Featured Post

Why the President Is Wrong on Encryption

Last week, President Obama took a position on the general subject of private-party encryption at the South by Southwest festival in Austin. This is relevant to Apple’s dispute with the FBI regarding the contents of a locked iPhone, which has come up regularly in various discussions on these pages. Quoting the President at some length:

The question we now have to ask is, if technologically it is possible to make an impenetrable device or system, where the encryption is so strong there’s no key, there’s no door at all, then how do we apprehend the child pornographer? How do we solve or disrupt a terrorist plot? If in fact you can’t crack that at all, government can’t get in, then everybody’s walking around with a Swiss bank account in their pocket.

If your argument is strong encryption no matter what, and we can and should create black boxes, that I think does not strike the kind of balance we have lived with for 200, 300 years, and it’s fetishizing our phones above every other value.

I suspect the answer is going to come down to, how do we create a system that, encryption is as strong as possible, the key is secure as possible, and it is accessible by the smallest number of people possible for the subset of issues that we agree is important.

The President is wrong across the board. Let me take things one piece at a time.

The question is not if the technology is possible. The technology already exists. The day after the President’s remarks, the New York Times published a story about WhatsApp. WhatsApp, now owned by Facebook, provides an application that allows its users to send messages and make phone calls over the Internet. (I’m using “phone calls” here in the sense of streaming audio sent in both directions over the Internet. The conventional telephone networks are not involved.) More recently, WhatsApp added an option to allow users to encrypt their text and audio. WhatsApp encryption keys are stored only in the end-user devices. The Justice Department summarizes the situation saying that they have a wiretap order approved by a federal judge, but are unable to implement it due to WhatsApp’s encryption. The encryption is strong enough to resist brute-force attacks, and the algorithm precludes the existence of “back door” keys.

Walking around with a Swiss bank account in my pocket? D’uh! This is the promise of the digital age. The device in my pocket contains, or will soon contain, a library, a concert hall, a movie theater, a still camera with a near-endless roll of film, a video camera that records my family moments, and a dozen other virtual devices. It provides access to my bank accounts, my IRA, my medical records. More months than not you read about another government agency or large corporation whose copies of those things was cracked. I damned well better have a Swiss bank account in my pocket – no one else is taking care of my data.

The past 200 years doesn’t count. It was the age of paper, where copies were hard to make and security meant file cabinets behind locked doors. The Postal Service was largely responsible for transporting sensitive information.  That system made it difficult to intercept, difficult to hide when interception had occurred, and came with stiff punishments for even casual violations of the privacy guaranteed by the government. In the contemporary world, government(s) decided more than 20 years ago in favor of open high-speed data networks with no inherent security mechanisms. The market was allowed to decide that enormous amounts of sensitive information would be stored on computers with operating systems for which actual security was an afterthought. Strong encryption is inevitable, because there’s no other way for businesses to protect information.

The government has a very poor record on limiting access to “need to know” agencies and individuals. Ed Snowden ruined his life demonstrating just how untrustworthy the security apparatus can be. There is no particular reason to believe that any backdoor keys will stay within the defined boundaries. That government agents won’t overreach. That giant corporations won’t give in when the feds lean on them. With regard to that last one, Apple is an exception. When the government applied pressure, or in some cases just made a request, AT&T, Verizon, and others rolled over.

I feel obligated to say something about child pornography. Producing it with live children ought to be a crime. Distributing it at second- or third- or fourth-remove from the production is a harder question. Mere possession is still more difficult. Chances are that some of us here have had such images stored on the computers or phones we own, either now or in the past.   Most users set their browsers to cache images; most users set their browsers to allow promiscuous downloading of content by code that they don’t control; sh*t slips in. Is the computer on which I’m writing this part of some mad Bulgarian’s botnet? I suspect my computer is not running such software, but I’m not sure. One of Cain’s Laws™ says that your computer isn’t secure unless you know what software is running on it. This particular law has become impractical to follow. There are 225 processes currently running on my Mac and I don’t know what they all do. Who’s guilty of what if the Bulgarian mafia stores child pornography in obscure corners of my hard disk, and malware serves it up?  If the Bulgarians use strong encryption to protect it?

This is not a subject on which I’m amenable to any sort of compromise. Either I can have strong encryption for my data, or I can’t. Yes, strong encryption makes law enforcement a more difficult task. But there’s no such thing as encryption that’s “a little bit” weak. The President’s position appears to be that I can’t have it, that the government must be provided with back doors so they can listen to my encrypted audio and read my encrypted files. In one very real sense, though, he’s wrong about that, too. He and Congress can make it illegal for Apple to provide me with strong encryption.  They can make it illegal for me to use strong encryption.  But short of prison, they can’t stop me from writing code to implement it on my own. The genie is out of the bottle.


Staff Writer

Michael is a systems analyst, with a taste for obscure applied math. He's interested in energy supplies, the urban/rural divide, regional political differences in the US, and map-like things. Bicycling, and fencing (with swords, that is) act as stress relief. ...more →

Please do be so kind as to share this post.
TwitterFacebookRedditEmailPrintFriendlyMore options

90 thoughts on “Why the President Is Wrong on Encryption

  1. that I think does not strike the kind of balance we have lived with for 200, 300 years, and it’s fetishizing our phones above every other value.

    If you disagree with my position (ie the government’s position) on X, it’s because you are an X fetishist. This is a pretty common rhetorical tactic for Obama. He did it on health care (no free riding). He does it on guns (bitter clingers). And he does it on national security. It’s very effective in that it pushes the burden on the individual to make himself amenable to the needs of the government. It’s very effective and it’s very disappointing every time I see him do it.

    Report

  2. Micheal

    DAMN FRICKIN’ STRAIGHT. As a free citizen, it is not my responsibility to make life easier for the gov’t. They are my employees. They can live with it. Now, how do we keep the same data away from the phone companies, app developers, etc.? My data is mine. U want it. Buy it.

    Report

    • Apparently the head of the FCC is proposing a rule change that will require ISPs to provide an opt-in for customers willing to allow the sale of their personal data. The downside (presumably) is that everyone who doesn’t opt in will have to pay a higher price for the service to offset the data sale losses.

      Report

  3. If you don’t have anything to hide, you shouldn’t mind if complete strangers know about it and can compile it into a psychological profile that they can then use against you.

