back to article Feds dig up law from 1789 to demand Apple, Google decrypt smartphones, slabs

The FBI has made it no secret that it hates Apple and Google's efforts to encrypt files in your smartphones and tablets. Now court documents have emerged showing just how far the Feds are willing to go to decrypt citizens' data. The paperwork has shown two cases where federal prosecutors have cited the All Writs Act – which …

  1. Anonymous Coward
    Anonymous Coward

    "George, did you chop down that cherry tree?"

    "The answer to that dear father is on this encrypted USB stick"

    1. P. Lee

      Re: "George, did you chop down that cherry tree?"

      I did not have Johnny Appleseed paint a portrait of me holding an axe above my head while standing on said tree-stump, I did not paste it into the book of faces, neither did I sell the cherries and the firewood for profit and keep the records on the USB stick.

    2. ashdav
      Thumb Up

      Re: "George, did you chop down that cherry tree?"

      "Land of the free"

      My a**e. (Anglo Saxon spelling)

      Upvote to the AC OP

      1. Anonymous Coward
        Stop

        Re: "George, did you chop down that cherry tree?"

        Still could be the UK where you get thrown in gaol for not giving out your encryption keys.

        I like Proton mail's idea.

        "Sorry officer I've forgot my login details, here let me reset my password...".

        They you go officer, full access...ooppsie did I not mention they delete the mailbox on a password reset, ahhh shucks.

        1. Michael Habel

          Re: "George, did you chop down that cherry tree?"

          Which then begs question... If Apple, and Co... were / are so hot to trot on pimping up such encryption. Presumably for Our own Good!™ Why not continue this good gesture by at lest giving said "Owners" the ability to set the number of failed logins or, the self-destruction of said "Data" when a Perp... I mean 'Ol Bill decides to take give your Data a good shagging?

          "Sorry officer I've forgot my login details, here let me reset my password...

          There problem somewhat solved... Hopefully iCloud will respect my privacy enough not to plaster everything onto itself... (I may never find out, as I'm a dedicated Fandroid...), But, I will say that Google+ tryed to pull that kinda shit on me once. By posting my Pictures onto its Service without my explicit Permission(s). Perhaps I really should start reading those T&C / EULAs from now on! lol. In any case I only had to catch it in the Act only Once! And, now I don't let the Google+ App near any of my Devices. And it APK gets removed as soon as I've got done rooting the little bugger!

          At which point I begin installing more useful things like AdAway....

        2. BillG
          Facepalm

          Re: "George, did you chop down that cherry tree?"

          What the Feds are conveniently ignoring is Roe v. Wade.

          The U.S. Supreme Court ruling that made abortion constitutionally legal is based on the 14th amendment's inference that all Americans have a "right to privacy".

        3. streaky

          Re: "George, did you chop down that cherry tree?"

          Still could be the UK where you get thrown in gaol for not giving out your encryption keys

          Has this ever actually happened?

    3. T. F. M. Reader

      Re: "George, did you chop down that cherry tree?"

      "I have nothing to hide, father, so I have nothing to fear."

  2. Kev99 Silver badge

    All Writs Act

    Sig Heil, Comrade.

    1. P. Lee
      Joke

      Re: All Writs Act

      Ah, the lesser spotted Communist Nazi!

      1. Bloakey1

        Re: All Writs Act

        "Ah, the lesser spotted Communist Nazi!"

        Ahhh, that would be Sigue Sigue Sputnik <sic> would it not?

  3. Nate Amsden

    still have a backdoor though right?

    for IOS anyways from what I've read it seems the contents on the phone are encrypted, but contents stored in icloud are not encrypted in the same manor so if the data happens to be in icloud (or in google equivalent) then perhaps apple/google could provide *that* data, just not the data on the handset itself..

    me, I don't plan to encrypt, hell I'm still pissed off I have to assign a pass code to unlock my phone in order to install a SSL CA for one of my personal services. Have never lost or had a phone stolen, and worst case there really isn't too much of value/secrets on my phone. Oh maybe you can use my corporate email, big whoop! I could have IT change my password pretty quick.

    Much more important to me is more the work it would take to get a new phone, put my data back on it, customize it etc....

    1. Anonymous Coward
      Anonymous Coward

      Re: still have a backdoor though right?

      The fact that iCloud contents are not encrypted (they are encrypted in transit and at rest, but that encryption is controlled by iCloud, not the end user) is why I don't use it.

      I really wish they'd fix that, I'd love the convenience of backing up instantly to the cloud instead of booting Windows on my laptop, plugging in my phone, and saving the encrypted (with a key I select) backup. Because it is a pain to do those backups I only do it every couple weeks...

      1. big_D Silver badge

        Re: still have a backdoor though right?

        The data in the iCloud is encrypted, as pointed out, apart from email, but it uses a weaker form of encryption - it is the only weak spot in the chain.

        Also the iMessage system allegedly stores its key in the cloud, so is vulnerable.

        1. Anonymous Coward
          Anonymous Coward

          Re: still have a backdoor though right?

          Nope, iMessage is encrypted point to point with device keys. At least for one-to-one, not sure if that's true in a group conversation.

    2. David Austin

      Re: still have a backdoor though right?

      You're the reason IT have the ability to force you to set minimum acceptable security. Try telling legal/compliance "Big Whoop" that someone can nab your phone and read company email...

      1. cortland

        Re: still have a backdoor though right?

        Travelling to another country on business? Some firms won't let employees take ANY data with them, but issue sanitized computers for use once they get where they're going. They might be getting even more restrictive, given USB-stick BIOS-level backdoors.

    3. Mike Bell

      Re: still have a backdoor though right?

      Pretty much all data is encrypted in iCloud, bar emails, by default.

      Consistent with standard industry practice, iCloud does not encrypt data stored on IMAP mail servers. All Apple email clients support optional S/MIME encryption.

      I imagine there are good reasons for storing IMAP data unencrypted out of the box. The protocol supports server-side search, for example.

      1. gnasher729 Silver badge

        Re: still have a backdoor though right?

        The IMAP protocol requires that emails which don't use S/MIME (that's 99.99%) are sent to the receiver in unencrypted form. They can be transmitted in transit by using SSL, but Apple would have to create the unencrypted email before sending it through SSL.

        If the emails were stored in encrypted form, then Apple would still have to be able to decrypt those emails, so in practice storing them in encrypted form doesn't give any gain in privacy and no protection. Encryption can only help you if Apple cannot decrypt it, and with IMAP this just isn't possible.

        1. Yes Me Silver badge

          Re: still have a backdoor though right?

          I have checked RFC 3501 and all of the RFCs that update it, and none of them requires unencrypted text that I can see. So I think you are simply wrong about that.

          It's true that S/MIME has never been much use, and even PGP is rarely used. But there's nothing to stop me sending encrypted text marked as text/plain; charset=UTF-8, which would work fine between consenting adults. Or Content-Transfer-Encoding: base64 if you prefer.

    4. Michael Habel

      Re: still have a backdoor though right?

      I have never lost or had a phone stolen...

      So its OK for someone to get your Phone, and by proxy your gmail / iTunes accounts? Not sure about the latter, but the former can be used to purchase BIG TICKET Items like Phablets or that Google Glass that I've been hearing so much about lately. The prospect of which seems greatly terrifying to me. given the near simplicity of just knowing someone's email address and possibly their Password should it NOT be stored in the Device.

      1. Fatman

        Re: still have a backdoor though right?

        So its OK for someone to get your Phone, and by proxy your gmail / iTunes accounts? Not sure about the latter, but the former can be used to purchase BIG TICKET Items like Phablets or that Google Glass that I've been hearing so much about lately.

        Which was the point I was trying to get across to a colleague who is half my age (BTW, I qualify as a `greybeard`).

        He thought Apple Pay was a Good Idea and I called him out on it.

    5. Anonymous Coward
      Anonymous Coward

      Re: still have a backdoor though right?

      >stored in icloud are not encrypted in the same manor

      I've just had a Sweeney flashback. Whose manor are they encrypted on then? Wherever they are we'll send the boys round in bouncy Granadas, break down the doors and do them over til they fess up or hand over the cheddar.

      1. Jamie Jones Silver badge

        Re: still have a backdoor though right?

        Encrypted backups on 'the cloud' (puke) where only you have the keys: www.tarsnap.com

    6. squigbobble

      Re: still have a backdoor though right?

      "for IOS anyways from what I've read it seems the contents on the phone are encrypted, but contents stored in icloud are not encrypted in the same manor"

      Indeed, they're stored in the shooting lodge.

    7. Chronic The Weedhog

      Re: still have a backdoor though right?

      and for that, we thank you! >8)

  4. Dodgy Geezer Silver badge

    It used to be the case...

    ...that the police would do all the hard work necessary to obtain read solid evidence. And if they didn't have it, they couldn't arrest their suspect.

    Now they seem to arrest people and manufacture their case later...

    1. Jimbo in Thailand

      Re: It used to be the case...

      "Now they [US police officers] s̶e̶e̶m̶ ̶t̶o̶ ̶a̶r̶r̶e̶s̶t̶ [choose to SHOOT TO KILL] people [FIRST] and manufacture their case later..."

      There, fixed it for ya DG!

      1. Anonymous Coward
        Anonymous Coward

        Re: It used to be the case...

        That's a gross simplification of US policing, they don't just shoot first and think later.

