Tag: Cryptography

We Demand Compromised Security!

A few weeks ago, Apple announced that their new OS encrypts data so that Apple literally can not access it without the user’s permission. Google followed by announcing their new Android OS will do the same thing. This has been done ostensibly to prevent the government from forcing Apple to divulge information stored in someone’s accounts. This might prevent law enforcement from executing a search warrant delivered to the company. It might also, however, block agencies from getting phone data without a warrant or notification of the user, as they are want to.

Naturally, law enforcement types don’t like this. Their supporters are up in arms over Apple “enabling criminals” by forcing the government to get a warrant and get your password if they want to search your electronic persons, papers, houses and effects. So the WaPo has proposed a “compromise”:

How to resolve this? A police “back door” for all smartphones is undesirable — a back door can and will be exploited by bad guys, too. However, with all their wizardry, perhaps Apple and Google could invent a kind of secure golden key they would retain and use only when a court has approved a search warrant. Ultimately, Congress could act and force the issue, but we’d rather see it resolved in law enforcement collaboration with the manufacturers and in a way that protects all three of the forces at work: technology, privacy and rule of law.

In short, the WaPo wants the technically impossible: a backdoor that isn’t really a backdoor. And we should entrust this backdoor into every phone in the country to law enforcement — comprising God knows how many people. We should entrust this backdoor to a group of people who recently did this:

For years, local law enforcement agencies around the country have told parents that installing ComputerCOP software is the “first step” in protecting their children online.

Police chiefs, sheriffs, and district attorneys have handed out hundreds of thousands of copies of the disc to families for free at schools, libraries, and community events, usually as a part of an “Internet Safety” outreach initiative. The packaging typically features the agency’s official seal and the chief’s portrait, with a signed message warning of the “dark and dangerous off-ramps” of the Internet.

As official as it looks, ComputerCOP is actually just spyware, generally bought in bulk from a New York company that appears to do nothing but market this software to local government agencies.

Calling it “spyware” is a nice term of art. A more precise description is that it is a keylogger which transmits to third-party servers — without encryption — every key typed on a computer. Passwords, private communications, credit card numbers … all of that is transmitted in clear text. If your child (or you) use a laptop with this malware and someone has a basic packet sniffer nearby, they could take over your life.

(The cops have responded to the EFF, claiming that only an “ultra-liberal” organization who is “more interested in protecting predators and pedophiles than in protecting our children” should care that their software is one of the most unsafe things you could put on your computer.)

This is the group we should trust with backdoors to every cell phone in the country, according to the WaPo.