[Cryptography] NY DA Vance's 'Smartphone Encryption and Public Safety'

[Henry Baker]

[I apologize for this long post, but this issue is *really important*.]

Overall, DA Vance is basically whining that things were so easy when all
this cellphone data was there for the taking.  Then he got a 1-2 punch
from the default encryption of Apple/Google and the Supreme Court
requiring a warrant *before* access.

His whole cellphone strategy was destroyed in less than one year, and he
can't think how to replace it.  (Apparently, there's no one left in his
office who is old enough to know how to try a case *without* using
cellphone data -- as he essentially admits.)  BTW, this is also the
NSA's problem: they've relied *solely* on cellphone data for so many
years that they can't imagine how to do their jobs without these data.

My biggest problem with the Vance proposal is that in order to actually
work as advertised, Apple & Google would have to go back to previous
versions of their OS's that have already been shown to be insecure.

Alternatively, Apple & Google will have to install *keyloggers* and
*screenloggers* to log all interactions with all user-installed apps
on the phone.  Since Vance is arguing that these log data *must be
unencrypted*, these data become a *honeypot* for every criminal and
bad state actor in the world, placing *billions* of cellphone users
at an unacceptable risk.

I don't see any room for negotiation here.
---
DA Cyrus Vance prepared remarks November 18, 2015

http://manhattanda.org/sites/default/files/11%2018%2015%20DANY%20Financial%20Crimes%20and%20Cybersecurity%20Symposium%20Remarks%20As%20Prepared.pdf

'Last year, we invested $90 million in *criminal forfeiture* funds to
equip New York City police officers with 41,000 mobile devices,
including tablet computers for every patrol car and handheld devices
for every cop'

For those outside the U.S., "civil forfeiture" (Freudian slip?
-- ironically called "criminal forfeiture" here by Vance)
involves the unconstitutional presumption of guilt and the seizure
of private assets without due process; perhaps Vance realizes that
"civil forfeiture" amounts to *organized crime* by police
departments across the country?)

https://en.wikipedia.org/wiki/Asset_forfeiture

If you do the math, that's $2200 (!) per device.  Are these devices
all expensive Stingrays?

'The third vulnerability of terrorists comes in communications ... But
here, our battle is not only against the terrorists, but against the
misdirected efforts of the mobile device industry as well.'

'But now, the smartphone providers have *locked their phones* in a way
that even they cannot defeat.  The *full-disk encryption* of
smartphones since September of 2014 has presented an enormous setback
to us, particularly in local law enforcement, which accounts for 95%
of the criminal cases filed in the country every year.  Both Apple and
Google advertise as a selling point for their phones that nobody – not
law enforcement with a valid warrant, not even Apple and Google
themselves – can download encrypted data from their phones.  Apple
told its customers, quote: “we can no longer bypass your passcode, and
therefore we can no longer access your data.  So it’s not technically
feasible for us to respond to government warrants for the extraction
of data on your device.” In short, they said, we have *redesigned our
devices* so that even we will no longer be able to comply with law
enforcement warrants.'

Does DA Vance realize that NY State *requires the use of full-disk
encryption* for all of its laptops?  "Full disk encryption is required
for all State issued laptops that access or contain SE information.
Full disk encryption products must use either pre-boot authentication
that utilizes the device’s Trusted Platform Module (TPM), or Unified
Extensible Firmware Interface (UEFI) Secure Boot."  Source: New York
State Information Technology Standard No: NYS-S14-007, IT Standard:
Encryption.

http://www.its.ny.gov/sites/default/files/documents/encryption_standard.pdf

'As a prosecutor, I have *no higher public policy priority* than to
persuade Congress to enact sensible statutes that will protect
legitimate privacy concerns, while giving law enforcement the ability
to access cellphones when necessary to prosecute serious crimes and
fight terrorism. ... I have no doubt that *full-disk encryption* is
a strong branding and public-relations move for Apple and Google in
the wake of Edward Snowden’s disclosures.  But ultimately, the line
between an individual’s right to privacy and the legitimate needs of
law enforcement should not be decided by the marketing departments of
smartphone companies.  That line should be defined by legislatures
and the courts.'

'Today my Office is releasing a Report on Smartphone Encryption and
Public Safety, and with it, our blueprint for a way forward.  We’ve
been working on this report for several months, in consultation with
foremost experts in cryptology, technology, and law enforcement
investigations, to craft a solution that we believe is both
technologically and politically feasible.'

http://manhattanda.org/sites/default/files/11.18.15%20Report%20on%20Smartphone%20Encryption%20and%20Public%20Safety.pdf

'That solution, set forth in our Report, is simple: make smartphones
amenable to search warrants.  Do it with a federal law that says that
any smartphone made or sold in the U.S. must be able to be unlocked –
not by us, but by the designer of the operating system – when the
designer is served with a search warrant.'

'Our solution requires no new technology or costly adjustments.  In
fact, our report makes clear what kind of access we do not seek.  We
do not want a backdoor for the government.  We do not want a “key”
held by the government, and we do not want to collect bulk data on
anybody.'

'Proposed law (from "Encryption and Public Safety"):'

'A "Smartphone" means a cellular radio telephone or other mobile voice
communications handset device that includes the following features:'

'(i)  Utilizes a mobile operating system.'

'(ii) Possesses the capability to utilize mobile software applications,
access and browse the Internet, utilize text messaging, utilize
digital voice service, and send and receive email.'

'(iii)  Has wireless network connectivity.'