        They look at skin color, asses albedo, then shoot.

        1. earl grey
          Mushroom

          Re: It used to be the case...

          yeah, not like some poor sap on a train who looked like a furriner...

        2. Martin Maloney
          Trollface

          Re: It used to be the case...

          "They look at skin color, asses albedo, then shoot."

          Oh, no -- don't shoot Nikki Minaj!

          Perhaps you meant "...assess albedo..."

  5. stringyfloppy

    Apple and Google also persuaded the judge that anyone who has sex with a goat should be burned.

    1. Proud Father
      Joke

      >> Apple and Google also persuaded the judge that anyone who has sex with a goat should be burned.

      Damn it, that's this weekends fun ruined.

      1. Martin Maloney
        Trollface

        Chill, man, chill.

        Don't let stringyfloppy get your goat!

  6. Anonymous Coward
    Anonymous Coward

    On the plus side, at least they're using due process this time, even if they had to go back 225 years to find a process that fitted. Unless, of course, they're only trying the legal route after all the usual illegal methods have failed.

    1. GrumpyOldBloke

      Go to judge, display probable cause, argue for judicial warrant to conduct search and seizure. I love a story with a happy ending.

      The problem is that this will become set in precedent and will become a defacto blanket authorisation. A bit like the responses you see in Oz where the most corrupt, ignorant and inept politicians on the planet award their secret police forces blanket authorisation over the entire internet with a single warrant.

      1. John Tserkezis

        "over the entire internet with a single warrant."

        Update: For some things now, they don't need a warrant anymore.

    2. David Austin

      That would still kinda be good news, I guess? least it would mean Apple/Android's encryption is up to task.

      BTW, Has Microsoft spoken up about beefing up their handset encryption yet? Also, has Blackberry finished giggling to themselves?

      1. Pirate Dave Silver badge
        Pirate

        "Has Microsoft spoken up about beefing up their handset encryption yet?"

        Yes, I think they sent an email about it to all 6 users.

    3. tom dial Silver badge

      What nearly all of those commenting on this overlooked is that access with due process - i. e., a search warrant - is exactly what FBI Director Comey was whining about a few weeks ago. That he was unhappy about proper cell phone encryption is his problem, and that of other law enforcement officials, is largely immaterial. Android has had it for years, and Apple for months, and that is unlikely to change. Court orders demanding that companies comply with law enforcement officials in the investigation have been issued before, and they will be issued in the future. The bottom line is that Google, the various smart phone manufacturers, and now Apple, lack the capability to decrypt the content once they provide that assistance.

      1. Anonymous Coward
        Anonymous Coward

        "The bottom line is that Google, the various smart phone manufacturers, and now Apple, lack the capability to decrypt the content once they provide that assistance."

        Until the law gets twisted so that anything that lacks an override of some sort is tantamount to espionage. Apple and Google are both US-based companies, so what happens when that kind of law or interpretation or ruling is trust in their face?

        1. tom dial Silver badge

          The law, in the US, is very unlikely to be changed to require a back door to encryption. That was largely settled a couple of decades ago in connection with the Clipper chip and related proposals for data encryption systems.

          In any event, there is a good deal of encryption technology, along with some probably fairly good implementations that, if not known to not have back doors are at least not known to have back doors. There also are quite a few competent cryptographers in the private sector. As long as there is free software we, including the criminals among us, will be able to have and use encryption for privacy, and the police will have problems dealing with it. But unlike Russia, China, and a few others (including some we think of as democratic) the US, and I think other Five Eyes governments, do not restrict the use of cryptographic systems by citizens and are unlikely to do so going forward.

          Apple, Google, and other companies can be trusted to look after what their executives and directors consider the interests of the company (and themselves) and their shareholders. In the case of successful companies that will result in products that, like the iPhone and Galaxy, their customers think meet their needs or wants. They now think at least some of their customers want decent encryption, so they (claim to?) provide it.

          1. NumptyScrub

            But unlike Russia, China, and a few others (including some we think of as democratic) the US, and I think other Five Eyes governments, do not restrict the use of cryptographic systems by citizens and are unlikely to do so going forward.

            No they don't stop you from using encryption, however at least one (the UK) has made it a criminal offence to refuse to decrypt on demand (including being unable to decrypt on demand), with a custodial sentence. The original RIPA section 49 offence stated "up to 2 years", but there has been talk of increasing it to 5 or more years maximum "because paedophiles".

            So yes, I can use encryption on an Apple handset, and yes, I am criminally liable if the UK police force cannot decrypt that content on demand. We're degrading back to the "guilty until proven innocent" days.

            1. Matt Bryant Silver badge
              Stop

              Re: NumptyScrub

              ".....there has been talk of increasing it to 5 or more years maximum "because paedophiles"....." The five years only applies to terror investigations (even complete idiots (IMHO) like Christopher Wilson only got six months). Oh, and because, of course, paedos don't exist, right? They were just made up so The Man could 'oppress' you. And even if the did exist there was no chance they would use computers to exchange evidence of their illegal habits, or 'freedom-loving' systems like TOR, and no way they would ever use encryption in an attempt to avoid discovery of said evidence! No, Comrade, you've hit the nail on the head - paedophiles are just a lie to oppress Those Who Know The Truth!

              Ahem -

              http://www.bbc.com/news/technology-27885502

              http://www.bbc.co.uk/news/uk-england-london-14169406

              http://www.theregister.co.uk/2010/07/27/ripa_iii/

              http://www.theregister.co.uk/2010/03/17/wales_auditor_charged/

              Even your fellow tinfoil-wearers are not denying paedos exist, use encryption and do use TOR:

              https://www.facebook.com/ArmyAnonymous/posts/402431969912755

              ".....We're degrading back to the "guilty until proven innocent" days." Not really when you consider the coppers could previously charge you with obstructing an investigation if you refused to decrypt, it's just the new law is a lot quicker and simpler for the Police to use, meaning less time and resources are wasted.

              1. NumptyScrub

                Re: NumptyScrub

                The five years only applies to terror investigations (even complete idiots (IMHO) like Christopher Wilson only got six months).

                From the first paragraph in this linked article:

                "Refusal to comply can result in a maximum sentence of two years imprisonment, or five years in cases involving national security[1] or child indecency[2]"

                Oh, and because, of course, paedos don't exist, right? They were just made up so The Man could 'oppress' you. And even if the did exist there was no chance they would use computers to exchange evidence of their illegal habits, or 'freedom-loving' systems like TOR, and no way they would ever use encryption in an attempt to avoid discovery of said evidence! No, Comrade, you've hit the nail on the head - paedophiles are just a lie to oppress Those Who Know The Truth!

                Contains only supposition or strawman arguments. Come on Matt, you can do better than that.

                Even your fellow tinfoil-wearers are not denying paedos exist, use encryption and do use TOR:

                And an ad hominem attack to finish. How quaint.

                To sum up, I said that RIPA s49 was extended to 5 years "because paedos" and the link above corroborates that assertion (it also corroborates your assertion that it was extended "because terrorists" when it mentions national security). I never said paedos do not exist.

                Are you one of those people who would give up essential liberty to obtain a little temporary safety? I'm not. I'd rather have the right to privacy, and allow terrorists and paedophiles the same right. Because until they have been convicted of an act of terrorism or paedophilia they are innocent and should be afforded all the same rights as any other sentient being. That's how "innocent until proven guilty" works. Some guilty parties get away with it in the absence of proof, but it was decided that this was preferable to innocent parties being punished for acts they had not committed.

                Are you really so desperately scared of terrorists and paedophiles? Cars are more dangerous, they kill and injure more people each year than terrorists and paedophiles combined. You should be campaigning for stricter government control of cars and 24/7 surveillance of drivers if you want to make the UK a safer place for everyone. ;)

                1. Matt Bryant Silver badge
                  FAIL

                  Re: UnfunnyScrub Re: NumptyScrub

                  "......Contains only supposition or strawman arguments....." Actually it only contains mocking of your blinkered outlook. TBH, I'm not really surprised you missed that. I note you don't want to post a counter to any of the articles I linked to, is that because you now are forced to admit that paedophiles were not 'imagined up' by The Man just to oppress you?

                  ".....I said that RIPA s49 was extended to 5 years "because paedos" and the link above corroborates that assertion....." What, you're still trying to ignore that the Act specifically mentions terror? The Act itself (see here http://www.legislation.gov.uk/ukpga/2000/23/part/III/crossheading/offences if your blinkers allow) specifically links to the Terrorism Act 2006 (http://www.legislation.gov.uk/ukpga/2006/11/contents).

                  And rebleating Benjie Franklin again? Seriously, you need to get some new material as your whole comedy routine is getting staler than Michael McIntyre's. I suggest you spend less time ovinely absorbing righteous froth sites and read up on a Leftie like Ben Elton, who is original and funny even when speaking absolute tosh (https://m.youtube.com/watch?v=vaXis4wi78w). Or is Mr Elton too old and no longer considered 'hip' by today's fashionably faux outraged youth? Then again, Elton did ditch his righteous outrage for a bit of commercial capitalism when he started making money of his novels and West End musicals (http://en.m.wikipedia.org/wiki/Ben_Elton#Criticism).

