password to State investigators.

      It's a misplaced capital S on State. The phrase 'state investigators' is a fairly unambiguous catch-all term for the police, Serious Fraud Office, MI5, Inland Revenue, Customs, local council refuse department etc etc

  9. Anonymous Coward
    Anonymous Coward

    It's hard out there for a cop

    Investigations are much easier if it is assumed all are guilty and those accused have to investigate themselves including self incrimination.

  10. Doctor Syntax Silver badge

    It's a choice. You either obtain access to data which might or might not carry forward a number of investigations which might or might not be carried forward anyway without that data. Alternatively you grant access to anyone who comes into possession of a lost or stolen phone to data belonging to the owner of that phone and who might or might not be damaged by that access. Which, in terms of the public interest, is the more harmful choice.

    At last it seems to be that at least some of TPTB are starting to grasp that they're having to choose between two harmful choices and that they actually have to weigh them up.

  11. chivo243 Silver badge

    Innocent until proven guilty in a court of law?

    chicken or egg here? Ends justify the means? Double indemnity? My wife can't be ordered to testify against me? I'm so confused!

    V. Barbarino

  12. Wily Veteran

    Let them have the password

    OK, so I'm a terrorist/pedophile/drug dealer/critic of the current administration with a normal (or higher) IQ who wants to get into the US and commit a dastardly deed. Months before I leave, I purchase a second phone and a micro SD card. I use that second phone (but never put the micro SD card in it) in a normal, boring way using separate social media accounts. My phone has pictures of my family, buds, and I doing normal, boring things and records the normal, boring social media participation.

    I put all my terrorist plot materials and child porn in an encrypted file on the micro SD card then encrypt the whole card and I conceal it somewhere in my baggage or, if I think my baggage will be searched so thoroughly it might be found, swallow it and get it out of my shit later. Alternatively. I would send it to an associate/sympathizer, perhaps via multiple third parties. I then take only this second phone with the dull, boring stuff on it and go to the US. I cheerfully give the phone to the border cop who finds nothing of interest on it and waves me through. I then get the micro SD card from my "friend" and do the dastardly deed after which I immediately wipe the phone.

    If sending a micro SD card is too likely to be caught, I simply take my dull, boring second phone with me, install Telegram, Signal, or such from the app store /after/ I'm in the country, and retrieve the encrypted file through that, (or SFTP it from the server at Terrorists R Us), do the dastardly deed, and immediately wipe the phone.

    For a domestic miscreant, follow a similar pattern and access the damning data in the cloud using end-to-end encryption then immediately wipe the phone.

    For bonus points, replace the deviant data with something that looks plausible but leads the LEOs on a wild goose chase.

    Any would-be miscreant who is stupid enough to have the real contraband data on their phone when they enter the country or might get caught in-country qualifies for the Dumb Criminal of the Month award and is fair game for the LEOs.

    There are probably race conditions in the scenario or corner cases where this might not work, but the point is that a truly-determined criminal will be prepared enough to find an alternate way of getting at their incriminating data other than leaving it on their phone.

    1. Aladdin Sane

      Re: Let them have the password

      Not posting as AC? Brave move.

    2. Anonymous Coward
      Anonymous Coward

      Re: Let them have the password

      A microsd wont be seen by an xray machine, as it is too small.

      Only if they are looking for it and take a LOT of time they MIGHT be able to get it if they are using the more powerful scanners (CTX) have a very slight chance of detecting it.. but only if lays fat.. something easy to fix.. and then 0% of detection.

      Anon, as I am not stupid.

      1. tiggity Silver badge

        Re: Let them have the password

        .. and plenty of ways to store micro sd card so concealed by other, innocuous, metal from any scans.

        And there's hide in plain sight approaches, lots of SD cards, all with various junk data, openly sitting there with your camera kit.

        On your mobile device is also a nice recent history of buying cheap as chips lots of SD cards off ebay, gumtree (and whatever other sites you want to add that iffy goods sellers infiltrate you want to pick, ideally pick sellers who gov agencies would preferentially profile on name. colour etc.) - odd content on SD card you bought for lots of photos? Must be from one of those batches of SD cards I got for my holiday snaps, yes officer, now you come to mention it a couple of those sellers had Islamic sounding names ....

        1. Mage Silver badge

          Re: Let them have the password

          Micro SD card fitted inside a fake CR2032 coin cell (with a smaller coin cell inside connected to casing), inside the key-fob.

          No point in being anonymous...

          1. Anonymous Coward
            Anonymous Coward

            There will always be ways around this for creative criminals

            Let's say some black hat makes an SD card that is marked as 64GB and shows 64GB in size but is actually 128GB divided into two hard partitions. One password unlocks one half, a second password unlocks the other half. One half you fill with a bunch of innocuous stuff (or slightly incriminating stuff but not enough to bother the prosecutor with if you want police to believe it isn't a plant) The other is your real stuff.

            When asked for the password, you give them the password to the innocuous stuff, and they don't even know the real stuff is there.