    Report

    • ObSF: Cory Doctorow’s short story “Scroogled”, where the psych profiles are compiled using only publicly-available data – e.g. forum posts and Google metadata.

      Report

  4. In the contemporary world, government(s) decided more than 20 years ago in favor of open high-speed data networks with no inherent security mechanisms.

    Quibble, no government actually decided this. The basic internet protocols were designed by people operating on a totally secure and separate network from the outside world (because, you know, they were inventing modern networks so there wasn’t much to attach it to) and literally didn’t think about security because “locking the front door” was pretty much sufficient to keep outsiders out.

    But mostly because they invented the basic internet protocols (TCP/IP) as an internet tool. It was a group of scientists who created it out of an internal need. It evolved, and security was never considered because by the time they saw it as something that might be more than a useful internal tool it was already too late.

    Government was totally happy to exploit that after the internet took off, of course. But it wasn’t designed to be insecure or secure. it was just a tool that some guys in a lab cooked up to make their life easier and to prove some concepts to each other.

    Report

    • The FCC could have — and seriously considered — mandating the ITU’s ATM and X.25 as the high-speed data standards for the US. The large telcos were officially in favor of it (I was a TCP/IP advocate at one of the telcos — it was a lonely time). The cable companies were opposed, since it would have been a disaster for them, and rushed to get systems that the customer saw as TCP/IP over Ethernet deployed. The FCC held off and TCP/IP over Ethernet crushed the competing technologies (as I had predicted it would). Inaction, especially intentional inaction, is a decision. In this case, a critical one.

      Report

      • The insecurity of the internet is not that the *network* protocols are open. If we were using ATM or X.25 instead of IP, it wouldn’t change anything.

        No one is hacking TCP/IP. We had some *really* dumbass problems with that in the early internet, pings of death and Christmas tree packets and whatnot, that tripped up very shitty OS implementations of TCP/IP, but that’s all over at this point.

        The problem is that the *application-level* protocols were often not designed with any sort of security.

        The problem is that HTTP is the default, instead of HTTPS, and moreover we came up with a really stupid and expensive system to do HTTPS with (Instead of just using DNS to authenticate HTTPS certs.) so no one did it for a decade.

        The problem is also that HTTP was designed to serve static files, but was instead slap-dashed hacked into basically being a front-end into Perl and PHP (Which is itself slapdash) and Python and whatever. Thus, absolutely no input checks.

        And the less we talk about the scripting languages thrown on top of HTML, the better.

        And that’s just web sites. The entire design of email is just as fundamentally badly designed, originating in the days where almost everyone had spotty connectivity, with multiple different protocols. FTP’s design is just bone-stupid, requiring firewall holes. Usenet was so broken and insecure that spammers overran the non-pirate areas and it barely exists anymore. DNS is subject to spoofing and cache poisoning, and trying to fix that has been a nightmare.

        There are very few actual well-designed and secure protocols in history. ssh is pretty well setup. (There have been security issues in that, but they’re due to implementation issues, not design problems.)

        Newly designed stuff, like Dropbox and whatnot, usually bakes SSL in, although that’s usually so proprietary we have no idea if it’s actually secure. (There, the security issues usually come from people breaking in, not intercepting data.)

        Report

    • But it wasn’t designed to be insecure or secure.

      Generally speaking, if you do not actively design it to be secure, it is by default designed to be insecure.

      This applies to everything, not just computers.

      Report

  5. Nice post Michael,

    One argument Obama might be appealing to here is that modern encryption makes it functionally impossible for government to access certain types of evidence, even with a search warrant, which is – again, functionally – a radical departure from the way things have always been done. Consider: back in the day, a warrant sufficed for a suspect to either allow the cops to search under their bed for hidden rocks, or to have surrendered the right to prevent the cops from doing so. Either way, the cops were gonna look under your bed. Current encryption eliminates that tool. So in his favor is the argument that some long-established law enforcement practices are effectively rendered null.

    That on it’s own might not be compelling to require back-door entries to encrypted data, tho, since the argument against appears to fall into two main, perhaps overlapping, camps: principle and pragmatics. The first is that citizens ought to have the right, realized by technologies available on the open market, to encrypt data against ANY prying eyes. The second is that if gummint obtains back-door access it’ll ll troll thru people’s data (as they’ve done before!) without warrant or reasonable suspicion, maybe on the flimsiest of pretexts.

    So, while I’m not sure exactly where I fall on the issue, I don’t think Obama’s position (as opposed to his stated words) is absurd. The debate is about balancing the competing interests and worries, which makes me wonder to what extent law enforcement can achieve it’s own (legitimate!) goals without violating an individual’s prima facie right to encrypted data.

    Or maybe to say it more carefully: is it possible for law enforcement to do its job without access to personal (as opposed to corporate, say, or broadly institutional) encrypted data? Or is it that not having access to that data only makes their job more difficult? If it’s the latter, then there’s really no issue for me since I don’t think making law enforcement easier is a compelling reason to provide gummint with tools effectively rendering individual data-encryption useless.

    Report

    • A huge amount of the data they’re claiming they’ve “always” had access to assumes that smart phones and similar devices are directly analogous to snail mail and telephone calls. I don’t think that’s quite right. Your smart phone has basically *everything* on it these days, including information that never would have been recorded in any permanent way until the invention of the smart phone. That’s a whole class of data that law enforcement has always been able to live without and the feds claim that it has always been there is just disingenuously lumping it in with the data that’s more directly analogous to old timey communications.

      The thought that seems to be underlying the government’s position is that any information from any point in space and time that might be useful in a criminal investigation should be available to them, and if that’s not true for any reason, it’s a problem the tech industry needs to solve.

      You mean you weren’t recording your timestamped location 24 hours a day just in case we got a warrant for an investigation? That’s data we’ve “always had” since we started cracking smart phones, so you’re obstructing justice. What if you’re a child pornographer?

      Report

      • Exactly. How much of new tech is your papers and effects, which the government can look at with proper and reviewable procedures under the 4th amendment, and how much of new tech is your brain, which the 5th amendment guarantees the government can’t hack for any reason.

        edit – like Kazzy says below.

        Report

        • *shrugs* The authorities have allies, when they’re in the right. They rarely are in the right, and tend to harass their own allies, which is both dickish and kinda evil. (Sending people to jail just because they know how to do something is pretty shitty behavior. Maybe get better under Clinton? Ha.)