                  "....Are you really so desperately scared of terrorists and paedophiles?....." Well, not paedos as, unlike you (going by your posts), I am well over the age of consent. But, having seen first-hand the effects of terror, having actually visited many parts of the Middle East over an extended period, and being able to read grown-up news sites, I am concerned at the threat of terror. Don't tell me, I have to now include a list of terror acts as you now want to insist terrorism doesn't exist as well?!?

                  1. NumptyScrub

                    Re: UnfunnyScrub NumptyScrub

                    Oh Matt, I'm not the one posting blatant ad hominem attacks, am I?

                    "......Contains only supposition or strawman arguments....." Actually it only contains mocking of your blinkered outlook. TBH, I'm not really surprised you missed that. I note you don't want to post a counter to any of the articles I linked to, is that because you now are forced to admit that paedophiles were not 'imagined up' by The Man just to oppress you?

                    I'm not the one making any claims regarding the existence (or not) of paedophiles, you are attributing an unstated (and untenable) position to me just so you can attack it. I know they exist, and I am happy to state categorically "paedophiles are a real thing that really happens and has been happening for several thousand years". It's no excuse (IMO) for increasing the sentence for keeping your mouth shut to longer than aggravated assault, though. There is literally no point "countering" articles you posted when I agree that paedophiles exist, is there?

                    ".....I said that RIPA s49 was extended to 5 years "because paedos" and the link above corroborates that assertion....." What, you're still trying to ignore that the Act specifically mentions terror? The Act itself (see here http://www.legislation.gov.uk/ukpga/2000/23/part/III/crossheading/offences if your blinkers allow) specifically links to the Terrorism Act 2006 (http://www.legislation.gov.uk/ukpga/2006/11/contents).

                    Nice to see you also managed to somehow miss my very next next sentence when you claim I am "ignoring that the Act specifically mentions terror". Well, it specifically mentions national security, which does technically cover terrorism alongside other, less terroristy things like espionage and treason. However you seem to be ignoring the bit where you stated it was not extended for child abuse cases, yet your link shows clearly that the extended sentence is for child abuse cases as well as national security. It's fine, this is clearly an emotive subject for you so I'm happy to overlook that and focus on the facts :)

                    And rebleating Benjie Franklin again? Seriously, you need to get some new material as your whole comedy routine is getting staler than Michael McIntyre's. I suggest you spend less time ovinely absorbing righteous froth sites and read up on a Leftie like Ben Elton, who is original and funny even when speaking absolute tosh (https://m.youtube.com/watch?v=vaXis4wi78w). Or is Mr Elton too old and no longer considered 'hip' by today's fashionably faux outraged youth?

                    I'm well aware of Mr. Elton, thank you very much. I just don't agree with much of what he says, even if it was vaguely amusing at the time. I do however strongly believe in personal responsibility, something which has fallen very much out of favour recently, but is encompassed in that quote from B-Fran (or whatever bastardisation of his name the current generation would come up with). I do not require wrapping up in cotton wool and 24/7 surveillance to be safe, I am responsible for my own safety. All of the community are responsible for the safety of the community, and pretending otherwise is idiocy.

                    "....Are you really so desperately scared of terrorists and paedophiles?....." Well, not paedos as, unlike you (going by your posts), I am well over the age of consent. But, having seen first-hand the effects of terror, having actually visited many parts of the Middle East over an extended period, and being able to read grown-up news sites, I am concerned at the threat of terror. Don't tell me, I have to now include a list of terror acts as you now want to insist terrorism doesn't exist as well?!?

                    I lived through the various IRAs bombing London from the 70s onwards, and yet I hold the views I do. People act like terrorism is a new thing that we need to start responding to, except it has been going on for thousands of years. The point of terrorism is to cause terror; if you do not let it terrify you, it ceases to be effective. If the community as a whole refuse to be cowed, then terrorism loses its point.

                    I refused to be cowed by the (p/r)IRA then, and I refuse to be cowed by IS or Al Qaeda or whoever the muppets du jour are now. Doing it my way requires no extra powers for security services, it just requires the public to take responsibility for themselves and for their community (you do not need blanket communications surveillance if members of the public are reporting dubious individuals to you, you can then obtain valid surveillance warrants using existing due process). Depressingly, people these days seem to refuse to take any responsibility for themselves or their community, and instead demand that someone else do it all for them.

                    If people would just man person the fuck up and take responsibility for themselves and others, we wouldn't be in this shit in the first place :(

                    1. Matt Bryant Silver badge
                      WTF?

                      Re: UnfunnyScrub NumptyScrub

                      "Oh Matt, I'm not the one posting blatant ad hominem attacks, am I?....." No, you're just the one posting easily debunked gumph and little else. Like your insistence that the authorities made up paedophilia just so they could oppress you.

                      ".....I'm not the one making any claims regarding the existence (or not) of paedophiles...." Er, yes you did! I'm glad to see you're smart enough to have decided to abandon the pretence.

                      ".....I'm well aware of Mr. Elton....." Just not aware of him enough to provide anything other than the constantly rebleated Franklin quote.

                      ".....I do however strongly believe in personal responsibility....I am responsible for my own safety...." LOL, so you run the fully-independent State of NumptyScrub, complete with your own police, armed forces and legal system? Yeah, like bollocks you do! You are a citizen of a state and the state provides those services and expects you to assist them in doing so by at least abiding by the laws and cooperating with your national law enforcement officers.

                      ".....All of the community are responsible for the safety of the community, and pretending otherwise is idiocy......" So how do you propose to find, track and arrest those members of your community that seek to harm your community? What, ask them all nicely "are you a terrorist or supporter of terrorism?" (obviously, you wouldn't want the Muslim members of the community asked as that would be profiling and just not PC, right?).

                      ".....I lived through the various IRAs bombing London from the 70s onwards, and yet I hold the views I do....." Then I suggest you get out and visit a few bits of the World suffering from the current Islamist threat. London under the limited threat of the IRA was nothing compared to what is happening daily in Afghanistan, Pakistan or Iraq, and the IRA had very limited lethal intent compared to even just Al Quaeda.

                      ".....I refused to be cowed by the (p/r)IRA then....." Of course, you missed the bit where the IRA were defeated largely due to intelligence work, including phone taps by the GCHQ. No, you seriously think it was all down to just your brave front, because you 'manned up', that was what kept all London safe? LMAO!

        2. Chronic The Weedhog

          <quote> Until the law gets twisted so that anything that lacks an override of some sort is tantamount to espionage. Apple and Google are both US-based companies, so what happens when that kind of law or interpretation or ruling is trust in their face? </quote>

          You make a good point.

          If a law of that sort were to pass here in the USA, it would have to be accompanied by laws that forbid anyone from leaving the nation without permission, because otherwise the companies affected by this would simply relocate their corporate HQs to nations that would rather have the tax income than to be bothered about what anyone has encrypted on their phone, USB stick, or other encrypted device.

          If this was going down in China, Russia, or even Romania, I would expect far different results, and a far different response. For starters, in several of those places, it would have been illegal to sell a device with encryption preinstalled that doesn't have a method for federal circumvention. But take some place, like say, the Cayman Islands, Pitcairn Island, or even any large nation that doesn't particularly agree with the methods and ways of the "5 eyes" nations.... any of those places would be more than happy to take on any one of America's corp-HQs, so long as doing so doesn't result in all out war.

          Now, here's the problem with the USA creating laws like those... our nation was born of insurgency and rebellion, and among a large number of the populace, that spirit still lives. While the government's military capabilities have grown exponentially since this nation's beginnings, the last few decades have shown that even a super-power can be lead into a war without end that they cannot resolve on their own without violating the very laws they helped to forge internationally in the first place (such as laws against ethnic cleansing and genocide). The sort of reversal of overall national and international policy required to allow for the aforementioned scenario would most certainly degenerate swiftly into a bloodbath in the streets. That might sounds extreme, but considering that one of the most popularly known acts attributed to kicking off the Revolutionary War was the Boston Tea Party, it doesn't seem so far fetched that nation filled with reality show fans and people ready to riot at the drop of a hat would be more than happy to thrown down all over again over something with just as trivial beginnings just to make a much grander point in the end.

          My advice to our legislators would be to tread carefully, always.

      2. Michael Habel

        That he was unhappy about proper cell phone encryption is his problem, and that of other law enforcement officials, is largely immaterial. Android has had it for years, and Apple for months, and that is unlikely to change.

        And, here I thought.... (And I'm the last One to come to crApples Defence here)... That Apple had encryption in the iPhone5S, and Google were just starting to roll it out with Android 5 (Lolipop)

        So... [CITATION NEEDED]

        1. earlyjester

          I think it came in with v4.0.4 ice cream sandwich...

          1. Matt Piechota

            "I think it came in with v4.0.4 ice cream sandwich..."

            That sounds right, my phone has been encrypted for 2 years now, currently 4.2.4. I don't remember which update it was when I first did it.

        2. tom dial Silver badge

          Android 3.0. See:

          https://source.android.com/devices/tech/encryption/android_crypto_implementation.h

          For what it's worth (off topic) I am reverting after a week or so trial to Google as the default search engine for Chrome. DuckDuckGo returned a substantially less informative list.

    4. Eddy Ito
      Unhappy

      They hardly went back 200+ years. The act in question has been hacked, patched, amended and some parts were even found unconstitutional way back when. It was amended at least six times before the 1900s and a few more since then. While I have no inclination to compare the original with the current form I will state that it was shortly after this bill was passed that the second President signed the Alien and Sedition Acts. One of which the U.S. used during WWII to take property belonging to US residents who were from Axis countries. I can't wait until they dig up that old chestnut again to go on another xenophobic stampede.

