back to article Apple, Google mobe encryption good news... for TERRORISTS – EU top cop

People don’t know the difference between privacy and anonymity, says EU top cop Troels Oerting: they want the former, but the latter will make life too easy for criminals. The Europol Assistant Director and head of European Cybercrime Centre (EC3) was joining a chorus of lawmakers and law enforcers reacting to news that Apple …

Anonymous Coward

Wrong.

Oh, but I DO want privacy AND anonymity too, natch! (AC not for the comment but rather to support the point)

5
0

Re: Wrong.

Cool, now your identity is known only to the staff at El Reg (along with anyone tapping your internet)

0
0
Anonymous Coward

Re: Wrong.

Well, I did say this particular case was a symbolic gesture, the actual result is unimportant. Were it actually of any consequence, El Reg would probably be welcome to inspect the exit point of some anonymizer proxy or Tor, while those tapping my internet ( hey, keep your hands off it! It's mine, mine, mine, all mine!!! ;) would be welcome to stare at an endless stream of (to them) meaningless bits as long as they like. Therefore you point is, what exactly...?

0
0
Silver badge

Won't make much difference at all

Client side encryption tied to a weak authentication like a pin or fingerprint really poses little challenge for police or intelligence services who get their hands on the phone. The encryption key in most cases would be trivial to recover and stuff like system logs that resides outside of user storage wouldn't be encrypted at all.

Perhaps they're making a big song and dance of it precisely to encourage jihadhi loonies to go out and use smart phones for all their covert activity.

1
0
Boffin

Re: Won't make much difference at all

Yeah, my thoughts exactly. Most people "secure" their smartphones with a 4-digit PIN which is laughable by modern standards. Brute-forcing even an 8-digit PIN is done in seconds, probably minutes depending on the algorithm used.

0
0
Silver badge

Re: Won't make much difference at all

Hang on, you think the police are going to be able to break this? How exactly? By trying 10,000 PIN codes one by one, hoping you're dumb enough to have a 4 digit PIN, and hoping you're not paranoid enough to enable the option to wipe your device with 10 wrong guesses? By removing the flash chips from your phone and loading the encrypted data off them to work with?

Too bad Apple salts the encryption, so rainbow tables won't work. It won't take a very complex password to keep them out, unless they hand the problem over to the NSA, in which case you might want to consider a complex 16 character password.

Our governments have no one but themselves to blame. It used to be if you were worried about the government slurping up data on normal citizens you were fitted for a tin foil hat. Now the ones wearing Reynolds Wrap are the ones who still think the government can be trusted.

0
0
Anonymous Coward

He has it wrong...

As many others have pointed out.

“In any democratic society we need to provide law enforcement with a right to obtain information authorised by a judge, based on a clear suspicion, in cases involving serious crime or terrorism. This applies to the offline world and should also apply to the online world."

Suspicions are a doubt, a feeling that appearances are not reliable. I have a suspicion that the State's motives, while perhaps honourable at this point in time, can too easily be used against those they are purporting to serve. The price of freedom is eternal vigilance, this was not said in reference to the government, but in reference to those who are governed, as it they who must forever be on guard against those who would sell them subjugation as security.

“Full encryption of communication and storage online will make life very easy for the criminals and terrorists and very difficult for law enforcement and law abiding citizens."

A person's device is their private property. See the word 'private' there? Associating 'anonymity' with the information contained on a private device is an inference that does not follow from the premise of the argument given. It is, in effect, non-sequitur. Policing is a difficult job, it is difficult because it must respect the rights and freedoms of those who are served by the police. Society must deal with criminals of all types, particularly bad criminals might have to be eliminated from our midst; this applies to those in power (corruption) as well as to those who would seek power over us (terrorists). Take the high-road, learn from the mistakes of history.

And he actually has this bit (mostly) correct;

" We have to find the right balance between security and freedom - and this balance has to be set by citizens in a political and ethical discussion on the trade-offs,” said Oerting.

Although he needs not talk so much about "security" as it implies limitation of freedom. Something is secured to a post, in a vault, or otherwise restrained. I don't have a solution for him except to tell him that subjugation of the people by mass surveillance and/or disrespecting the foundations on which a free society operates is not the answer.

Anonymous, because a police state is not the same as a policed-state.

7
0

Where is all this fuss about ?.

http://en.wikipedia.org/wiki/Inquisition

Or perhaps they could change laws allowing law enforcement to use drugs which make people answer questions in a truthful manner if the judge allows this.

1
1

So, can we assume then,

that the FBI aren't going to bother investigating kidnappings any more, since it's now ''impossible to save children from kidnappers''?

3
0

Re: So, can we assume then,

Think of the money saved from the federal budget.

Sure it's too bad for the people kidnapped and their families, but that's what you get for encrypting your phone I guess.

