But the article isn't just talking about the NSA and National Security Letters - this is about law enforcement. If Apple and Google claim to be technically unable to comply with LE requests, it won't take long to see whether that is indeed the case or not - unlike national security-related demands, law enforcement won't be able to keep their successes or failures at demanding access to this data a secret.
If this was tech companies claiming to no longer comply with NSL's, I'd be at very least suspicious as there'd be no way to test these doubts short of another Snowden. But this is law enforcement, subject to all kinds of scrutiny in courts across the US. It'll be much easier to see whether Apple and Google are successful at resisting their demands.
A very good point. Local police will likely be able to access the device but only after calling up the chain. Previous versions of iOS and other smartphones had forensics kits that made it trivial for local law enforcement to grab data out of memory (via DMA/firewire for example) or by device management services. I expect those kits to continue working for devices that have not been powered off.
> But the article isn't just talking about the NSA and National Security Letters - this is about law enforcement.
No it's not. It's just that "law enforcement" sounds more comforting than "tyranny".
Here's how to interpret "law":
Law = A written order issued by your rulers.
Lawful = Good = Anything your rulers want you to do.
Unlawful = Bad = Anything your rulers don't want you to do.
Law enforcement, verb = Forcing you to do what they want you to.
Law enforcement, noun = People whom laws don't apply to.
Don't be so obtuse. A law is a written order, adding the remainder is just an inflammatory accusation that undermines the public at large.
You may believe that the public or those governed by which ever particular law you select are too scared or ignorant and have the law imposed on them from outside interests but the greater numbers always win in the end. A particular rule of law may be arduous today and for many more consecutive days but one day the rule will change.
This is evident throughout history and will continue to be.
> A law is a written order, adding the remainder is just an inflammatory accusation that undermines the public at large.
Undermines the public how?
> A particular rule of law may be arduous today
"Rule of law" is a misnomer. It's actually rule by those who decide what the laws are. That would be the "elected representatives", ie. politicians of course.
In other words, politicians are our rulers because they make the rules that are ultimately enforced at gunpoint, if you don't feel like obeying at first.
But a law is just text somewhere. But even if the text contains a decree on what everyone must or must not do, that alone does not change people's behaviour one bit.
For example, if I write down on a piece of paper that you have to give 30% of your income to me, will you do it? OK, what if I threaten you with imprisonment if you don't?
You seem to be overlooking the point. Would it be morally permissible for me to scribble down arbitrary rules and enforce them on you if I had an army with which to ensure your compliance?
Laws are just arbitrary rules decided on by a small group of people, much like they were with Kings and their inner circles. Laws are enforced in much the same way too - there's no practical difference between getting assaulted by the King's Guard and getting assaulted by men in blue costumes.
> unlike national security-related demands, law enforcement won't be able to keep their successes or failures at demanding access to this data a secret.
The thing is, parallel construction won't work out unless there's another legitimate path which exists anyways.
Scream it all you want, but if there's no other way to the conclusion, there's still no way to use the evidence short of outright lying and falsifying evidence.
I don't think parallel construction is nearly as big of a threat as people seem to make it out to be. It gives law enforcement nothing more than a hint and some unusable evidence. There still needs to be a path that works legally.
And that's not even getting into the fact that iOS is heavily reverse engineered, often searching for backdoors and cryptographic vulnerabilities and Android is open source and publicly reviewable. I've reviewed some of the key derivation code myself as I was curious if it was being done properly.
I'm all for paranoia, it just need to be useful paranoia under a given threat model. Beyond that, it's nothing more than speculation and a waste of time.
It's not about the rules of evidence. It's about the rule of law. Parallel construction is an unconstitutional and dangerous abuse of law-enforcement power that cannot be tolerated.
I don't see why it's such a big deal for law enforcement investigators. They'll still be able to force Apple and Google to send trojan clients to targets, as happened with Hushmail, won't they?
Yes, but it still makes their jobs a lot more difficult.
I'm of the opinion that this is not a ruse or scheme, and that law enforcement are genuinely dissatisfied with this. Note that law enforcement and the NSA have a tenuous relationship at best.
Even if the NSA still do have privileged access after default mobile encryption is fully rolled out, law enforcement generally will not be able to tap into that except in extreme and rare cases.
Law enforcement is far over reaching in my opinion. This data is still hackable because all data is hackable. the fact it is inconvenient is a good thing. This is like saying you should only be allowed to have car or house locks that law enforcement has keys to. They can still acquire the data but they will need to spend significant resources to do it. Invading your citizens privacy should be difficult!
You're not obligated to make the lock unlockable for them, though.
The government can probably break many consumer-grade encryption schemes if they so choose to as well, but much like having to break in to your house through your locks instead of merely unlocking them, it raises the cost of law-enforcement doing so, and incentivizes them to make more restrained choices (eg, not taking literally everything they can get their hands on).
They can ask. A court order to reveal your password is enough. If you don't comply you usually run into troubles. This Wikipedia page http://en.wikipedia.org/wiki/Key_disclosure_law explains how it works in some countries.
Or putting it another way, law enforcement will still be able to break into individual phones, but indiscriminate collection of data on a large scale will become that much more difficult. Which is a good thing.
“What concerns me about this is companies marketing something expressly to allow people to place themselves beyond the law,” Comey said.
Sure, they're dissatisfied. But the roots of their dissatisfaction seem to be that they've tasted the forbidden fruit, and now believe that they have a fundamental right to watch our communications. Their fundamental attitude is that they should have visibility, and that anyone who wants privacy must be trying to hide something. It's just the old saw "you don't need secrecy if you've nothing to hide", restated from the law enforcement perspective.
The tech crowd always seem to come to the conclusion that because the powers are over-reaching and bad that they must be unecessary in a partical sense. It is perfectly possible that the surveillance powers really are needed to fight crime. Maybe organised crime and terrorism would increase if all the vulnerabilities that the government use are patched. Technology will undoubtly have a profound impact on crime, and the consequences could be a technical arms race between the public, governments, and criminals. A frightening prospect!
>law enforcement generally will not be able to tap into that except in extreme and rare cases
Like when they pull someone over for having a tail light out? I can't reconcile your statement here with what we already know about parallel construction.
Okay... so I guess someone here knows more about parallel construction than I do, however while they were kind enough to let us know this by downvoting my apparently wrong post, they were not kind enough to share their thoughts.
Are law enforcement agencies not getting data from the NSA to use in arresting and prosecuting defendants via parallel construction?
According to Binney they almost certifiably are. I think they downvoted because Binney cites the DEA, CIA and FBI - which are law enforcement - however in this thread posters have taken law enforcement to mean your friendly neighborhood municipal police officer.
I have to wonder if this is in part driven by a disdain for civic observance. Seems like every week I hear about instances of people getting their phones taken away at least temporarily for video taping police actions only to receive their phones back with the video deleted.
If this was tech companies claiming to no longer comply with NSL's, I'd be at very least suspicious as there'd be no way to test these doubts short of another Snowden. But this is law enforcement, subject to all kinds of scrutiny in courts across the US. It'll be much easier to see whether Apple and Google are successful at resisting their demands.