          Report

      • The thought that seems to be underlying the government’s position is that any information from any point in space and time that might be useful in a criminal investigation should be available to them

        Oh yes, I agree. That’s what TIA was intended to achieve: a record of everyone’s location, transactions, movements, data-transers, etc., observable in realtime to better “fight crime” or whatever. The presumption in the government’s position is that it has a right to access and store that stuff, and anything that obstructs the exercise of that right requires defeating the burden imposed by gummint’s (claimed) prior right.

        Report

    • OTOH, if you were a madam who kept your list of johns and their private numbers in code, and kept the key in your head, the government couldn’t force you to reveal it. The only person who could then make use of it is an incredibly sexy widow (who sounds Californian despite having literally arrived from Appalachia on the train last week) who happens to be a mathematical savant and independently invents a method to break your code from first principles, then uses the resulting info to restart the lucrative prostitution business(*).

      More seriously, I see it as directly analogous. If you cooked the books properly, and covered your tracks, it was on the Feds (usually the weaselly little guy played by Charles Martin Smith) to break it. Anything you kept in your skull you could take the Fifth (or the Third).

      (*) This was the plot of an actual 90s late-night soft-core flick.

      Report

        • Nah, it’s easy to remember the weird ones – the ones that were trying to be creative. It’s much tougher when it’s “he’s a lawyer, no, a photographer, and she’s a budding advertising executive trying to supplant the older woman he’s secretly hitting on the side, no, she’s a romance novelist and he’s a private eye, oh hell I need another drink”. When they’re a set of age-and-gender-matched paranormal investigators trying to keep the ghost of a Civil War general from possessing a nubile young woman to fulfill his contract to Satan that would relaunch the War, only with demons counterbalancing the Union’s industrial advantage(*) … well, that sticks in the memory much better.

          As for whether anyone can still see them – well, no. This is a subgenre that existed only because of its time and place, and the technology. No one cares about streaming rights, or even DVD rights, so it’s down to foreign pressings (at $150 on Amazon!) or illegal streams. Which is a damn shame, since a lot of them were better than the drek that today’s minor-league cable channels churn out – even without taking into account that hot young people get naked and writhe about enthusiastically.

          I said it before, I do watch some of these films – unironically – and fast-forward through the simulated sex. It’s not great art, but what is at 10:30 on Thursday night cable?

          (*) Well, yeah, this one also exists.

          Report

  6. “When the government applied pressure, or in some cases just made a request, AT&T, Verizon, and others rolled over.”

    Which is why it’s such a big deal for companies to now say “we won’t build backdoors into our systems for the US government to exploit”. Because right from the get-go they have been.

    IBM invented DES way back in the 1970s when it became apparent that encryption was necessary to ensure data security. The NSA was looking over their shoulders right from the get-go, and when IBM discovered a mathematical technique that made it possible to decrypt DES in a short time (with sufficiently-powerful computers) they ordered them to not publish that technique. It was secret for more than twenty years until it was independently discovered by some mathematicians.

    Report

  7. “…an impenetrable device or system, where the encryption is so strong there’s no key, there’s no door at all…”

    Imagine he was referring to the human mind instead of an electronic device.

    How fucking scary is that???

    Report

    • I’ve often put forth the following thought experiment…

      Imagine a scientist discovered a cure for cancer. There was zero doubt that the formula he devised would cure any and all cancer sufferers on the spot. Unfortunately, the formula exists only in his head and he is not interested in sharing it. How far are we willing to let the government go in procuring it? Would we allow torture? Some sort of brain extraction?

      (There are other questions that aren’t really relevant to this discussion, such as the morality of the scientist.)

      Obama is essentially saying that privacy does not exist. If everything must be hackable, privacy is an illusion.

      And maybe that has always been the case and maybe that SHOULD be the case. But let’s not assume as much because of the words of one man… even the President.

      Report

      • Private property is something that increasingly has less right to exist, because we are increasingly able to create really dangerous shit in a small amount of space.

        But this is the privacy of things, not of ideas. Ideas ought to be fine to keep out of the government’s mindspace.
        (Child Pornographers? Jesus. The issue is conspirators).

        Report

        • I agree, . Saying phones can’t be unhackable would be equivalent to saying paper must be burn proof. Or that burning paper is illegal.

          Then again, we outlaw evidence tampering which I always found silly. If you are the criminal, you should be allowed to tamper with the evidence!

          Report

          • AFAIK, private citizens are allowed to tamper with all the evidence right up until the moment the government informs them they think it’s evidence.

            I think the rules are a bit different for lawyers and corporations.

            All of this is a giant case of the FBI having egg on it’s face and it wants to try and salvage a win out of the fact that it while it was probably busy encouraging malcontents to build ‘bombs’, a pair of actual terrorists popped up and they missed it.

            Report

          • If you are the criminal, you should be allowed to tamper with the evidence!

            That doesn’t sit right with me.

            You don’t have a duty to offer evidence against yourself, that I agree with.

            You don’t have a duty to assist the government’s efforts to gather evidence to be used against you, that I agree with too.

            You don’t have an obligation to testify in your own defense, that I agree with. But if you do elect to testify in your own defense, then you must do so truthfully; your testimony is under oath and if you lie, that’s (usually) perjury, even if you’re acquitted of the charges against you. “If I told the truth, I’d have been convicted” is not a defense to a claim of perjury. The reasoning should be, “If I tell the truth, I’ll be convicted, so therefore I’ll just keep my damn yap shut.”

            Tampering with evidence seems really a lot more like lying under oath than merely declining to assist the prosecution.

            Report

            • I’m thinking more along the lines of the guy throwing his .45 into a sewer drain than bankers cooking books and shredding files. But maybe the former isn’t considered evidence tampering, per ‘s comment.

              Report

            • Tampering with evidence seems really a lot more like lying under oath than merely declining to assist the prosecution.

              The problem here is that people seem unclear about what ‘evidence’ is.

              I can, as a human being that owns property, destroy that property. (Barring various laws about arson and whatnot.) I can do it even if that property could be used to convict me of a crime.

              If I steal money from someone, and I have for some reason videotaped myself doing that, it is perfectly legal for me to erase that tape. Even if the government later can *prove* I erased the tape, for the *specific* purpose of destroying the record of me committing the crime, it doesn’t matter. It was still legal.

