[Cryptography] NY DA Vance's 'Smartphone Encryption and Public Safety'

Sat Nov 21 08:32:30 EST 2015

At 09:49 AM 11/20/2015, Jerry Leichter wrote:
>> Does DA Vance realize that NY State *requires the use of full-disk
>> encryption* for all of its laptops?
>
>And they probably require that an unlock key be available to the state.

So now we are arguing about key management, not strong encryption, per se.

That's at least a small start.  Most of the public has been led to believe
that encryption -- per se -- is the work of the devil, and is equivalent
to witchcraft that should be prosecuted by burning at the stake.

>> 3.  Were there vulnerabilities in previous versions of the software
>> that *didn't* use default encryption?  Does every vulnerability have
>> to be devastatingly exploited before Apple/Google are allowed to
>> utilize stronger security protocols?  I can think of a number of
>> reasons for going ahead with so-called "full disk encryption" as a
>> default option, having nothing to do with stymieing law enforcement.
>
>There is absolutely nothing in this proposal requiring that makers bring back old versions of the software.

Not per se.  But Vance keeps talking about the "good old days" before Apple's recent move to default encryption, so presumably he would be quite happy if Apple went back to the old "go to fail" software, since he doesn't care about user's data getting pwned by Russian criminals, so long as Vance can pwn these same data himself.

>Sad to say, countering fear with understanding is usually ineffective.  Countering fear with fear works better.

Sad but true.

>> 7.  Access to deleted data.
>
>The courts disagree with you.  After Enron's massive destruction of documents in anticipation of the Feds coming after them, the law was changed so that destruction of data when (I'm going from memory here) you know that it might be evidence of a crime, and where there is any kind of investigation of a crime to which the data might be relevant, even if you don't know about it, is itself a crime.

I wasn't talking about Enron-type deleting, but merely forensic access to old data that wasn't properly cleaned up by traditional file systems -- e.g., FAT.  These data are left in file slack, deleted entries in directories, etc.

Apparently, Vance & other prosecutors want to prosecute people merely for running the Windows "defragment" command, because they claim that running "defragment" is evidence of willful/deliberate destruction of data!

If you want to talk about Enron, that is a whole 'nuther topic.  After Enron, the SEC required preservation of all kinds of email and SMS data for people in financial industries.  All that data from the "Great Recession" mortgage fraud scandal was presumably preserved and available to the SEC for prosecution.  Nevertheless, no one was ever prosecuted.

So Vance's whining about lack of data -- at least for prosecuting financial cases -- is simply B.S., since these data are *already* available to the SEC in unencrypted form just for the asking.  I'm not a lawyer, but I seem to recall that the SEC doesn't even have to get a warrant -- I think they may have "march in" rights to demand these data at any time.