'(iv) Is capable of operating on a long-term evolution network or
successor wireless data network communication standards.'

'Any smartphone that is manufactured on or after XX, and sold or
leased in New York, shall be capable of being decrypted and unlocked
by its manufacturer or its operating system provider.'

'The retail sale or lease of a smartphone manufactured on or after XX
that is not capable of being decrypted and unlocked by its
manufacturer or its operating system provider shall not result in
liability to the seller or lessor if the inability of the manufacturer
and operating system provider to decrypt and unlock the smartphone is
the result of actions taken by any person or entity other than the
manufacturer, the operating system provider, the seller, or the lessor
so long as such actions were unauthorized by the manufacturer, the
operating system provider, the seller, or the lessor unless at the
time of sale or lease the seller or lessor had received notification
that the manufacturer and operating system provider were unable to
decrypt and unlock smartphones that had been acted upon in the manner
described above.'

---
Here are some quick thoughts:

1.  It is my understanding that -- absent specific legislation, e.g.,
CALEA -- manufacturers are under no obligation to build products that
make it easier for law enforcement to gather information, whether
subject to a warrant or not.  In short, Apple & Google are not
extensions of the govt and/or its law enforcement wing(s), and this is
a very good thing for any democracy.

So the whole line of questioning regarding the technical feasibility
of various design criteria is out of bounds.

2.  The claims of a proper trade-off between "the loss in personal
security" and the "gain in societal safety".  I'm not a Constitutional
lawyer, but this particular trade-off has already been made in the
Fourth Amendment, and just recently (June 25, 2014) underlined by the
U.S. Supreme Court w.r.t. cellphone data (Riley v. California).

http://www.supremecourt.gov/opinions/13pdf/13-132_8l9c.pdf

The use of the phrase "personal security" is curious, as most people
would have used the phrase "personal privacy".  I conjecture that
Vance is trying to avoid a potential *Second Amendment* challenge,
whereby encryption would be considered to be a *defensive
weapon*/*defensive arms*.  In such a case, he would be paralleling the
loss of a Second Amendment right to "bear arms" with a potential "gain
in societal safety" of proposed gun control laws.

I would seriously challenge this "gain in societal safety" on the
grounds that a universal vulnerability in cellphones destroys the
"herd immunity" of the entire cellphone community, and puts everyone
else at *increased* risk of various worms and botnets.

3.  Were there vulnerabilities in previous versions of the software
that *didn't* use default encryption?  Does every vulnerability have
to be devastatingly exploited before Apple/Google are allowed to
utilize stronger security protocols?  I can think of a number of
reasons for going ahead with so-called "full disk encryption" as a
default option, having nothing to do with stymieing law enforcement.

4.  Vance's proposal requires access to the physical device, and
therefore doesn't create a generic risk to all devices.  First of all,
to the extent that law enforcement can break in with access to the
physical device means that the device is vulnerable to anyone else
with physical access -- e.g., an "evil maid" attack.

Secondly, the difference between a *lawful* access to the physical
device and an *unlawful* access (e.g., by a cellphone thief) is
extremely difficult for the cellphone itself to determine.  If the
cellphone itself attempts to appeal this access to the manufacturer
Apple/Google, then this "appeal" transaction itself can be attacked.

Thirdly, because "everything is software", the mere existence of
unlocking & decrypting code -- supposedly accessible only through
physical access -- provides additional attack surface for *other,
networked* attacks.  So it isn't true that "physical access only"
doesn't also increase the risk of networked attacks.

5.  Why isn't Apple/Google cloud data encrypted?  Why, indeed.  I
suspect that Apple/Google will soon fix this so that there is no
distinction in encryptedness between data on the device and data in
the cloud.

6.  Other nations' access to the data.  To a large extent this is
irrelevant, since these other countries don't have a Fourth or Fifth
Amendment.

But it should also be noted that the recent agreement between the EU
and the US broke down on precisely the basis that the US didn't
properly protect EU citizen's data from NSA's warrentless dragnet.

So Vance's claim that the US provides superior protections to all
other countries is wrong -- at least according to EU courts.

'the US “does not afford an adequate level of protection of personal data”'

http://www.theguardian.com/technology/2015/oct/06/safe-harbour-ruling-growing-chasm-us-eu-data-protection

7.  Access to deleted data.  Vance is clearly overstepping here.  The
*only* reason why "deleted data" is sometimes accessible is due to a
*mistake* in the operating system and file system.  Just like
upgrading SSL to TLS fixes many mistakes, an operating system and a
file system that truly deletes data that is marked for deletion fixes
many potential flaws -- including security flaws.  For example, it is
critical for "forward secrecy" to be able to guarantee that "session
keys" be securely erased.

8.  I'm very troubled by the *suggested legislation*.  Although a
"smartphone" is defined, the definition is not particularly precise,
and there are no definitions of "mobile operating system", "mobile
software applications", "text messaging", "wireless network
connectivity", etc.  For example, does "wireless network connectivity"
include Bluetooth?  Wifi?  Wireless HDMI?

Even worse, there is no definition of "encryption", "decryption",
"locking" or "unlocking".

The biggest hole of all is "application".  If the cellphone user
downloads & installs the Tor Instant Messaging Bundle app, how can
Apple/Google possibly decrypt data -- especially data that isn't
stored.  With the advent of so-called "containers" and "virtual
machines", and application can be an entirely new operating system,
with its own set of apps, etc.  Turing Machines can diagonalize, and
diagonalization is pretty darn cheap these days.