            1. handleoclast

              Re: There will always be ways around this for creative criminals

              This is almost available from many sellers on eBay.

              You want a 128GB SD card that appears to be a 64GB one. Right now it's dead easy to buy SD cards that show as 128GB but are actually 64GB (usually a lot less).

              So they've got the principle right, they've just screwed up the ratio.

      2. Anonymous Coward
        Anonymous Coward

        "Anon, as I am not stupid."

        You sure "The Register" don't know who you are and won't hand the info over if it's "requested"?

        I'm "Anon" because I should be working ;-)

      3. Duncan Macdonald

        Re: Let them have the password

        And if you want to be nasty - have a few dozen micro SD cards with really toxic contents (such as episodes of X factor or Emmerdale) to distract the G-men while keeping the secure data elsewhere in an encrypted file on a cloud server.

        1. Nick Ryan Silver badge

          Re: Let them have the password

          And if you want to be nasty - have a few dozen micro SD cards with really toxic contents (such as episodes of X factor or Emmerdale) to distract the G-men while keeping the secure data elsewhere in an encrypted file on a cloud server.

          Other than the human compassion side you really don't want to do that. Being caught with pirated commercial content will get you more jail time and heavier fines than almost anything else. Because, erm, because, well, erm, every pirated episode is worth many millions in lost sales and directly funds organised crime. Phew, for a second there I thought there wasn't a reason behind it at all...

    3. Doctor Syntax Silver badge

      Re: Let them have the password

      "a truly-determined criminal will be prepared enough to find an alternate way of getting at their incriminating data other than leaving it on their phone."

      And meanwhile an innocent person who loses their phone loses everything because it's not encrypted.

  13. steve 124

    I get it... Um, no you don't

    “I get it, there's a balance that needs to be struck between encryption and the importance of giving us the tools we need to keep the public safe,”

    That statement totally shows that he doesn't "get it". There is NO balance to be struck. Either they accept that encryption is as much a part of this world/reality as the oxygen they are breathing or they don't. It doesn't matter which, because the fact is, encryption is here and it CAN'T go anywhere. To weaken it by injecting back doors makes the entire financial system at risk, from Amazon to your local bank. To ban it breaks the internet completely and E-commerce, destroying the world economy.

    After reading article after article of government conversations regarding device encryption, one thing is perfectly clear to me... Nobody involved in this topic "gets it" at all. They seem to thing device encryption and SSH/SSL encryption are different things, when in fact, it's just encryption. It's not even a new thing, most of this stuff was first put into use between WWI and WWII, it's just more available to the mouth breathers now.

    My God, if I hear another politician say something like "we need to have a universal key to unlock encrypted devices" I swear I will help Marvin the Martian load his Plutonium space cannon and un-obstruct his view of Venus willingly! It amazes me how the people in charge have no idea how this stuff works.

  14. c1ue

    It is clear most of the people here have no idea how digital investigations can actually be done.

    Equally clear that most people think their own capabilities are the same as law enforcement.

    1) physical storage. There are now electronics sniffing dogs specifically to find small storage cards

    2) FDE. full disk encryption isn't magic. All you have to do is copy the boot sector and throw it onto a cloud array. If the password is tough enough, the cost will be high enough to deter most typical attackers, but I have serious doubts about whether it would hold out against a well financed nation state. And FDE means *everything* depends on the single password not being compromised. A smart attacker would just compromise the machine; the FDE password is stored in memory when the FDE device is in use.

    3) Technical competence. Sure, there are lots of technically unskilled. But there are plenty who are, as well. Don't assume that general IT incompetence is everywhere, especially since there are significant numbers of people who do digital investigation for a living and who will do pro bono work for LE.

    4) Encrypting apps - a whole 'nother discussion:

    a) The app owner, in almost all cases, does retain either the seed or the master key

    b) In the past, LE would just subpoena the app owner. These days the app owners are saying they don't have the password, but that's a legal quibble. They definitely do otherwise users could never switch phones/phone numbers, restore, etc etc.

    c) Once again, if you really want to pull info out - compromise the hardware either via a different app/0 day attack or have the handy dandy telecom operator help you out.

    General gripe: passwords

    No, not the usual "passwords are crap and should be replaced".

    I have people on my team who contribute to the master password project - basically there are open source groups out there who take published, compromised user databases and crack the passwords. These ID and password pairs are then uploaded into a master database. That LE/nation states don't access this beggars belief. Equally, even if unique passwords are used every time, if a target has a collection of passwords from different compromised sites, you can use the history to custom create an attack based on the user's password creation patterns.

    Anything electronic = not secure pretty much by definition.

    1. Duncan Macdonald

      Open source encryption

      There are good open source encryption programs (eg AESCrypt, GnuPG, 7-Zip) that make "rubber hose" decryption the only way of recovering the data if the user has been careful.

      For transmitting a message to another person without leaving the usual traces, USENET can be used. There are several newsgroups that often have encrypted ZIP or RAR files. If a message is placed in one of those groups, it will be replicated to servers across the world. It would be difficult to determine who had read the message (as against just downloading all the new messages on a newsgroup).