    5. Matt Bryant Silver badge
      Facepalm

      Re: moiety

      ".....they had to go back 225 years to find a process that fitted....."

      (CENSORED)

      (CENSORED)

      (CENSORED)

      Oh, and the All Writs Act was last rewritten in 1911 and amended several times since.

  7. I_am_Chris

    Witches

    If the feds do find anything incriminating on a smartphone, will the owner be burned as witch? Or borrow one of those guillotines that were all the rage in France in 1789...

    1. Anonymous Coward
      Anonymous Coward

      Re: Witches

      Very good point 'The Punishment Must Fit The Crime'...Ducking Stool manufacturers are in for a bumper New Year!

    2. elDog

      Re: Witches

      Hell - devils. Isn't there some ancient Abrahamic law that requires the possessor of the parchment to help decipher the contents? Or the wrath of some decrepit god will smite thee upon thy left-most cheek?

      (Of course, in the traditional western "cultures", there can be no laws before those imposed by the god(s) who imposed them on them. I'm blessedly unschooled in all the other writs that can be dredged up before 6K years ago.)

      1. Anonymous Coward
        Anonymous Coward

        Re: Witches

        " Or the wrath of some decrepit god will smite thee upon thy left-most cheek?"

        And Yea, Shall it Sting....

        (sorry, from an old comic called "brain damage"). One of those random lines that stays with you forever

      2. HausWolf

        Re: Witches

        And the count of thy smiting shall be three.Three shall be the number thou shalt count, and the number of the counting shall be three. Four shalt thou not count, neither count thou two, excepting that thou then proceed to three. Five is right out.

  8. Graham Marsden
    Alert

    "necessary or appropriate"

    These words suggest that this Act was not intended to give any particular court or jurisdiction carte blanche to do anything they damn well please.

    1. Penguintopia

      Re: "necessary or appropriate"

      Correct. It was intended to prevent some sharp lawyer from making a claim that some specific writ wasn't authorized by Congress and thus having his client avoid prosecution on a technicality.

    2. Roo
      Windows

      Re: "necessary or appropriate"

      There is an upside to systematic abuse of this law, it would render a huge amount of legislation null and void, and as a result put some lawyers out of work. :)

      Joking aside though the judiciary may as well throw out the rule books now. Pointless having them exist beyond the convincing the masses that justice is done now, and even that could be handled by Judge Judy re-runs.

      1. Penguintopia

        Re: "necessary or appropriate"

        Actually, if you read the order:

        https://www.documentcloud.org/documents/1372280-apple-oakland.html

        it's fairly clear that Apple is being ordered to assist the government in the execution of a warrant. So the government did go through the correct procedures. As a third party with the potential to provide assistance in execution of the warrant, Apple is an appropriate target for the write. But note well that Apple's cooperation is limited to any potential capability that they have of a) extracting the encrypted data and providing a copy of the encrypted data to the government or b) bypassing the lock code. If Apple doesn't have the ability to do (b), they can do (a) and then the government may attempt a brute-force attack on that data.

        I don't see problem here. And the "All Writs Act" is a good reason for Apple to implement one-way encryption that can only be undone by the users passphrase OR brute force.

        1. Yet Another Anonymous coward Silver badge

          Re: "necessary or appropriate"

          Because "All possible assistance" could include requiring Apple to send a copy of your key to Langley. After all you don't want to be aiding terrorism/drug smuggling/child porn/stepping on the cracks in the pavement - do you?

          And of course once fitted the feature will be available to other partners, like the police, IRS, INS etc. then other governments are going to want it. Hey Apple, want to sell in China/Russia/South America - well we want access to the same keys.

          1. Michael Habel

            Re: "necessary or appropriate"

            Apropos Apple, Blackberry and perhaps Lollipop Android... How are they appeasing their Chinese Leaders there? I thought they weren't so keen on letting their Citizens have that much access to this Freedom of Speech thing... Least the Leaders wake up One day with there Backs against the Wall when the Revolution comes...

            1. tom dial Silver badge

              Re: "necessary or appropriate"

              I believe we have seen how it worked with Blackberry v India - not all that well. The case with Android (since version 3) and Apple iOS (beginning with version 8) is a bit different, in that Google and Apple do not have the technical capability to assist law enforcement with decryption, and they are not the service providers who might be in position to do so. With Apple and Android encryption it also is not clear to whether or to what extent communication providers can help, either, if customers can install software.

          2. tom dial Silver badge

            Re: "necessary or appropriate"

            Well, shame on Apple if they have a key that will decrypt a customer's data. If they do, it is a fair target for law enforcement as well as any hacker who can breach their firewall or social-engineer their staff.

  9. imanidiot Silver badge

    Given the possible interpretations of many US acts and constitional amendments the intent is not always how it is actually used nowadays. Theres a lot of interpretation possible with some laws. And not all of those seem logical.

    1. Anonymous Coward
      Happy

      And cue family guy link....

      The right to bear arms!

      http://minglemediamarketing.com/wp-content/uploads/2014/08/Family-Guy-Right-to-Bear-Arms.jpeg

      or

      https://www.youtube.com/watch?v=0gCwA3qCVZA

  10. aurizon

    We must comply

    We have attached a brute force decryption machine to the iPhone you wish decrypted.

    We estimate it will complete this task in 1247 years, past next Wednesday, please have one of your descendants call on one of my descendants at that time...

    1. Christoph

      Re: We must comply

      In 1247 years you will be told that the answer is "42"

      1. Michael Habel

        Re: We must comply

        No I don't think so, not unless the Years just roll by in those "Higher Dimensions"... I think the time it took to calculate "42". Was Seven, and a half Million Years... Not 1247...

        1. Anonymous Coward
          Anonymous Coward

          Re: We must comply

          But as a year is simply a planet's period of rotation about its nearest star, and Deep Thought was not on Earth, the conclusion we can easily come to is that a year passes at a different rate there than it does here.

          It is possible (if unlikely) that 7500000 years there is 1247 years here.

  11. Captain DaFt

    Eh, What next? Older laws?

    "In as much as the accused witch has writ knowledge most profane and occult.

    Then entrusted said knowledge to a poppet that willfully resists the Church and wit of the magistrate to examine such.

    The poppet shall be consumed in pyre, and the witch shall be pilloried for not less than three days.

    Then should said witch refuse to recant the evil ways and confess. The witch shall be hanged by the grace of God Most Merciful. AMEN."

    1. Anonymous Coward
      Devil

      Re: Eh, What next? Older laws?

      - no no no, everyone knows you burn the witch; like Joan of Arc always hearing voices with no person arounbd - must be wicked magic - so burn them all

  12. Anonymous Coward
    Thumb Down

    Zounds! I envisage a threat to public order!!

    Speaking solely for my own person, I am delighted to see our constabulary endeavoring to decipher the contents of these strange voltaic contraptions. Who knows what knavery that rapscallions, lusty rogues and the odd charlatan might otherwise accomplish! If such affrontery is allowed to run rampant, we risk the impairment of the high public morals that are the keystone to a harmonious society. Why, just yesterday my footman Ceasar had the cheek to ask me that I not sell his children to another planter in the next county! It pained me greatly, but I saw no recourse but to have the varlet horsewhipped. My wife was greatly distraught by this, and I had to remind Mrs. Marketing Hack that it was not a woman's place to understand or judge these matters and she had best get back to her sewing, lest I cuff her as well. Alas!, such are the measures that forstalling anarchy forces upon my gentle soul!

    Indeed, as a man of these United States, I stand forthrightly with the efforts of our federal bailiffs to enforce decency and upright behavior amongst the citizenry. I am sure that their employment of such laws will preserve our young nation's golden reputation for modernity and liberty!!

    /sarcasm off

    (Dear Feds--how about you get a warrant, sworn out by a judge, requiring that a subject of an investigation/prosecution is required to provide his password for any devices, and throw him in jail for contempt of court if he refuses to give it? Oh wait, that takes some effort and means you have to let people know that you are accessing data on a device, and prevents you from accessing whole classes of devices in secret. Forgive my insistence that you actually act to preserve public freedoms rather than undermine them.)

    P.S.--Many thanks to thesaurus.com in writing the first section of this post

    1. Charles 9

      Re: Zounds! I envisage a threat to public order!!

      (Dear Feds--how about you get a warrant, sworn out by a judge, requiring that a subject of an investigation/prosecution is required to provide his password for any devices, and throw him in jail for contempt of court if he refuses to give it? Oh wait, that takes some effort and means you have to let people know that you are accessing data on a device, and prevents you from accessing whole classes of devices in secret. Forgive my insistence that you actually act to preserve public freedoms rather than undermine them.)

      You forget that, unlike in England, one is protected from self-incrimination by simply pleading the Fifth Amendment (which explicitly protects against that). If a defendant refuses to answer that's one thing, but not even Congress has been able to get around someone answering, "I plea the Fifth."

      1. Yet Another Anonymous coward Silver badge

        Re: Zounds! I envisage a threat to public order!!

        > not even Congress has been able to get around someone answering, "I plea the Fifth."

        Although the "put a bag over your head and a secret flight to a secret prison in Syria then attach electrodes to you" policy was a sort of way of getting around it.