0
0

“In any *democratic* society we need to provide law enforcement with a right to obtain information authorised by a judge, based on a clear suspicion, in cases involving serious crime or terrorism."

Amazingly, I agree with you in full... Which is exactly why WE in our society need "irreversable encryption" as you call it, more than ever before.

I love it when politicians prove themselves correct dispite their best efforts to be disingenuous.

(by the way is there such a thing as irreversable encryption? Surely the definition of encryption includes a method to retrieve said data).

4
0

Lazy?

Is it just me or are law enforcement and intelligence agencies just plain lazy these days? All they can think about seemingly is monitoring the internet..it's like they can't see past that. I think they need to get back to more basic detective and intelligence gathering methods - they used to do OK before the internet was invented - many would say they used to do a better job in fact. Sure, the internet is undoubtedly going to play a part these days in investigations and intelligence gathering, but I think they need to re-learn some of the techniques they appear to have forgotten and like, actually get out of the office into the field once in a while.

2
0
Silver badge

Re: Lazy?

Well, yes, but the internet is how most people communicate these days so that's why they concentrate on that.

In the old days they did the same but that involved tapping telephones, and boiling kettles of water to steam open paper mail, or disguising themselves as trees in the park so they could listen to people saying naughty things to each other.

0
0

Surely this will just come under the "if you don't hand over the necessary data to decrypt your mobile phone, you will be considered to be a terrorist and thrown in jail" law that we already know and love?

0
0

Screw him

He and his cronies made people fear their own governments, now he reaps the response.

1
0
Anonymous Coward

It sure is funny that whenever the government wants to justify its massive snooping into its citizen's lives, they always mention 'child molesters' and terrorists; the latest key buzzwords. But when you look at it, something else is happening. For instance, the massive snooping by the NSA into recording cell phone metadata may have stopped, at most, one terrorist attack. No, these people don't care one bit about terrorists or childmolesters, they are using this snooping for other reasons. Those reasons could eventually be stamping out dissent against the government.

1
0
Silver badge
Coat

"It sure is funny that whenever the government wants to justify its massive snooping into its citizen's lives, they always mention 'child molesters' and terrorists; the latest key buzzwords."

I sum it up with "Fire the TerrorPedos!"

0
0

Hidden in plain sight

sneaky beaky sorts have been hiding their secrets in plain sight for decades, either in the private advert column of a newspaper or under a rock in the park; it is all just basic field craft.

Modern equivalent is putting some obscure message on to pastebin so it looks like nothing important unless you know what you are looking for

1
0
Silver badge
Happy

MESH has the answer

MESH network radios are secure and effectively untraceable. Western military are switching to MESH in a big way. And MESH is designed to work around damaged/incapacitated Nodes.

Until this year my employer was bashing them out for the military of countries politically adverse to the USA for around USD$40 a copy, Now the Chinese have them in sale for USD$30 each!

There is an App for using an Android cell handset as a terminal node for interfacing a MESH network to the InterNet.

I think GCHQ and NSA have their work cut out for years to come as more and more systems of all types go dark.

0
0
Anonymous Coward

He spoke out of turn..

.. as there are internal discussions ongoing about how to tighten up the evidence chain and his comments are unhelpful.

Law enforcement has blotted its copybook with help of lawmakers, and until they regain the trust of the public their ability to fight crime is going to diminish. This means transparency, this means accountability, this means clear enforcement of the few rules left - sometimes even staying away from the grey zones instead of crossing them into the dark.

We're presently so mad at lawmakers breaking the rules and their promises that we forget that bad people do exist - even terrorists. However, I am dead against any expansion of police powers until we get a grip on them again. Power without control is addictive, and tends to bring out the worst in people. We can see that right now, and it's dangerous.

0
0
Silver badge

Re: "their ability to fight crime is going to diminish"

I'm sorry, how exactly is not being able to freely and easily snoop on MY phone data connections going to lessen the police's ability to arrest the thug who is pushing old ladies around to get their handbag ?

Unless . . is there an app for that ?

0
0

“In any democratic society we need to provide law enforcement with a right to obtain information authorised by a judge, based on a clear suspicion, in cases involving serious crime or terrorism. This applies to the offline world and should also apply to the online world."

And that is why encryption is a good thing, as it forces the law enforcement to actually, you know, ask a judge for a warrant. Once you're actually doing that, we can talk. For now, go back into the hole you crawled out of.

5
0
Silver badge
WTF?

Really?

“Full encryption of communication and storage online will make life very easy for the criminals and terrorists and very difficult for law enforcement and law abiding citizens."

Really? How is my innocent, honest life made more difficult just because I use encryption? (Apart from having to remember yet another passphrase).

