New York Bill Would Force Apple and Other Manufacturers to Decrypt Smartphones

[zioxide]

Putting those worst case scenarios aside for a moment, the no back door policy pushed by Cook is so that the phone isn't made less secure for hackers to get in. Yeah, it protects privacy as well, but I don't think it's a good idea making technology easier to hack in the rare chance that one of those scenarios above happens. I'm more afraid of hackers than I am of those scenarios above: those bad things happen, but hackers happen more often.

This. Bad things sometimes happen. It's very rare that encryption would completely prevent law enforcement from doing their jobs. They were able to investigate crimes fine before smart phones. Use other tactics.

On the flip side, an insecure encryption algorithm is a disaster waiting to happen. With all of the data breaches in the last few years (Target, TJX, Home Depot, OPM, Sony, Anthem, the list* goes on and on and on and on), only a fool would suggest that weakening cybersecurity would be a good idea. We need to be doing everything we can to harden encryption and improve cybersecurity, not weaken it. Thousands of data breaches already happen daily. We don't need to make it even easier.

* https://www.privacyrights.org/data-breach - see here for list.


Go ask Wall Street how they would feel about a known security flaw being mandated in all of their digital financial infrastructure.

 

[UnfetteredMind]

So if this passes, what will government agencies use for mobile devices? Seems like a HUGE security risk that would not allow any devices to be able to pass government requirements for mobile devices. Or are they going to exempt themselves from the laws they pass for everyone else? Certainly wouldn't be the first time.

 

[lowendlinux]

So this guy is proposing a fine on companies (per device) that aren't able to be decrypted if they're sold after the posted date?

Some words for you, assemblyman -- New York is already the most liberal state in the nation. People have a right to privacy as they paid for and own that PERSONAL piece of property (a.k.a the phone). What did the police do before people had cell phones?

If the device is someone's personal property, the state is violation of our 4th amendment rights, in a way. States are not allowed to take our constitutional rights away, they are only allowed to expand on the constitution rights afforded by the federal government. To be fair though, this article is not descriptive enough in what needs to be done to obtain this particular information other than "law enforcement," which doesn't have the power to issue a warrant--only a judge can do that. A judge is certainly not classified as "law enforcement."

The federal government needs to squash this bill and throw it in the trash.

I hate living in NY... All of the stupid politicians here.

The problem is you don't own the software running your phone which is why I think the FBI suing the big tech companies is so interesting.

 

[AlexH]

There are a lot of out of touch zombies with iPhones who don't give a crap about privacy laws. But, take their iPhones away because of an overreaching law and I think they'll throw a big enough tantrum to reverse any back door law. I think...

 

[zioxide]

There are a lot of out of touch zombies with iPhones who don't give a crap about privacy laws. But, take their iPhones away because of an overreaching law and I think they'll throw a big enough tantrum to reverse any back door law. I think...

There's many people that don't care about privacy laws when it comes to some personal data. But go ask those same people to post their SSN and every single one of their bank account numbers on the internet. I think they'd probably be opposed to that. This is effectively the same thing as it would compromise the security of that data wherever it is stored.

 

[furi0usbee]

I'm sure you can get your lawyer to stall them for 48 hours. After that time, the phone obliges you to enter your password. The fingerprint reader won't work until you do.

I doubt it. In Virginia, a judge has ruled that officers can force you to unlock your phone with a fingerprint, as long as they have a warrant. So your lawyer won't be in the picture until *after* the phone has been unlocked and whatever illegal (or not illegal) things you did have been discovered.

As for turning the phone off/reset it, I doubt they will let you hold it. The probably will have your arm/hand in control. But, if you used the wrong finger, I don't know how many times you have to try again before you have to put the passcode in. I guess if you ONLY assign some weird finger, like your pinky on your left hand, and they simply start with your index finger on your right hand and try them all, at some point they may have to enter the passcode.

I will have someone test this for me in about an hour.

 

[scapegoat81]

/s <-- that means sarcasm btw.

Oops. Def missed that. Thanks lol

 

[TrueBlou]

Small difference, the social media fans decide what they put out there, NOT politicians or the police!

If this gets any traction in the NY assembly (as in even considering it) it will go all the away to the supreme court, where it will be rejected.