        1. Matt Bryant Silver badge
          Facepalm

          Re: YAAC Re: Zounds! I envisage a threat to public order!!

          "Although the "put a bag over your head and a secret flight to a secret prison in Syria then attach electrodes to you" policy was a sort of way of getting around it." <Yawn> ooh, look, another ill-informed snark about extra-ordinary rendition. Shame those that cling to the Fifth as a 'get-out-of-jail-free-card' never seem to actually read nor understand the actual text of the Amendment itself, especially this bit:

          "....except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger....."

          So, only applies on US soil in cases under US criminal law, and even then the Fifth can be over-ruled in cases of 'public danger'. Terrorists abroad need not apply. But, even given the vast wriggle room of 'public danger', it is not going to be over-ruled in skiddie and hacktivist cases In US courts unless the idiots concerned did something to put the public 'in danger' (such as refusing to stop an on-going DDoS of the 911 service at the time of trial).

      2. Anonymous Coward
        Headmaster

        Re: Zounds! I envisage a threat to public order!!

        @Charles9

        The Fifth Amendment right to not self-incriminate does not extend to search warrants. If a cop comes to your home with a warrant, you can't grab your diary and throw it in the fireplace and then say "Letting you read that would have resulted in me being incriminated by my own writings". The amendment means that you cannot be forced to testify in court or make a confession, and any information that is forced from you after you invoke your right (or sometimes before, depending on circumstances) is inadmissable.

        As for property and possessions covered by a warrant, if the cops seize your diary stating "Dear diary--I beat up a nun today", then chances are the prosecution is going to use that as an exhibit in the trial.

      3. tom dial Silver badge

        Re: Zounds! I envisage a threat to public order!!

        While I am not a lawyer, I suspect the law is not entirely clear yet on the question of compulsory pass phrase disclosure, or that such a legal requirement would be held unconstitutional base on the Fifth Amendment. Those accused, for example, can be required to produce documents that incriminate them, and can be held in contempt of court if they refuse to produce them; and the documents can be used to support convicting them of crimes. The accused, of course, can decline to answer questions about the material.

        It is not obvious that a subpoena could not be used similarly to compel disclosure of incriminating evidence stored in a computer system, including on a smart phone. Compelling disclosure of the pass phrase might well not fly, since that might be used to protect other systems that are not the subject of the subpoena, but requiring the targeted person to enter the pass phrase without disclosing it to law enforcement personnel might be workable.

      4. chris lively

        Re: Zounds! I envisage a threat to public order!!

        You forget that, unlike in England, one is protected from self-incrimination by simply pleading the Fifth Amendment (which explicitly protects against that). If a defendant refuses to answer that's one thing, but not even Congress has been able to get around someone answering, "I plea the Fifth."

        I'm fairly certain that no one in congress would actually want to try and get around the 5th amendment. After all they spend an inordinate amount of time trying to distance themselves from any actual responsibility for their actions.

  13. Matt Bryant Silver badge
    Facepalm

    Re: Marketing Hack

    ".... requiring that a subject of an investigation/prosecution is required to provide his password for any devices, and throw him in jail for contempt of court if he refuses to give it?...." <Facepalm> Firstly, by doing so they would announcer to the suspect that his/her data is 'of interest' - not good if they have other data that could be used in evidence as the target can then destroy that evidence. By issuing the writ against the vendor (such as Apple) the target does not get a warning. That is of especial interest to the authorities when the target's data is in the US but the target themselves is not. Secondly, there is nothing to stop a prosecutor using the same Act to issue a writ directly to a target if they are inside US jurisdiction, and if they refuse they are in contempt of court - off to jail they go!

    1. Anonymous Coward
      Anonymous Coward

      Re: Marketing Hack

      @ Matt Bryant

      I won't spend much time trying to reason with you, because you have the general reputation of not being very reasonable. However,

      1) Needing to search a person's possessions or communications is why we have search warrants. These warrants allow law enforcement to enter physical or digital property and remove or impound designated materials that they think might have data that could be relevant to an investigation. What you are positing as something to be avoided ("they would announcer to the suspect that his/her data is 'of interest'") is something that I view as a positive. If we did as you asked then basically you are giving law enforcement the right to read someone's documents in secret by compromising their security at the device level--which can be replicated for other searches. I think that we can understand phone tapping, or even reading a person's mail if a warrant is issued, or impounding hard drives, mobile devices, etc. But a court order that could be used to break encryption for a class or model of devices is not OK with me.

      2) A warrant requires that law enforcement say what violations the person be investigated is guilty of and what materials might be seized in the pursuit of that investigation. Giving them access to someone's encrypted device without a warrant means that authorities can potentially go fishing for anything they can find.

      3) And yes, there may be other evidence of wrongdoing that is lost, but that happens all the time anyway. Just because the cops pick someone up for dealing crack doesn't mean that they know about the heroin stash that person has in another place, or the rival drug dealer he killed last year.

      1. Doctor Syntax Silver badge

        Re: Marketing Hack

        "A warrant requires that law enforcement say what violations the person be investigated is guilty of"

        is suspected of being guilty of

        But I'm sure that's what you meant.

        I'd also like to think that they have to give some reason as to why they suspect the person. "Because he looks shifty" isn't good enough.

        1. Anonymous Coward
          Anonymous Coward

          Re: Marketing Hack

          But what if the suspect has insiders or other tipoffs such that the very act of obtaining the warrant acts as a canary to prompt the suspect to destroy the evidence? How do you obtain evidence from a suspect who's that suspicious?

  14. T. F. M. Reader

    Confused

    I don't have a problem with citing what seems to be an early and basic law to obtain a court order / warrant for something. As for whether it is applicable, surely there must be a precedent or two from all those years? What did the authorities do in, say, 1790 (or 1827, for that matter) when someone was suspected of a crime, his house was searched, and a piece of paper was uncovered with what looks as a coded message "that only the owner could decrypt"?

    I am confused regarding what the authorities sought assistance for. It does not seem that encryption of the contents was the obstacle. It rather sounds like they sought assistance to get the data, encrypted or not. In both cited cases the article talks about "unlocking" rather than "decrypting". To quote: "The court filing states investigators were unwilling to try and open the iPhone for fear of damaging a crucial piece of evidence. They asked the courts to force Apple to give them a hand in safely extracting data from the passcode-protected phone." Were they afraid the phone would self-destruct if they tried to copy the contents of the storage for analysis? Am I naive in thinking dumping the data should be a simple enough operation for a decent computer forensics lab?

    In any case, to me it sounds more like asking a safe manufacturer to disclose a factory pre-set combination (I imagine such combinations are quite common for, say, hotel room strongboxes). If there is a coded message in the safe, it is another matter.

    1. Yet Another Anonymous coward Silver badge

      Re: Confused

      That's because there is a a lot of case law about safe makers and safe owners being forced to help open a safe for the police.

      There is even more case law preventing courts demanding people admit what they meant by some writing's hidden meaning.

      The feds are being careful to phrase this in terms of "it's just unlocking a safe" rather than George Washington being made to read all his private correspondence out to the British.

  15. Long John Brass

    Old laws

    I see a lot of scoffing at old laws (Burn the witch, burn the witch)

    But; May I remind you that the law against murder is pretty old too

    Yes, older that the USA even.

    Perhaps the answer for apple/google/etc is to up-sticks & move to a country with freedom & proper laws and other silly little conveniences like that; I hear the the norks are looking for some tech help :)

  16. Doctor Syntax Silver badge

    the usages and principles of law

    That should impose some constraints, or a good basis for legal wrangling.

  17. dan1980

    And this is why overly broad laws should never get passed.

    But yet our governments continue to do so, assuring us that they are necessary to give our law enforcement the freedom to do their jobs and they are only there to catch whatever witches are being hunted at the time. There will be oversight - don't worry; your fears are utterly unfounded.

    Even if - even if - this is all true when the law is enacted and it is used in the very best faith, those enacting such a law cannot provide any guarantees that future uses of the law will also adhere to these guidelines.

    People talk about things like the 'Snoopers Charter' having the potential to lead to dystopic 'big brother' futures and it is hard for some people to believe that this could happen. The problem is that they don't look far enough in the future. Here is a law that is being used two and a quarter centuries after it was enacted.

    Is it really reasonable to believe that laws penned for a young nation really reflect the situation in that same nation more than two hundred years later, where technology has advanced to such a degree that it would be utterly baffling to those who wrote them?

    You can see a similar thing in more recent form with the current 'Net Neutrality' palaver. At the core of this is the ambiguity of the Telecommunications Act, as revised in 1996 - a scant 18 years ago. And yet, the vague language and fuzzy definitions of this Act have created a minefield when combined with the change in the technological and social* landscapes in which these laws are being applied.

    A diversion but the point is that laws need to be as specific in scope and application and as precise in language as possible to ensure that they are not used for purposes outside of what is intended by the law makers and accepted by the people. Even if you can't imagine the laws being used to your detriment, we must look beyond ourselves - sometimes by many generations - to anticipate what might happen.

    * - Think of the massive changes in the last two decades in urban environments and the mergers and acquisitions of companies along with the explosion in the content and services being carried over Internet links.

    1. Anonymous Coward
      Anonymous Coward

      Well, in the final analysis, what is a law? It's basically just ink on a page. It's only by mutual agreement that we adhere to what's written on that page, but what happens when the sovereign side unilaterally declares, "Sod this!" How would the other side be able to make them adhere to the law?