              Hell, it is not illegal for me to do that *even after the government has charged me with the theft*.

              Notice my lack of using the word ‘evidence’ so far. In the common vernacular, that tape would be called ‘evidence’. But legally, no, it is not evidence *yet*.

              ‘Evidence’, legally, is something that the government *has said is evidence* (Regardless of whether or not it actually is evidence of any crime.), and, hence, *from that point onward*, I’m not allowed to destroy it, or alter it in any way.

              Note the government doesn’t need to know specifically what it is or that it exists to declare it evidence…but it *does*, at least, have to say ‘Such-and-such thing is evidence, if you have any of that.’ (To some level of specificity, I am not entirely sure what the courts require. They can’t just magically make everything you own evidence.)

              And note this is not the same thing as search warrants. It is perfectly possible, and in fact happens often, that the police assert a certain class of things are evidence (Like, in a murder, ‘all the knives you own or are on your property’.) *before* they get a warrant to try to find those knives. Likewise, if you’ve hidden the knife well enough at your house, the knife can still, technically, be evidence, even if the police do not locate it and you, taking the fifth, do not offer its location. It’s still evidence, and legally you cannot tamper with it. (Not that you could ever be charged with that if they don’t know it exists!)

              Report

              • Can you weigh in on David’s comment here?

                I thought I remember one of the charges against Aaron Hernandez had to do with him destroying security cameras in his own home (though he neglected to destroy the actual tapes… Dumbass…).

                Report

                • Tampering with evidence is a crime. State and federal law vary on the elements, but the question is usually whether a criminal investigation was reasonably anticipated. This sounds like it would be charged: “if the government later can *prove* I erased the tape, for the *specific* purpose of destroying the record of me committing the crime.” He knows that its a record of a crime, and it was reasonable for him to foresee a criminal investigation.

                  Report

                  • Under that theory, literally *anything* done after a crime that’s related to the crime would be tampering with evidence.

                    Stole a wallet, and then later took it out of your pocket? That wallet was obviously going to be evidence, you just tampered with it.

                    Steal a car? Well, the second you just *drove* the car anywhere after you stole it (Which technically happened the moment you hotwired it, or sometimes when you got *into* it.), you tampered with evidence of that crime.

                    Did you sign a fraudulent tax form, which is a crime, and then *put it in a envelope and mail it to the IRS*? Mailing off evidence like that is tampering with evidence.

                    If you commit a crime, there is almost always some result of the crime left over, and as merely *interacting* with something that is ‘evidence’ is generally considered ‘tampering with evidence'(1), if your interpretation was correct, that would be an additional charge on basically *every* crime.

                    In the real world, people who murder people and then *bury their corpse* are not even guilty of evidence tampering, because even the corpse of a murdered person is not evidence until the legal system says so.

                    1) I seem to recall a story of someone who got charged with tampering with evidence because the police wanted his phone unlocked, and instead of telling them the code he grabbed the phone from them and unlocked it.

                    Report

                    • David,

                      I don’t think PD is offering those conditions as a theory as much as what actual law defines as “tampering with evidence”. It may be loose (and it in fact is, for the legalistically minded), but functionally it seems precise enough.

                      Eg, here’s the CO statute defining “tampering with physical evidence”, which is effectively exactly what PD said.

                      Report

                      • Eg, here’s the CO statute defining “tampering with physical evidence”, which is effectively exactly what PD said.

                        …no, it’s not. Or at least, does not match the example *I* gave of erasing a video tape of a crime you committed, which PD said would be destruction of evidence, but clearly would not be under this statute, *unless* investigation had already started, or you thought it was about to start.

                        Now, reading that, it appears I was wrong that you could do it after arrest. Maybe. Although I’m not sure what Colorado defines as ‘physical evidence’. (From just the definitions there, it’s literally anything that exists, so surely there is something else restricting ‘evidence’.)

                        As I specifically pointed out that a lot of the confusion over ‘tampering with evidence’ is over people’s assumption that anything that *would* be useful as evidence (Which literally includes all stolen objects) is magically evidence the second it *exists*, whereas in reality it’s just evidence when the police decide it is evidence and not before (As evidenced by the fact that all thieves are not automatically guilty of tampering with evidence)…I’m not sure why you didn’t go find *that* definition. What is ‘evidence’ according to Colorado law?

                        Federally it appears…there is actually no such thing as tampering with evidence. The charge *there* is impeding an investigation. And that requires an investigation to actually exist, as far I understand it.

                        Report

                        • whereas in reality it’s just evidence when the police decide it is evidence and not before

                          That’s the point of the statue, no? To determine when objects and actions out there in the world constitute “evidence” for the purposes of determining when the concept of obstructing an investigation applies?

                          I’m pretty sure I don’t understand your point David, since the whole purpose of this type of legislation and decion-making is to resolve the issue you’re talking about, even tho it seems you’re criticizing these codes as presupposing the thing they’re intended to resolve.

                          Course, maybe I don’t understand your point. As well as Burt, PD and Chris, for that matter.

                          Report

                          • I’m pretty sure I don’t understand your point David, since the whole purpose of this type of legislation and decion-making is to resolve the issue you’re talking about

                            A lot of people have just decided to read my post like I just *invented* what we were talking about, instead of it being in the context of an examples of ‘Throwing a gun away, because you committed a crime with it’ or ‘Shredding documents that you have no legal obligation to otherwise keep, because they documented a crime’.

                            Those things are still *not* illegal. It is perfectly legal to dispose of things *that would become evidence* if they still existed when the police got around to investigating things, even if for the specific purpose of those things not being evidence.

                            In fact, I’d like to see some proof that CO’s law is actually enforceable the way it is written, that ‘about to be instituted’ works as a standard for anything besides ‘person is taken into custody with contraband’.

                            What the hell does ‘about’ mean there? Almost all crimes are *eventually* investigated. An investigation is a logical outcome of committing a crime.

                            even tho it seems you’re criticizing these codes as presupposing the thing they’re intended to resolve.

                            Uh, no.

                            That legal code basically says exactly what I was saying, except *I* said it’s only evidence if the police waved a magical wand over it (And the person knows it), whereas this law seems to say it’s evidence if there’s an investigation at all. (And the person knows it.) Well, okay, I stand corrected there.

                            But that doesn’t actually change my point, in that a people are very confused about this idea because they are using, basically, a retroactive definition of evidence.