Newsflash to politicians: CRIMINALS will always be at least one step ahead of ANY legislation, because they don't do LEGAL!

Clearly there's a difference, I'm just saying, your average punter likely neither knows nor cares about the level of security of their mobile devices.
For instance when I mention anything about the security benefits of recent iPhones with Touch ID to my dad, wife and some of my friends, I'm greeted with a blank stare.

Personally I'd be more than happy if all of these proposals to put back doors and weaken encryption in all countries were quashed and never mentioned again. I don't think the less than tech savvy majority of politicians are the people to decide how secure our information should be.

I've nothing to hide and I don't partake in any questionable or illegal activities. But I still want my personal information secured tighter than a ducks porthole. After all, I have practically my entire life on my iPhone including credit/debit cards for Apple Pay and banking details in apps. I'd rest happy knowing no one is getting access to that.

 

[macnewbie91]

The problem is you don't own the software running your phone which is why I think the FBI suing the big tech companies is so interesting.

If I buy the device, the software is included with the phone. So technically I pay for both the hardware and the software.

Plus, if you really think about it. The police wouldn't be able to come into my house without a warrant to search something (which belongs to someone else) inside.

 

[Amazing Iceman]

Except for that pesky 5th Amendment.

http://thehill.com/policy/cybersecu...veal-phone-passwords-violates-fifth-amendment

Exactly. In a way your fingerprint is akin to a key--a physical key--and you can be compelled to turn that over. Similarly you can be compelled to turn over a key to a safe. But you cannot be compelled to give the password to a safe, which is in your mind (testimonial evidence). Same for a passcode.

Mike

Just have them punch it in...

The real problem in the case you linked above is the law itself and those who find backdoors to get away with crimes.
it clearly illustrates that backdoors are the escape routes of criminals.

An encryption backdoor would end up serving the same evil purpose.

 

[Gizmotoy]

Here's a tip - if law enforcement forces you to use Touch ID, restart the phone. A passcode will be required after a restart and fingerprints won't be accepted.

I kind of wish Apple would let you assign a "Panic Finger". Instead of unlocking the phone, this finger would lock out TouchID and mandate the entry of the password to unlock the device. Turning the phone off actually takes a good bit of time and would be anticipated.

 

[lowendlinux]

If I buy the device, the software is included with the phone. So technically I pay for both the hardware and the software.

Plus, if you really think about it. The police wouldn't be able to come into my house without a warrant to search something (which belongs to someone else) inside.

But you don't own the SW end of story. I don't necessarily disagree with you but that will be the play I believe

 

[zioxide]

But you don't own the SW end of story. I don't necessarily disagree with you but that will be the play I believe

I don't own my house either, the bank technically does, yet they can't just let police in without a warrant.

 

[npmacuser5]

If I buy the device, the software is included with the phone. So technically I pay for both the hardware and the software.

Plus, if you really think about it. The police wouldn't be able to come into my house without a warrant to search something (which belongs to someone else) inside.

You lease the software is more like it. You own the phone. To me the phone is like the house, the software is like the Internet inside the house. Important that anything in the house is protected by checks and balances.

 

[iansilv]

I have no problem with the police getting a warrant to hack through someone's personal information. If they have good reason to do so, let 'em go to town.

It's the concept that it should be open and readily available to law enforcement at a moments notice without any court intervention that I take issue with.

Isn't the current issue that because there is no "backdoor," even if police get a warrant they cannot get to the information?

 

[lowendlinux]

I don't own my house either, the bank technically does, yet they can't just let police in without a warrant.

Technically you and the bank own your home

 

[Col4bin]

Can you be legally compelled to use your fingerprint before the time limit runs out and the phone requires a passcode? (Or the phone battery dies, or the phone is rebooted by you, or you use the 'wrong finger' a few times).
[doublepost=1452782747][/doublepost]

You think opposition to encryption is a "liberal" thing? Think again. Politicians from all "teams" have suggested it should be circumventable. Don't be a goof and fall into a political Bengals vs. Steelers trap with this.

I don't like the Bengals or Steelers, but we typically see liberals in favor of "big" government.

 

[Thunderhawks]

In the end I think we can agree that this bill is a brainfart and not well thought out.
No chance of passing.

Mr. politician has no clue about technology or encryption and the pandoras box it opens.

If anything it invites criminals to hack the "back door".