      1. Sir Runcible Spoon

        "what happens when the sovereign side unilaterally declares, "Sod this!" How would the other side be able to make them adhere to the law?"

        We already know the answer to that. You can't, as they just say some magic words like 'abracadabra' or 'Supercalifragilisticexpialidocious' or even 'Paedophile' or 'National Security' or some such bollocks.

  18. skeptical i
    Pirate

    Next in the product lineup, remote self-destruct.

    Call your phone, enter a series of prompted passwords, and kablooie. (OK, it'd be more complicated than that, but still ....)

    Scuttle the ship, lads, they won't take our data alive! ==>

    1. Crisp

      Re: Next in the product lineup, remote self-destruct.

      Doesn't have to be that complicated. It just has to let the magic blue smoke out.

    2. king of foo

      Re: Next in the product lineup, remote self-destruct.

      Hmmm... I'm sure the bofh could make good use of this in a corporate setting...

  19. 101
    WTF?

    FBI will find a lump of coal in their stocking this year!

    So their evidence is so weak they must resort to legal gimmickry and sophistry to prevail? The American Revolution was fought in part in reaction to the King's General Writs to search businesses and homes to further tax collection. One of the cases addressed here has to do with bad checks, not hardly worth hacking away more of our Constitutional rights in my opinion.

    Meanwhile, they bamboozled the befuddled judge into going along at least once.

    There ought to be a law against the FBI further trammeling the Constitution.

    I think a long time ago there was.

    1. tom dial Silver badge
      Flame

      Re: FBI will find a lump of coal in their stocking this year!

      Enough BS about the oppressive FBI getting general warrants. Those who actually bothered to look at the two cases the Reg article linked to will have noticed that each court orders was issued based on a previously issued search warrant that in turn was issued by a judge based on probable cause and a description of the material the government sought.

      The government certainly does not always follow the rules as well as they should, but in these cases it appears they did. There was no bamboozling of befuddled judges, just use of a law on the books for over two centuries for what appears to be something like its intended purpose.

  20. Anonymous Coward
    Anonymous Coward

    Another option

    Why don't they just 'waterboard' the owner of the phone until they hand over the PIN number?

    Some of the comments about US policing on here are unfair especially about them having to check skin color, they also have to check they are not just an albino, not so simple after all.

    1. Matt Bryant Silver badge
      Stop

      Re: AC Re: Another option

      ".....Some of the comments about US policing on here are unfair....." If you are a black male in the US, criminal or otherwise, it is a statistical fact you are much, much more likely to be killed by another black male than a white person, let alone a police officer.

      But, since the majority of LEOs in the US are white (beyond even the ratio of white-to-non-white population), it is much more likely that if a LEO shoots a black criminal then he/she is statistically more likely to be white, that has nothing to do with racial bias, just statistical probability. And, given that black males are statistically more likely to be involved in violent or street crimes (http://en.m.wikipedia.org/wiki/Race_and_crime_in_the_United_States), and therefore more likely to be in a situation leading to a police shooting, it is going to be even more likely the statistical norm that white LEOs will be shooting black males more often than white males, or black LEOs shooting either.

      You can demonstrate this with a simple experiment - take two bags, one for 'cops' and one for 'criminals'. Put three white balls and one black ball in the 'cops' bag (US national average), then put five black balls (representing the US 52% of violent youth crime committed by black males, the type where police are overwhelmingly likely to end up using lethal force during an arrest) and five white balls (ignoring the rising occurrence of Hispanic crime) in the 'criminals' bag. Draw a ball from each bag, return them, record the results, repeat one hundred times. You are going to see a much higher occurrence of white 'cop' ball with black 'criminal' ball. If you want to play with Ferguson numbers, use fifty white and three black 'cop' balls and ninety-three black and seven white 'criminal' balls. Even if you up the number of black 'cop' balls you are still much more likely to end up with a black 'criminal'.

      Even if the number of black LEOs was increased to reflect local or national population trends, it would still be statistically more likely that any such shooting would be by a white officer of a black male criminal. That is a simple, mathematical likelihood, and has nothing to do with racial bias, profiling or any other PC nonsense.

  21. king of foo

    bad != stupid

    It seems to me that the majority of folk think criminals are thick.

    In reality many will be of above average intellect.

    A clever, dangerous, criminal is highly unlikely to store incriminating evidence on a smartphone.

    So what value is left on a device? Selfies with the mutilated corpse? The phone company can provide SMS and phone call records. It has to be email and im they're after, but a smart crim won't use anything that leaves behind a trace on the handset.

    So they must be after halfwits. Surely there are other ways to catch someone like that.

    Or are the people requesting these powers of below average intellect?

    1. Charles 9

      Re: bad != stupid

      "In reality many will be of above average intellect."

      If that were true, then we would run out of material for "Dumbest Criminals" shows. Yet they keep on coming. Remember, criminals are still human, meaning they're subject to the Law of Averages.

    2. Matt Bryant Silver badge
      FAIL

      Re: king of fools Re: bad != stupid

      "It seems to me that the majority of folk think criminals are thick.....Or are the people requesting these powers of below average intellect?" Oh dear, your prejudices are showing. There are prisons packed with people who thought they were smarter than the cops. You should bear in mind that there is a minimum requirement for education and reasoning ability to be a law enforcement officer in the US, but no such restriction on being a criminal. If there are criminals that are not smart then having laws which make it easier to catch them is surely a good thing as it will free up police resources to concentrate on those criminals that are actually smart. Or is it the catching of criminals that you object to?

      1. king of foo

        Re: king of fools bad != stupid

        I object to ill thought out laws that do nothing but sacrifice our freedoms in order to make politicians look good to the misguided/misinformed in the run up to the next election by making unsubstantiated claims.

        I'd like to see some stats published re the number of crimes solved using the contents of unencrypted personal computers. If it's a high number, and the crimes were serious, I may be persuaded to change my stance on this, but I'd rather have some criminals that are a little harder (but by no means impossible) to catch than live in an Orwellian dystopia with people in positions of authority able to stop me on the street and say "papiere, bitte", without the "bitte". Yes, yes, Godwin's law...

        1. Matt Bryant Silver badge
          FAIL

          Re: king of fools Re: king of fools bad != stupid

          ".....than live in an Orwellian dystopia with people in positions of authority able to stop me on the street and say "papiere, bitte"....." Yeah, but the problem for that kind of conspiracy-theorist's wet dream is people have been insisting that we're all "one law away from" such a Neo-Facist outcome for at least the past four decades (that's my personal count of tinfoil-attired idiots making that claim), and possibly longer going on Orwell's 1984. Though he was more bitter with Communism, not Facism, after his dreams of Socialist "equality, justice and brotherhood" got a dose of Stalinist reality in the Spanish Civil War. Strange how the Lefties are so quick to forget that part, or maybe it's just because they like throwing round terms like 'Orwellian' without actually knowing anything about the man or his experiences.

        2. tom dial Silver badge

          Re: king of fools bad != stupid

          In the last decade or two it is likely that most financial crimes have involved significant evidence gathered from computer systems. Bernie Madoff, for example, but he was just one of the biggest two or three.

      2. Rande Knight

        Re: king of fools bad != stupid

        "You should bear in mind that there is a minimum requirement for education and reasoning ability to be a law enforcement officer in the US"

        Yes, but there's also an upper limit to how smart they are allowed to be.

        http://www.mintpressnews.com/can-someone-be-too-smart-to-be-a-cop/192106/

  22. Suricou Raven

    I do not understand phone encryption.

    Where is the key? Anything stored on the phone can be read out if one can access the memory fully. The only information not stored on the phone that could be used as a key is the owner's pin, which at four digits just isn't long enough to resist brute forcing.

    1. tom dial Silver badge

      Re: I do not understand phone encryption.

      The key is on the phone, encrypted and protected by a PIN or pass phrase. Those protected by a 4 - 6 digit PIN probably do not worry the authorities, who with access to appropriate emulators probably can image the phone and test the entire PIN space pretty quickly. It seems reasonable to suppose the emulators in development kits would suffice or could be extended suitably in a straightforward way. Their concern probably would be users who have passwords or pass phrases with 100+ bits of entropy.

  23. Anonymous Coward
    Anonymous Coward

    It's vital that the information people store on their devices (which may be commercially sensitive) is secure in the event of them losing their phone.

  24. Anonymous Coward
    Anonymous Coward

    Right to bear arms

    Isn't this kind of government suppression of rights exactly why the right to bear arms was incorporated in the constitution? Everyone keeps mentioning Apple's "war chest" billions perhaps they do have a use in mind.

  25. Solly

    I've heard encryption described as a weapon, if that's the case doesn't the 2nd amendment trump this old law?

  26. Otto is a bear.

    With a warrant

    It should be that any law enforcement with a correctly issued warrant, can look at any document it wishes. It is not reasonable to say that just because you want to keep something private by encrypting it that law enforcement then can't see it. It should always be able to do that by showing just cause.

    Destroying evidence has always been an offence, and so far as self incrimination goes, if you are stupid enough to write down the fact you have broken the law, the more fool you as the police always have had this power with paper why shouldn't they have it electronically.

    Blue touch paper lit.

    1. Camberwick Green

      Re: With a warrant

      "Destroying evidence has always been an offence..."