      For the AES key - use a known part of a 7-zip encrypted jpeg (The password for 7-zip can be something easy to remember, the jpeg being an innocent file can be carried through customs on an SD card in a camera or phone or be a known image on a website.) Example encrypt a file "swimwear.jpg" with 7-zip using password "beach party" then take bytes 5001 to 5032 of the zip as the AES 256 bit key. Without knowing which jpeg, 7-zip password and offset into the 7-zip encrypted file is used to generate the AES 256 bit key there is no real way to decrypt the message. (The offset should change each day so that breaking one message does not allow others to be broken.)

      The encryption and decryption should be done on a standalone system (no internet connection or hard disk) that boots a version of Linux from a DVD. All data transfers to and from this system should be done by a SD card or USB memory stick that is destroyed after use.

      (For real paranoia - do the encryption and decryption in an underground Faraday cage to reduce any possibility of sniffing the data by radio methods.)

    2. Doctor Syntax Silver badge

      "the user's password creation patterns."

      A random string generator?

  15. John Brown (no body) Silver badge

    Interesting quote

    Speaking at the International Association of Chiefs of Police conference in Philadelphia in the US, Wray lamented that device encryption kept the g-men out of “more than 6,900, that’s six thousand nine hundred, mobile devices … even though we had the legal authority to do so.”

    How does one speak out aloud the number 6,900 such that it sounds different to six thousand nine hundred so it can be easily clarified in the written quote?

  16. Curtis

    Best Password

    I still say your best defense is an offensive offense. Make your password "Sodoffyoufuckingwanker"

    Then, you can give your password with impunity. And they'll of course refuse try it. Then, when you go to court, you simply say that you provided them the password and they still violated your human rights because they didn't believe you.

    1. Bernard M. Orwell

      Re: Best Password

      I like it. I may have to make my password "IRefuseToGiveYouMyPassword".

  17. John Smith 19 Gold badge

    International ACPO

    Like UK ACPO, but with other languages as well.


    As an ex-policeman once noted "Police work is only ever easy in a police state."

    You might like to remember that, along with who you're working for.

  18. Will Godfrey Silver badge


    So they had no problems snooping the other gazillion.

  19. Mr_E
    Paris Hilton

    Password to wipe the phone?

    I wonder if current phones (android, iphone) have a secondary password to wipe the phone. And the phone not giving a warning.

    "But, but, You ask for a password. I give it to you.. let me go!, see is unlocked...pretty much unlocked"

    What will happen then?

    Paris.. you know why.

    1. Anonymous Coward
      Anonymous Coward

      Re: Password to wipe the phone?

      I wonder if current phones (android, iphone) have a secondary password to wipe the phone. And the phone not giving a warning.

      No, but you could pre-load the erasure count. If you enter the wrong password 8 times before you approach Customs, for instance, it will nuke after 2 attempts (2 because you could screw up too). This is liable to get you into a lot of trouble, but if you're a genuine criminal I guess that trouble is less than presenting hard evidence.

      That said, on iThings it's all a lot easier anyway. There are ways in which removing confidential contacts, schedules, notes and email en bloc only take seconds, and so far I have not been able to recover as much as a trace with the usual unerase facilities. Apple have done a damn good job, if they didn't change phone models every year I think they would not have much of a problem getting it FIPS 140 certified.

      It's incredible that the sh*te I had to work with when handling protectively marked material is nowadays comfortably outdone by easy to use devices available to your average civilian. On the plus side, I believe that that is how it should be - trying to ban that because bad guys may use it is as sane as trying to ban cars because terrorists now use them.

  20. Schultz

    The complaint is equivalent to:

    We know the suspect is hiding something (diary, the secret Swiss Bank account number, the typewriter,...) , but he won't tell us.

    Plus ca change....

  21. TrumpSlurp the Troll
    Black Helicopters

    Mobile phone gives more security?

    It is relatively straightforward to get a 3rd party mule to carry your data in all innocence.

    The obvious media would be encrypted USB sticks or SD cards.

    However these are usually relatively straightforward to attack by brute forcing.

    From the article it seems that a phone (or some variants) can give an additional wrapper. You have to compromise the phone before you can even see the data to attack.

    This avoids all the issues of call, SMS, and data recording. Just have a friend of a friend take a mobile phone to the destination to be passed on to the friend of a friend. This does of course cause the innocent mule all sorts of problems so to my mind it is mainly a deterrent to people carrying things they cannot unlock through customs. No chance of getting the data but much publicity about not being duped into carrying stuff. Standard question at check in to include "do you own all electronic devices and can you unlock them if requested".

    Oh, and if we are punting ways to encrypt data, how about using a computer controlled sewing machine to embroider information into your underwear? Waistband of your boxer shorts or your bra strap for example? War and Peace might take a while and be obvious but code words, encryption keys and passwords would work. Hold on, I may have just invented an alternative password vault. Password, Officer? Just bear with me a minute <zip>.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like