                            Where things that *would have been* useful in an investigation are magically always under ‘evidence’ protection. No. No they are not.

                            The law does not, and cannot, work retroactively, and moreover, that would literally mean all criminals are tampering with evidence while committing their crime!

                            Report

                            • that would literally mean all criminals are tampering with evidence while committing their crime!

                              This makes no sense, David. Unless you’re unintentionally ignoring (eg) the very first clause in the Colorado provision regarding with tampering with evidence:

                              believing that an official proceeding is pending or about to be instituted and acting without legal right or authority

                              If you’re intentionally ignoring that provision I’m not sure what we’re talking about anymore since the purpose of the provision is to establish sufficient conditions under which the rest of the provision takes effect.

                              I mean, if I understand what you’re saying you’re interpretation expands the definition of tampering to include all sorts of (otherwise) “non-tampering” actions, which only acts to make the applicability of the law wider, at the margins – on your interpretation – than intended. But certainly not that it’s incoherent or useless.

                              Report

                              • This makes no sense, David. Unless you’re unintentionally ignoring (eg) the very first clause in the Colorado provision regarding with tampering with evidence:

                                Please do not have some random out of context cite that is clearly me saying *someone’s else’s* interpretation makes no sense without actually including what I was saying they were saying. I am not backing up to find and quote *myself* quoting someone else so I can figure out what the hell this conversation is supposedly about.

                                And I’m, frankly, giving up on this conversation, since there appears absolutely no way to actually GET PEOPLE BACK ON THE POINT, which is, as I said originally, and *the cited statue proves*:

                                It is not illegal to ‘tamper with evidence’ until things are evidence, and things are not ‘evidence’ merely because they have been used in a crime. They, instead, *become* evidence due to the workings of the legal system, and before they are that you can tamper with them however the hell you want. (Barring other laws.)

                                I already said I was slightly wrong about ‘when they become evidence’, at least in Colorado, which makes them evidence when investigation starts even if the police do not know about them specifically yet.(1) This…does not mean the misunderstanding I was trying to correct is right. It’s still not tampering with evidence if you destroy evidence of your own crime before the investigation starts.

                                If people do not believe that at this point, I don’t care. I am giving up.

                                1) Which is something that actually *would* be an interesting discussion, because that law seems *extremely* vague. I rather suspect there are a *lot* of limitations on that law that aren’t obvious.

                                Report

                            • An investigation is required under that particular statute. Phillip Russel was an attorney, whose client (a church) contacted him after discovering someone had downloaded child porn on their computer, and they brought the computer to him to seek his advise on what to do. Since the mere possession of these images was a crime, the attorney erased them and returned the computer to his client. For that he was charged by the DOJ for tampering with evidence under Sarbanes-Oxley (facing up to 20 years), pled down to six months, and suspension of law license.

                              There was no investigation, nor any magical wand that turned the hard drive into “evidence.” The trial judge explained: “a lawyer certainly could see that an official proceeding would ensue. He knew this computer contained images of children engaged in terrible acts.”

                              He was not held criminally liable retroactively, he was held criminally liable for what he knew or should have known at the time he destroyed the images.

                              Report

                              • I have no idea what Sarbanes-Oxley does, or does not, require. It might, indeed, have such stupid standards for corporations. (It looks like they really were aiming at tampering with *records* of illegal things…and missed.)

                                I find it rather surreal that apparently there *is* a law (for corporations) that actually does seem to operate under the premise I said that tampering with evidence doesn’t operate under…and it has exactly the sort of problems I pointed out, where *stopping* doing something illegal is, itself, illegal.

                                Report

                    • You went way too far in your hypothetical with conceding specific intent to your actions: “the *specific* purpose of destroying the record of me committing the crime.” Most people destroy records innocently, and its the burden of the prosecutor to prove they knew the significance of their actions.

                      As a practical matter in your hypothetical, it may not be charged. The murderer is not charged with an extra count of jaywalking. That does not tell us that jaywalking is not a crime.

                      Report

                      • As a practical matter in your hypothetical, it may not be charged. The murderer is not charged with an extra count of jaywalking. That does not tell us that jaywalking is not a crime.

                        Tampering with evidence, in Colorado, is a class 6 felony. That makes it worse than *any* misdemeanor (Or even parking citation) such as jaywalking, which means *that* is what the police would charge someone with, not jaywalking.

                        Jaywalking, of course, is a dumb example, because that’s one of the few crimes where there isn’t really any physical thing the criminal can tamper with.

                        But here’s a fun one: When you’re in a car accident, you’re required to move the car off the road, if you can. (I’m assuming Colorado has such a law.) That *clearly* is altering things that could be part of an investigation. (And remember, there’s no ‘victim’ exception to evidence tampering, so *both* parties are committing it.)

                        Granted, it’s something you have to do by law, so if they actually *charged* you with evidence tampering you’d have a defense of conflicting laws…but I will bet money that law does not include any exception to ‘evidence tampering’ in it, which it logically needs. Why?

                        Because, of course, that’s *not* tampering with evidence in the first place, because there is no investigation yet.

                        Report

                        • Seems to me you’re confusing the subjective state of a “criminal” (scare quotes are necessary!) with the contingent state of investigating that person for committing a crime.

                          Ie.,: you’re episemically confused about epistemology. :)

                          The legal status of “having committed a crime” is radically different than a subjective determination of “having committed a crime”, yes? I mean, there’s a whole institutional structure established to create clear divisions which prevent collapsing the two things, namely, innocent until proven guilty.

                          Given that, the burden is always on the state (or a prosecutor) to establish, for example, that a person destroyed evidence for the purposes of obstructing an investigation rather than destroying evidence to obstruct indications of a crime having occurred. That’s why you’re earlier “bury the body” example is confusing to me. Clearly, burying the body is intended to cover up a crime, but it’s also (in most cases I suppose) not intended to obstruct evidence collection in a pending investigation.

                          This is one of those times when I wanna say “this ain’t rocket science ” while sighing that white people just can’t help themselves from missing the effing point.

                          Report

                  • ‘s description is congruent with my own understanding of the issue, and I endorse it.

                    I’ll supplement it by indicating that to my understanding (n.b., I do not practice criminal law) the crime of obstruction of justice requires proof of specific intent: the reason the defendant destroyed the object in question was to change the result of a judicial proceeding. (Thus, planting evidence is as much an obstruction of justice as is destroying it).