      Musing on this, if an encrypted container on a device was controller by an application that required the input of an authentication code every (say) 24 hours or else the contents of the container are destroyed, is the failure to provide the code - essentially the failure to prevent the destruction of evidence - also an offence?

      I imagine there may grounds to cite under the contempt or obstruction laws, but as the destruction is achieved by inaction rather than by action, wouldn't there also be an additional burden to prove intent?

      1. Matt Bryant Silver badge
        Facepalm

        Re: Camberwick Green Re: With a warrant

        ".....is the failure to provide the code - essentially the failure to prevent the destruction of evidence - also an offence?...." Yes, because you will have implemented the automatic mechanism with the intent to destroy the evidence, and then ensured its destruction by not alerting the authorities to the imminent destruction of the evidence, if the prosector can show you knew of, assisted with the implementation of, asked another to implement or implemented yourself the automatic mechanism. If this is on your secret server, which only you knew about and had a login for, then it would be trivial to show in court your responsibility. The prosecutor does not even need to demonstrate that you typed the commands, only that the mechanism was put in place by someone with access to the system and that you had access. Emails or chat messages to your collaborators discussing your ideas (and posts to El Reg forums) could also be used to show intent. You would have to weigh up whether the evidence in question would get you a longer jail sentence than the crime of destroying evidence, but it is pretty likely you'd be stocking up on soap-on-a-rope either way.

        1. Camberwick Green

          Re: Camberwick Green With a warrant

          "Yes, because you will have implemented the automatic mechanism with the intent to destroy the evidence, and then ensured its destruction by not alerting the authorities to the imminent destruction of the evidence,"

          The simple rebuttal is that the mechanism is implemented with the intent of protecting privacy in case of loss or theft, not with the intent of destroying any supposed evidence. Your second point would probably come down to whether an individual is legally required to actively notify the authorities of the existence of such a mechanism in advance of, say, a court order to do so.

          I'd imagine that for a 'dead man's switch' app to be fully successful, however, it would have to also include some additional forensic countermeasures - rooted device, require the code to be entered immediately on power up or if a data connection is established etc., which means it starts to get quite complex.

          1. Matt Bryant Silver badge
            Stop

            Re: Camberwick Green Re: Camberwick Green With a warrant

            ".....The simple rebuttal is that the mechanism is implemented with the intent of protecting privacy in case of loss or theft, not with the intent of destroying any supposed evidence....." LOL, please do try that! The result is the destruction of evidence, that is all the court will care about, and not your half-arsed excuse! How are you 'protecting your privacy' by destroying your data? That is going to look more like you were deliberately trying to hide something and destroyed it to prevent it falling into the authorities' hands and being used as evidence against you. Please consider the following application of your "honest, not my intent" argument and see if you still think it will work:

            "M'lud, I was driving at 100mph, but my intent was solely to get home faster as I was worried I had left my backdoor unlocked when I left the house this morning. Therefore, my desire to prevent my house being burgled means I shouldn't be convicted of speeding nor dangerous driving....."

            Having worked with Blackberry Enterprise Servers in financial companies, I know that even remote wiping of stolen BBs has to be accounted for - we only did it if we had a recent, full and verified backup of the phone's contents, especially emails, messages and calendar. Otherwise we could be accused of trying to hide evidence of financial irregularities. Same goes for PCs and laptops, when they were decom'd we put a full copy of the system (not just the Exchange mailbox) away for seven years. The company was much more worried about the regulators and the law than to just wipe units at random because intent does not need to be proven in court, simply reasonably demonstrated.

            1. Camberwick Green

              Re: Camberwick Green Camberwick Green With a warrant

              "How are you 'protecting your privacy' by destroying your data?"

              I don't even know where to begin with this.

              "M'lud, I was driving at 100mph, but my intent was solely to blah blah blah"

              Equally pertinent: Apples have a skin and are of the genus Malus, whilst Oranges are segmented, have a rind and are the genus Citrus.

              "The company was much more worried about the regulators and the law than to just wipe units at random because intent does not need to be proven in court, simply reasonably demonstrated."

              You mean like, for instance, 'beyond reasonable doubt'? Reasonable doubt introduced by a defendant failing to deactivate a previously installed privacy-protection mechanism due to any number of stress factors involved in their arrest and/or seizure of their smart device?

              You seem to have a very different definition of legally provable intent than I do. You also seem to confuse passive inaction with deliberate action, and the ability to prosecute for inaction.

              1. Matt Bryant Silver badge
                FAIL

                Re: Camberwick Green Camberwick Green With a warrant

                "I don't even know where to begin with this......" Oh, go on, give it a try if only for the unintended comedy value!

                ".....Equally pertinent: Apples have a skin and are of the genus Malus, whilst Oranges are segmented, have a rind and are the genus Citrus....." And you can try that argument/excuse in court too and it will be disregarded just as quickly.

                ".....You mean like, for instance, 'beyond reasonable doubt'?....." No, silly boy, I mean 'beyond where the idea takes hold in the minds of the jury that you deliberately sought to destroy evidence' - as any barrister will tell you, there's a big difference.

                ".....Reasonable doubt introduced by a defendant failing to deactivate a previously installed privacy-protection mechanism due to any number of stress factors involved in their arrest and/or seizure of their smart device?...." No, just doubtful that anyone would believe that excuse given that the prosecutor will take pains to show you set up the mechanism with the explicit intent to destroy evidence.

                "......You seem to have a very different definition of legally provable intent than I do....." You seem to have no realisation that the coppers and CPS (and US equivalents) are not stupid, are not new to the game, and will make sure they have a ton of evidence even before they arrest you. When they find your kit they will power it down, neatly derailing your mechanism, clone the disk and then examine the cloned copy, providing both the original evidence and proof of the intent to destroy it when your tool tries to run on the cloned disk. At which point the coppers will give you an extra length of rope to hang yourself by asking you (a) to decrypt (in the UK that is an order to provide a copy of the data in legible text, so deleting the data is a direct breach of that order), and (b) asking you if there is any part of your system that might damage the evidence stored on it (which, thanks to the clone, they already know there is) - your subsequent lying will be used in court to demonstrate that you intentionally tried to destroy evidence and then lied about it. The laws of the land do not bend to your fantasy will anymore than the laws of physics, and the coppers will not be struck dumb just because you want them to be so.

                ".....You seem to have a very different definition of legally provable intent than I do. You also seem to confuse passive inaction with deliberate action, and the ability to prosecute for inaction." You fail to realise the criminal actions would be the setting up of the original mechanism and letting it run without informing the police, resulting in the destruction of data. If you wish to put your ideas to the test then please go ahead, I always enjoy watching some dumb skiddie getting their comeuppance in court.

                1. Camberwick Green

                  Re: Camberwick Green Camberwick Green With a warrant

                  I'm relatively new to the forum side of The Reg and so I was somewhat bemused as to why someone would get so froth-mouthed so quickly about an off-the-cuff musing and so I took a look at your post history. It was immediately apparent you're in fact a serial mouth-frother with a post count/days membership ratio that implies you spend an awful lot of time here. I wouldn't dream of delving into your psychology ..but have you thought about getting out more?

                  To paraphrase a response to you in another thread: I won't try to reason with you because you have the reputation of being unreasonable. That, along with your grasp of due process that seems to come from a box set of Ali McBeal, means further discussion is pointless.

                  1. Matt Bryant Silver badge
                    FAIL

                    Re: Camberwick Green Camberwick Green With a warrant

                    "I'm relatively new to the forum side of The Reg...." It seems very obvious that you are a complete stranger to intelligent debate. You posted your idea, I pointed out the gaping legal hole in it, yet you childishly tried insisting there was none.

                    ".....I was somewhat bemused as to why someone would get so froth-mouthed so quickly....." Really? You must be a complete Internet virgin! Go read some slashdot forums and you'll soon realise how much you have missed.

                    ".....It was immediately apparent you're in fact a serial mouth-frother...." It is becoming very apparent that, just like a similar number of failers before you, you have lost the debate, cannot post any form of argument, and so have resorted to childish whining about your hurt feelings. TBH, grow up, learn more and grow a thicker skin. It will help you if/when you get out into the real World.

                    "....I wouldn't dream of delving into your psychology....." Going by the farcical logic in your posts, I would suggest you are neither academically nor intellectually qualified to do anything of the type. You also seem to have zero legal knowledge.

                    "......I won't try to reason with you because you have the reputation of being unreasonable...." LOL, you are so limited you're even ripping off your fellow failers! So much for originality. Maybe you and your fellow failers can get together, share your meagre intellectual and creative capabilities, read up on the relevant laws and then come up with a reasoned argument to back your whimsy. Until the, TBH, cry more.

                    ".....along with your grasp of due process....." So please do try and point out any error in my assessment of how stupid your idea is! But you can't, which is why your post is just an aggrieved whine. Fail!

                    1. Anonymous Coward
                      Anonymous Coward

                      Re: Camberwick Green Camberwick Green With a warrant

                      "So please do try and point out any error in my assessment of how stupid your idea is! But you can't, which is why your post is just an aggrieved whine. Fail!"

                      Your entire argument was an error, Matt. None of it made any sense at all. The inability to have a rational debate with someone who is irrational is not a sign of failure.

                  2. Anonymous Coward
                    Anonymous Coward

                    Re: Camberwick Green Camberwick Green With a warrant

                    Congratulations on getting a special mention for this post, but you need to know that "Matt Bryant" is in fact an extremely clever AI bot whose job is to get page views for the Reg by starting comment conflagrations. The clue is in the fact that Bryant and May was a company that made matches.