On the other hand, if I want to knock over a bank or make a bomb, will encryption really help me get a gun or chemicals?

1
0
Silver badge
Flame

Well, its nice to know that over-officious law enforcement is not just a U.S. phenomenon...

"Full encryption of communication and storage online will make life very easy for the criminals and terrorists and very difficult for law enforcement and law abiding citizens. "

Mr. Oerting, I'm a law-abiding citizen, and how is full encryption going to make my life very difficult? From my perspective, I love the idea that information regarding my personal plans, movements, associations, personal business and financial transactions and political and social interactions is going to be encrypted. I'll have much less to worry about from hackers who might seek to steal my identity or leverage my personal information for criminal purposes. And of course, I will have less to worry about that my perfectly legal actions and interactions within society will not get me inappropriately placed on some government watch list, with untold damage to my economic prospects, freedom of movement and political freedoms.

YOU and your buddies at various U.S. and European alphabet agencies brought this upon yourselves, when the onward march of Moore's law seduced you into thinking it was better to surveil large portions of society, rather than really look out for the small minority of extremists and organized criminals. Now that you have been caught with your hands in everyone's cookie jars, you bitch and moan about how people want their privacy and don't understand they are really asking for anonymity. As for me, I want anonymity, because without anonymity you can easily crush my privacy using the governmental resources the EU can call on within it's own membership, much less when things get sticky enough that Mama Europa has to call in Uncle Sam, Johnny Canuck, Israel, Interpol and God knows who else you have on speed-dial to kick my privacy's ass.

I'm not doing anything wrong, if you believe differently--prove it. In the meantime, get out of my face with your bureaucratic empire-building and take responsibility for the crap you pulled, instead of patronizing me with this "We know what's best for you, the honest citizen" bullshit.

6
0
Anonymous Coward

yeah, but - what if the children ARE the terrorists?!

0
0

Then their kidnappers are in for quite the surprise, I'll wager.

0
0

What ordinary citizens need is.......

A legal system that allows average (non lawyer) citizens to challenge the law. Protections against the illegal search and seizure of property and persons, suppositition of innocence, right to know who is your accuser, right to ALL the evidence against you, oops, errm, uuuuh, hmmm.

Isn't that what we are ALREADY SUPPOSED to have?

0
0
Silver badge

So lets just say...

Just say for a moment that I am some vile criminal who has dubios data on my phone. Could be pics of a favourite drug dealer or favourite kid. Doesn't matter what it is, as the basics remain the same.

First, of all the millions of phones in my country, the cops would have to decide that mine is worth investigating.

Then they would have to seize it before I could destroy evidence (and with security tools that allow a phone to be wiped if it is stolen, it's harder for them to do that (yes I know ways they could but I'm not prone to giving the plod any more knowledge to abuse than they already have).

If I have any intelligence I am not likely to keep the data on the phone (which is a large and relatively attractive-to-steal object, especially given than an elderly friend recently had his 10 year old dumbphone stolen!), and even if full-device encryption isn't available, I am likely to have data (eg pictures) they're interested in encrypted on a mSD card.

That's where the probems lie. Have you noticed how small a micro-SD card is? I expect I could swallow one if I really needed to (harmful chemicals aside), I can certainly hide one in an item of clothing where it'd be unlikely to be detected.. Crack between a couple of floor boards. Flush it. Drop it somewhere during a police chase. They can also be easily broken, almost certainly rendering them useless.

To get my phone, you have to have sufficient interest in me AND be able to effectively catch me in the act. If you're about to catch me in the act, you don't need my phone.

I don't do anything requiring privacy, certainly not requiring encryption (aside from customer stuff), but even I can, with a moments thought, come up with a number of ways that I expect would be quite normal for criminals to use to avoid data being found IF they're detected and of interest to the police in the first place.

I also know, at least with NZ police, that if they really want you, they'll fabricate evidence against you (including falsifying witness statements), assault your family and friends to "encourage" a confession, and in some cases even kill you. If your phone doesn't have the evidence they want, that's OK, they have plenty of stashes they can get it from and plenty of ways to get it onto your kit. The defence will never see an un-tainted bit of hardware and the corrupt forensic investigators will be sure that all "disk images" contain appropriate files in appropriate locations with correct dates etc. Or they'll just claim they suspect the disk has "un-detectable encryption" on it that you have to prove isn't there, and lock you up for not revealing that it is there. And if they want you enough and you get a bad enough judge, even if you could prove beyond a reasonable doubt that you have made all the data available, the judge can just say "I think there's more" and you're just as screwed.

In NZ at least the phone really doesn't matter. Any crim with an ounce of knowledge won't have anything of any real use on it , and if the phone (or other device) does not have any incriminating evidence the police are well skilled in making it up as they go along.

</rant>

0
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017