                    And yes, this extends to things you do with your own property. There are lots of things you can do with your own property that are crimes. That’s my toxic waste that I dumped into my own back yard, after all; that’s my handgun that I fired into the air above my own house; that’s my computer that I diwnloaded files I purchased onto; that’s my heroin that I bought with my own money I just shot with my own syringe into my own veins.

                    Report

                      • Whether the evidence one tampers with Is something one owns is, of course, irrelevant to the charge. David clearly pulled that part out of his bum.

                        Uh, no, although you have clearly *misread* what I said.

                        Tampering with *other people’s* stuff is, uh, often already illegal, which is why I specified ‘stuff I own’ to stop people wandering off into the nonsensical idea I could delete *other people’s* video tapes, which I clearly cannot.

                        Report

                        • Your words:

                          If I steal money from someone, and I have for some reason videotaped myself doing that, it is perfectly legal for me to erase that tape. Even if the government later can *prove* I erased the tape, for the *specific* purpose of destroying the record of me committing the crime, it doesn’t matter. It was still legal.

                          That is what you pulled out of your ass. That is unequivocally tampering with evidence, and quite obviously illegal.

                          Report

                          • That is unequivocally tampering with evidence, and quite obviously illegal.

                            And that…is where people are incorrect, exactly what I keep pointing out. Just flatly wrong.

                            Sarbanes-Oxley does, from what I understand, put a specific duty on corporations to keep them from destroying proof of illegal activity. (Which is supposed to apply to records but, at this point, has apparently been applied to fish.) I don’t know anything about that, I’m not a corporation. (But they do apparently have free speech rights, so if any of them want to chime in…?)

                            There is no such duty on individuals. It is perfectly legal to destroy proof of your own crime(1), on purpose, deliberately, as long as you don’t think there’s currently any investigation of that crime. Such as, for the most obvious situation, before the crime is discovered by the police.

                            Again, I point to the fact that, otherwise, *literally almost every criminal* would be charged with that crime. Almost every crime that *has* any physical evidence involves the criminal doing something that would be considered tampering to it!

                            In my hypotherical, you said it’s illegal to erase the videotape. But that’s not where the illegality would start, under your logic. You know what is also tampering with evidence? *Removing it from the crime scene*…so carry the camera away with you would be tampering. Hell, turning the camera *off* would be tampering.

                            You know what *else* is evidence under that logic? The *murder weapon*. And the blood on your clothing.

                            Under your logic, murderers are required, by law, once they murder someone, to stand there, trying not to touch anything, until the police show up to collect their clothing to use as evidence. As much as we would *like* them to do that, that is not how the law works, and they can’t be charged with some additional crime because they fail to do that.

                            Here is a link breaking it down, for a state that has identical laws to Colorado:
                            https://www.jud.ct.gov/JI/criminal/Part4/4.5-8.htm

                            1) Knowingly destroying proof of *other* people’s crime is, of course, being an accessory after the fact. In addition to being tampering with evidence if done after an investigation is started.

                            Report

                            • Makes sense, otherwise authorities would just charge every murder suspect with tampering if they suspected the murder weapon was cleaned, altered, or otherwise disposed of. Every time the police fished a gun out of the Hudson there would be a lesser included offense of tampering.

                              Report

                            • Oh, incidentally, there actually *are* plenty of murder cases where the police come after someone for tampering with evidence because they threw the murder weapon away…

                              …and all of them are because those dolts kept the weapon for some amount of time, and then, *after the police started looking at them*, disposed of it. (And then usually *confessed* to doing that for some inexplicable reason.)

                              Report

                            • You are simply wrong. The law is quite clear — knowledge that it is evidence in existing or reasonably expected investigations and intent — and for better or worse, no amount of reasoning ex ano will change that.

                              Report

                              • Well, you just keep felony evidence tampering every time you move your car after illegally parking it, then.

                                The law is quite clear — knowledge that it is evidence in existing or reasonably expected investigations and intent

                                You do…realize you’re just making words up, right? The Colorado law quite clearly says it’s only evidence tampering if ‘an official proceeding is pending or about to be instituted’. Not if you ‘reasonable expect one’. And there’s nothing about ‘investigations’.

                                ‘an official proceeding is pending or about to be instituted’ does not (as some people in the thread have implied and I, wrongly, sorta accepted) mean an *investigation* is about to start. No. An investigation is not an ‘official proceeding’.

                                A search warrant is an official proceeding. Arresting someone is an official proceeding. Charging someone with a crime is an official proceeding. Some other random things are. It is illegal to tamper with evidence if you think one of those has been instituted, or even if you think it’s *about* to be instituted.

                                A police investigation is not an official proceeding.

                                But, of course, in your book, that entire clause is utterly meaningless, and ‘an official proceeding is pending or about to instituted’ just means ‘If you know a crime exists’, because logically all crimes *eventually* lead to official proceedings (Well, except they often don’t in cases when the criminal isn’t caught, which is what most criminal assume is going to happen.).

                                And ‘eventually’ and ‘about’ are the same word, right?

                                Hey, let’s look at the section of US law that says when *witness tampering* can happen:

                                (i) A prosecution under this section or section 1503 may be brought in the district in which the official proceeding (whether or not pending or about to be instituted) was intended to be affected or in the district in which the conduct constituting the alleged offense occurred.

                                You witness tamper if you convince witnesses to lie *even if* you don’t believe an official proceeding is pending or about to instituted. (A time that, according to you, literally does not exist.)

                                In fact, here’s a fun query for you, https://www.google.com/search?q=need+not+be+pending+or+about+to+be+instituted

                                There’s a whole *host* of illegal court-directed things that criminals cannot do that, where the law, quite literally, say the crime doesn’t require official proceeding to be ‘pending or about to instituted’, which rather implies, WRT to evidence tampering, *that is actually a meaningful restriction*.

                                Report

                                • Sigh.

                                  Look at the Colorado statute again. Then look up the word “prospective”, and contemplate the phrase “about to be instituted.” Also, read this.

                                  I’m done, since you clearly have no idea what you’re talking about, but by all means, continue in my absence if you think continuing to pretend that you do will save face.

                                  Report

                                  • Then look up the word “prospective”, and contemplate the phrase “about to be instituted.”

                                    Yes, I should look up a word that literally does not appear in that part of the law.