                    When Stephen Hawking said he was worried about AI taking over, he had just been reviewing "Bryant"'s posting history and had been guesstimating how long it will take till it passes the Turing test.

                    1. Matt Bryant Silver badge
                      Happy

                      Re: Arnaut the clueless Re: Camberwick Green Camberwick Green With a warrant

                      ".....The clue is in the fact that Bryant and May was a company that made matches....." Once again, Arnie, your logic can only be described as.... Well, 'unique' would be the kindest way of putting it.

                      Tell you what, you missed something there - not only do Bryant & May make matches, but Theresa May is the Tory that tried to introduce stronger 'privacy invading' laws!

                      (Working his head round that should keep Arnie busy - and quiet - for the rest of the day.)

                  3. Anomalous Cowturd
                    Pint

                    @Camberwick Green

                    Meet our very own Mr. Frothy.

                    Try not to take him too seriously.

                    Icon? Frothy head!

                    1. Matt Bryant Silver badge
                      Stop

                      Re: ACturd Re: @Camberwick Green

                      Ah, I see you're sticking with your your usual level of offering and adding nothing to the conversation. This is my surprised face, honest.

                      1. NumptyScrub

                        Re: ACturd @Camberwick Green

                        Ah, I see you're sticking with your your usual level of offering and adding nothing to the conversation. This is my surprised face, honest.

                        It's no different to your contribution to the debate tbh, Matt. I see you unequivocally support the idea that deletion of data =: destruction of evidence, without stopping to ensure that the data in question has been properly classified as (or should be classifed as) "evidence" first.

                        In the absence of any warrants requesting that data, and in the absence of any arrest and/or charges, any data is not classifiable as "evidence", and thus can be freely destroyed without consequence. Imagine a file called "test.txt" containing the 4 characters "test" (created to ensure that SMB share permissions are functioning correctly). Is deleting that file a criminal offense? Since you have provided no clarification to your assertion that removal of any data is obviously destruction of evidence, I'll have to assume you think it is, even though the idea that deleting a test file is "destruction of evidence" will sound somewhat ludicrous to most people.

                        Unless you care to clarify your assertion, so that we can ensure that we are on the same page as regards which data is actually "evidence" (aka data which is legally definable as evidence with respect to the "destruction of evidence" offense), and which data is not and can be freely removed without fear of sanctions?

                        Note that blanket assumptions that all data is considered protected as evidence sounds just a little bit totalitarian. I'm hoping you've thought it through a little better than that :)

                        1. Matt Bryant Silver badge
                          FAIL

                          Re: NumptyScrub Re: ACturd @Camberwick Green

                          "......I see you unequivocally support the idea that deletion of data =: destruction of evidence...." So you missed the bit where I explained spoliation? Fail!

                          ".....without stopping to ensure that the data in question has been properly classified as (or should be classifed as) "evidence" first....." Guess who gets to classify it as evidence - the coppers! You fail again!

                          ".....In the absence of any warrants requesting that data, and in the absence of any arrest and/or charges, any data is not classifiable as "evidence", and thus can be freely destroyed without consequence....." I see you skim-read the original post as well as my replies. The original poster wanted to use a self-destruct to avoid a police warrant leading to an order to decrypt. You fail again, again!

                          ".....Note that blanket assumptions that all data is considered protected as evidence sounds just a little bit totalitarian...." You really don't have a clue what you're blathering about. When the police ask for a warrant they cover all data on the system or device in question, not specific files. Any evidence of file deletion can be raised in court, and file deletion can be detected through the OS or surface scans. So you fail again, again, yet again!

                          Maybe you should just stick to the snarky, pointless comments.

      2. king of foo

        Re: With a warrant

        Genius. Like a "dead man's switch" for your data.

        I wonder...

        1. Dead man's switch app

        2. C4

        3. ???

        4. Profit

        ...might be a tad messy, but would solve the related issue of overcrowding in prisons. Less pickpockets anyway...

  27. swooosh

    Let's make more fun of it, it's just our lives at stake

    I wonder what would be the tell tale signs of a dystopian time to come. Would we be able to tell if the government were depriving us of our rights and freedom? How do we imagine it to happen? Would the president address the nation and say "This is it", or would there be strange legislation passed over time to eventually make freedom and privacy illegal?

    1. Anonymous Coward
      Anonymous Coward

      Re: Let's make more fun of it, it's just our lives at stake

      We won't see it until it's too late, and it may already be. It'll come when the state ignores the laws. In other words, the end of Rule By Law. It may be just one or two, but more and more will be ignored down the road. Why? Because the state is sovereign. They have the power. They'll just usurp it, and if anyone complains, they probably have enough power to just rub you and if necessary your entire town out.

      1. swooosh

        Re: Let's make more fun of it, it's just our lives at stake

        No, it won't come when the state ignores the law. The state, and whoever runs it, will make it seem like it is acting within the law and in our best interest. THEY aren't just petty criminals, you know. They are the lawmakers and sponsors of the law, hell, they're the sponsors of the system. They all have high education, especially in REAL history, and are hell-bent on "fixing" us with a stick wrapped in double-speak and constitution paper. We won't realize what's happening, because we are constantly being misinformed, lied to and scared to lose whatever we think we still have to lose, though it's not much at this point in the game.

        Astonishingly, people still refuse to believe that the super-rich all-powerful snobs can and do sit down, plot a plan for the entire World and then execute it with the determination of certifiable psychopaths. They aren't making the headlines, or the cover of Forbes, because they neither need or want to be known. And people keep acting like there's never been an attempt at World domination based on some privilege (religious, material or biological) in the past and like there was no way of it happening now or ever. We should be discussing that, not phone decryption, which is just another small step towards the World rule of elite psychopaths who imagine the only way to make us, lesser humans, to act "reasonably" is to put us on a leash and control every aspect of our existence.

        1. Anonymous Coward
          Anonymous Coward

          Re: Let's make more fun of it, it's just our lives at stake

          According to Orwell, the bread and circuses are only meant to appease the idiocracy. The ones at least smart enough to know what's happening but powerless to stop it, the elite just give the finger. IOW, why bother lying to you? We rule because we can, the law is just ink on a page, so what are you going to try against us?

          1. swooosh

            Re: Let's make more fun of it, it's just our lives at stake

            When you start by saying "According to..." you're instantly giving the substance of the message a magical quality, almost like it's now set in stone. Orwell wasn't a fortune teller. What he was thinking many others were thinking too and still are thinking. We need to stop celebrating people who said or did stuff and start to act on what is real now. Otherwise, the dystopia will really happen. We can stop it.

            Every unjust rule creates opposition and sooner or later there will be a clash. So too, the psycho-elite rule period will end. I just wonder why do we have to go through such a period at all. All we need to do is excersize self-discipline, stop responding to propaganda, stop celebrating authority and organize our efforts for change. Not rely on politicians and banksters to make things right. It's so easy, if only 80% of regular people weren't hopeless idiots that can be distracted by flickering light.

            1. Charles 9

              Re: Let's make more fun of it, it's just our lives at stake

              But a SMART unjust ruler remembers to keep nipping opposition in the bud. Sure, there can be a clash or two, but as long as they're too small to deal with, they're under control. Put it this way. They have the overwhelming force, you don't. And they're willing to send it your way and salt the earth if you blink the wrong way. Syria's still not overthrown, and no one's figured out how to deal with Boko Haram, who seems to not care what anyone else thinks; they'll just wipe you out if they don't like you, and they're savvy enough to keep themselves in places where overwhelming force leads to unacceptable collateral damage. I mean, how do you deal with an opposition with lots of force and no scruples?

  28. disgruntled yank

    Interesting

    I have to say that such men as Alexander Hamilton and John Marshall, who took a very expansive view of the federal government's powers, would have been astonished at this breadth of construction.

  29. lucki bstard

    'In other words the end of Rule By Law'

    Nope the laws are being applied. Just because you don't like them doesn't make them any less of a law.

    1. Anonymous Coward
      Anonymous Coward

      They're just being applied on the surface. What about behind the scenes where no one's able to look? Where in the laws are such things as "extraordinary rendition" for example?

  30. shovelDriver

    Existing Laws used as Precedent

    If a 1700's law is being cited as a still-valid justification, then the Feds and States better damn well make sure they cite other still-valid laws, as they were written and intended at that time. Such as the First, Second, and all other Amendments. They will not be allowed to pick and choose.

    1. Anonymous Coward
      Anonymous Coward

      Re: Existing Laws used as Precedent

      They can, will, and have. How are you going to stop them doing otherwise?

  31. Shane McCarrick

    Respective and competent jurisdictions.....

    Presumably the US government considers Ireland one of its competent and respective jurisdictions?

    What has happened to the Microsoft case- I'm guessing we sheepishly handed over everything and delayed announcing what was done for a busy Friday evening when no-one would notice.......?

  32. Dodgy Geezer Silver badge

    Old laws?

    ...Now court documents have emerged showing just how far the Feds are willing to go to decrypt citizens' data. The paperwork has shown two cases where federal prosecutors have cited the All Writs Act – which was enacted in 1789...

    That's NOTHING! There was a murder in London several months ago, and the suspect was charged under a law that stretched back further than the 10 Commandments...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like