Maybe he was having a beer with a higher up police dude and after a few pints he promised
to make the police job a little easier.

While creating the bill he also realized Apple is a good company to get media coverage rub off/advertising acknowledgment for his next political career step.

 

[macnewbie91]

I have no problem with the police getting a warrant to hack through someone's personal information. If they have good reason to do so, let 'em go to town.

It's a sticky situation.

How do you get probable cause that's evidence is on a phone? The accused isn't going to admit to it.

Unless someone else knows what's [with fact] on your phone, I don't see the police having probable cause to search it for anything. You do need probable cause for a judge to sign off on a warrant. Even then, the warrant is specific to what the police can search, i.e; photos app, messages app between these two people, etc. So will the accused watch the police as they go through their phone?

Even if the software is owned by Apple, YOU own the phone that runs it. The software is ran by the hardware that you own yourself... So it should be protected by the 4th amendment.

 

[bradl]

You don't know the definition of amendment.

You don't know how laws work in our country. As I said before, read up and understand that, then revisit this thread.

BL.
[doublepost=1452795816][/doublepost]

Wait, it doesn't just apply to guns? Well armed militia? What does that have to do with cellphones?

See post #70.

Cryptography and encryption are considered munitions; arms. That has been affirmed by the 9th Circuit Court of Appeals as covered under the 2A of the Constitution. The publishing of such munitions is protected by the 1A of the Constitution, as free speech.

So like I said, where is the NRA on this? Or is it that they think that the 2A only applies to guns?

BL.

 

[sir1963nz]

these politicians are out of their minds

Especially when you consider that MORE could be achieved by implementing stronger gun control laws. Find me another country which has 50+ school shootings each year.

 

[mariusignorello]

I doubt it. In Virginia, a judge has ruled that officers can force you to unlock your phone with a fingerprint, as long as they have a warrant. So your lawyer won't be in the picture until *after* the phone has been unlocked and whatever illegal (or not illegal) things you did have been discovered.

As for turning the phone off/reset it, I doubt they will let you hold it. The probably will have your arm/hand in control. But, if you used the wrong finger, I don't know how many times you have to try again before you have to put the passcode in. I guess if you ONLY assign some weird finger, like your pinky on your left hand, and they simply start with your index finger on your right hand and try them all, at some point they may have to enter the passcode.

I will have someone test this for me in about an hour.

You have 6 chances, but I hope they make a MDM restriction to limit those chances.

 

[furi0usbee]

Yeah, you only get 3 tries with your fingerprint before you have to input your passcode. So when the court compels you to use your finger, just offer your fingers to the cops, letting them choose which they want to try. I guess the pinky on your dominant hand would be the last finger they try (or the first if they think you are too cute).

 

[yaboyac29]

You don't know how laws work in our country. As I said before, read up and understand that, then revisit this thread.

BL.
[doublepost=1452795816][/doublepost]

See post #70.

Cryptography and encryption are considered munitions; arms. That has been affirmed by the 9th Circuit Court of Appeals as covered under the 2A of the Constitution. The publishing of such munitions is protected by the 1A of the Constitution, as free speech.

So like I said, where is the NRA on this? Or is it that they think that the 2A only applies to guns?

BL.

i don't care how your countries laws work because they're ass backwards.

instead of being ignorant like most of the american population, go look up the definition of an amendment and then reply.

i bet you'll report this out of "anger" because i called americans ignorant, further proving my point.

edit:

in the event that you're incapable of doing such, i'll help ya out.

it means you can change things. the amendment isn't the law forever and it CAN be changed whether you like it or not. when the amendments were written, we didn't have technology like this, therefore it needs to be updated.

see.. the way americans think is just plain stupid. you guys want the police/fbi/etc to catch criminals and prevent your countries citizens from dying due to criminal activity, yet you won't do anything to make that change happen.

 

[bradl]

Yeah, you only get 3 tries with your fingerprint before you have to input your passcode. So when the court compels you to use your finger, just offer your fingers to the cops, letting them choose which they want to try. I guess the pinky on your dominant hand would be the last finger they try (or the first if they think you are too cute).

Who said the fingers were the only things to be used for TouchID?

Not trying to sound sarcastic or humourous here, but one easily could use their toe for the print. There have been reports of people using their nose.

BL.