                                    Maybe *you* should look up the phrase ‘about to be’.

                                    Also, read this.

                                    First of all, that page is clearly written by idiots, because unless the *FBI* have taken to following people around in cars with flashing lights on them and arresting them for drug possession, nothing Cheech did would be tampering with a *Federal* investigation.

                                    Edit: Of course, actually pulling someone over is, quite obviously, the police *starting an investigation*. At that very moment. It doesn’t require any anticipation at all.

                                    And I can throw just as many dumbass lawyer summaries that say the opposite out there: http://www.columbuscriminalattorney.com/offenses-against-public-administration/tampering-with-evidence/

                                    Secondly, that page pretends to sorta quote the Federal law…but outright lies about it. Here is the *actual* 18 U.S. Code § 1519:

                                    Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11, or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both.

                                    ‘influence the investigation…of any matter within the jurisdiction of any department or agency of the United States’

                                    That is what the law literally says, not ‘an investigation, possible investigation, or other proceeding by the federal government’ as the page tried to claim.

                                    Under Federal law, you can’t alter evidence once you know an investigation exists with an intent to alter the outcome, and you are forbidden from influencing *that* specific investigation. There appears to be nothing that requires any anticipation *at all*. (Unless Sarbanes-Oxley applies, in which case you just have to keep specific records, *period*, regardless if an investigation exists or ever will exist.)

                                    Under a lot of state laws, you are forbidden from altering evidence only once you know there is a search warrant, or you know that, for example, a request for a search warrant has happened but it has not been authorized yet. Possibly even if think some cop is sitting at their desk writing it out. Aka, if it’s *about to be* instituted.

                                    Report

  8. It’s worth remembering, in this whole discussion, that the FBI broke the device themselves by futzing with it. If they had proper procedure–as in, followed the method that Apple had already published for law-enforcement investigators to access information on their devices–then we wouldn’t even be having this discussion.

    Report

    • I think that is relevant to this specific case but not to the broader question of encryption and privacy.

      That said, I’d venture to guess I’m on the same side of this as you but it seemed important to point out that this isn’t JUST about the San Bernadino phone.

      Report

      • …isn’t JUST about the San Bernadino phone.

        Yeah, the Manhattan DA has stated publicly that if the court sets a precedent that Apple has to unlock/decrypt phones generally when requested by law enforcement, he has 175 iPhones related to drug investigations that he wants cracked.

        Report

  9. I think that in the general press, the discussion about balance is incorrectly framed. There’s a lot of talk about the latest encryption and how it affects law enforcement without a lot of talk about how important it is for the modern economy. It seems like the government’s position is, “You have new encryption but no new threats, so we’d like to go back to the old pre-encryption balance of power.” That’s not true, though. The need for strong encryption is greater than ever.

    People like to use analogies to safes and door locks and ask, “Should you be able to have a safe that the police can’t open?” But the analogy is weak because it assumes the digital threat model and physical one are the same. In the real world, my imperfect safe is protected by a number of problems thieves have in the real world. First, there aren’t that many thieves and there are only so many hours in a day. Second, cracking a safe takes time and makes the thief likely to get caught. Third, the police are pretty effective at chasing away and catching burglars. Finally, the police have access to tools that most thieves don’t.

    In the digital world, criminals have access to the same tools as the police (or better, in many cases). They’re not constrained by time or space–one criminal can scan the entire Internet for weaknesses. They’re vanishingly unlikely to have trouble with law enforcement because law enforcement on the web (especially across national borders) is close to powerless. So we’re all responsible for defending ourselves against an onslaught of military-grade burglars 24×7. If somebody from the government can propose a way for us to do that while still allowing the police “special” access, I’m all ears.

    Report

    • tf,
      “one criminal can scan the entire Internet for weaknesses”
      … no, they can’t. Scanning the entire internet tends to slow down the entire internet. Which is kinda noticeable on the global scale.
      [Remember when someone got the bright idea to ask the internet to “gimme all your porn”?]

      Also, at that point, you’re talking one computer program, not one person. Petabytes, people, petabytes!!!!

      Report

      • I have no idea what you’re talking about. Worms cross the Internet doing exactly that all the time. The public IPv4 address space is pretty small as long as your algorithm for spreading is reasonably smart. It’s just not easily done from a single computer or for all possible vulnerabilities. IPv6 will certainly make that statement untrue, but that’s still a Friedman unit away.

        Report

  10. My immediate reaction to this piece is that Michael Cain cannot be completely happy that Apple’s main line of defense is that the political branches need to get involved.

    I think the larger issue that Obama’s questions pose is if this line of investigation is shut-off, either legally or as practical matter, what will law enforcement need to do instead? Communications are afforded relatively less protections in the warrant process because the expectation of privacy depends at a minimum upon the recipient not resending the communication. In contrast, the computer in my basement would require a more invasive search of my premises, including the potential public disclosure that I’m being investigated which may harm my reputation.

    Circling back to my point — the cornerstone of most search and seizure issues is reasonableness, which in turn is going to depend a lot on alternatives analysis. If useful information is no longer available through previous means, law enforcement, the legislature and the judiciary will more than likely normalize alternative means. For example, there may be increased use of no-knock warrants authorizing the government to seize the individual and all electronic devices in the home, with the individual to be released upon communicating the password. (If the password destroys the information, then a felony prosecution) I’m not suggesting that all previous searches would become like this, just that alternatives will be explored, some of which will be more intrusive.

    Report

    • Communications are afforded relatively less protections in the warrant process because the expectation of privacy depends at a minimum upon the recipient not resending the communication.

      In the case of data on a phone, I think you’d have to prove that the data was transmitted & not created on the device.

      Report

    • My immediate reaction to this piece is that Michael Cain cannot be completely happy that Apple’s main line of defense is that the political branches need to get involved.

      Yes, but I understand that their management’s situation is not mine. They’re running a publicly traded company with fiduciary duties and all that. In their particular situation, I agree with the approach of saying that it’s not appropriate for the FBI, Justice Dept, and lower courts to decide whether the 1796 All Writs Act, or even more recent laws, can be stretched so far as “write a custom version of your operating system.” Or, a couple of releases down the road, to take integrated circuits apart a few atoms at a time because the user chose “Really, Really Secure” mode for their phone and software attacks are not possible.

      Report

      • I probably shouldn’t be hard on Apple, its probably their best argument and if legislation is required, there is probably a reasonable chance that nothing will get passed. Also, I think Apple had bad luck to have this issue arise within the context of a significant domestic terrorist incident; this would not be the test case they would choose if they could.

        Report

        • Yeah, but it would never have been good. We’ve already heard tell of child molesters invoked as a bogeyman to justify a decision in favor of the government. No one likes child molesters, any more than anyone likes terrorists. And of course there’s drugs. Drugs are bad, mmmkay? “We need to break in to your phone so that we can make sure you aren’t selling poison to our children.” There’s no end to the number and kind of threats of things that would be really really bad out there that the public legitimately demands the government find ways to protect against.

          There’s no credibly imaginable scenario in which the government isn’t investigating a person who at least looks really really bad and dangerous. The government isn’t going to issue a subpoena to break into the phone of an ordinary law-abiding person whose worst public offense seems to be spending a little bit too much time on the Internet simulating work on a Friday afternoon instead of actually doing it, because no one really cares about that sort of thing.

          We legitimately demand that the governing find ways to protect us against [terrorists] [child molesters] [drug dealers] [mentally imbalanced college students with firearms] [etc.] but we are equally as legitimate in demanding that the government find a way to do so that minimizes the extent to which it impinges upon individual rights along the way. Finding where that balance point exists is inherently the work of the courts.

          This Apple encryption battle is necessary as a point along the road of seeking that balance point, was inevitably going to occur in some form or another, will necessarily resolved in an incomplete victory for both sides, and its resolution will not be the resting point of the underlying issue. That resting point will never be reached because technology will change capabilities on both sides of the issue, culture will change attitudes about the relative importance of privacy and security, and points of interest in law enforcement and public safety will change as what we perceive to be threats and concerns morph over time.

          Report

          • I was more narrowly dealing with the case. I think bad facts can make bad law, or good facts can make good law, however one sees it. A judge can always refuse to consider implications of his ruling on other cases by pointing out that he is just ruling on this warrant today. That prosecutors purportedly have tons of locked phones waiting for the rulings shows that they recognize that their cases may not warrant the inconvenience.

            This is a bad case for Apple because it involves national security, and the owner of the phone has agreed to its search. The main factual issue appears to be the reasonableness of the burden on Apple to comply, and once Apple develops the necessary software update, that burden in future cases on this type of system goes to nearly zero. Law enforcement then takes all of their locked phones to courts for lesser crimes and argues that all Apple has to do now is flip a couple of switches.

            Report

  11. It’s worth mentioning that a lot of the shorthand being used in this discussion is wrong.

    Firstly, the government doesn’t want Apple to decrypt the phone. It’s got a four digit pin, that’s 10,000 possible combinations, the government can do that easy.

    What the government wants Apple to do is produce a version of iOS with both the ‘wipe phone after failed attempts’ and the ‘temporarily lockout use after failed attempts’ features disabled. (Note those two features are mutually exclusive, and they don’t actually know if the phone has *either* turned on.)

    This is only possible thanks to what is, frankly, a bit of oddity of the iPhone: You can plug them into a computer and upgrade the OS even *without* a password…and it’s worth pointing out that Apple *could fix this*.

    Which in turn is an important point that everyone seems ignoring:

    Apple is technically being a bit disingenuous with saying that making this software could be used to always unlock iPhones. Well, no, not in the future. At some point, I suspect Apple is going to announce ‘Yeah, what the government is trying to make us do won’t work on any phone upgraded after this point.’ (Hey, Apple, want to get people thrown into jail for contempt of court and become my hero? Give the government *that* version to install on the phone.)

    But that, in turn, makes what the government is saying completely absurd. What the government has done here is going to cause Apple to change ‘No one can, without risk of wiping the phone, break into a locked iPhone except Apple’ to ‘No one can, without risk of wiping the phone, break into a locked iPhone. Period’.

    Report

    • Or, to put it another way:

      Most companies that build encryption systems either a) have the ability to decrypt the stuff themselves, or b) do not have any way in.

      Apple just *accidentally* left a way for themselves to possibly get in, if they coded something.

      So the government has, indeed, set a precedent here. Already.

      It’s…not the precedent they intended. The precedent is: Make sure even *we* can’t get into stuff we’ve built, otherwise the government will waste a bunch of our time.

      Report

      • It seems like the other precedent they set was, “No matter what the government asks for, fight it in court. If you don’t, they’ll use the fact that you acquiesced to past demands as a precedent if you ever do feel like you have to fight an unreasonable one.”

        Making the argument, “They’ve done everything we asked up until now,” may not have the effect they wanted. It seems like any company with any sense will treat all orders as equally unreasonable now and fight them to the best of their ability.

        Report

  12. This, right here, is something a politician would say, not knowing that he is asking mathematics to solve a political problem

    “I suspect the answer is going to come down to, how do we create a system that, encryption is as strong as possible, the key is secure as possible, and it is accessible by the smallest number of people possible for the subset of issues that we agree is important.”

    If this were a physics problem he would understand that reality is immutable. Obama would not be pressuring anyone to alter the melting point of boron for the government’s greater convenience.

    But it’s a mathematics problem, and he seems stuck on the fact that, just as in physics, we can only discover truths, not change them. He doesn’t realize that he is effectively arguing to have 16 be a prime number.

    Report

  13. operating systems for which actual security was an afterthought

    Also Windows, where it was actively opposed, (Making your word processor and video player into virus vectors counts as sabotage in my book.)

    Report

    • Hey, no macro language for a word processor is complete unless it can reformat the local hard disk.

      My favorite Windows flaw was one that was in some versions of both XP and NT. The OS had a process listening on an obscure TCP port. From an external box, you could telnet to that port, type random garbage and a carriage-return, and the listening box would crash — blue screen of death, dead as a door nail crash.

      Report

      • My favorite Windows “flaw” was a bug that Dungeonkeeper used, because it made its code run faster (way back on like Windows 98). The next release, Windows fixed the bug, and Dungeonkeeper has never run right since!

        (being a soddin’ old game, nobody cares. hardly anyone ever cares to fix even well-liked games).

        Report

  14. In a surprise move, the FBI asked for a delay in today’s court hearing. The Bureau said that they had received information from an outside party that might allow them to unlock the phone without Apple’s assistance. The judge has given them until April 5 to follow up on that information, then report back to the court.

    Report

Comments are closed.