Sunday 24 Jan 2016 Los Angeles Times had a report by Melanie Mason that said: "Lawmaker targets smartphone encryption." Assemblyman Jim Cooper of Elk Grove is sponsoring a bill (AB1681)to require all cell phones produced in the state to have an ability to be decrypted using a "back door" by police agencies. The bill also requires smartphones sold to be able to be remotely disabled.
Assemblyman Jim Cooper is a retired Captain in the Sacramento Sheriff's Department, and states this capability is necessary to stop human trafficking. Yes, I think it might help the police stop human trafficking. I suspect their real reason is to use it in their terribly frustrating "war on drugs." He is probably using the human trafficking example as a Trojan horse to get such a bill passed, since most people would be against human trafficking, but probably less than half of the voting population is in favor of continuing the war on drugs. We really cannot trust our prosecutors and police to not "stretch" the use of this "crime fighting tool if they got it. They would eventually use it to become a serious abuse of powers. Every time they have been granted an additional power, they have abused it, such as the RICO laws, property confiscation, and the "3 Strikes" law. The requirement in this law to be able to remotely disable a smartphone is described as disabling it for "unauthorized users" -- but that also implies that the police could disable the phone to prevent someone from erasing incriminating information on it.
It is also very strange that a Democrat would be sponsoring a bill to tear down our individual rights -- that is usually what Republicans advocate. Cooper also claims that the big tech companies are putting profits over people by fighting such a proposal. I would put it the other way -- his bill puts the profits of the immense "police/counter drug" industry over the rights of individuals.
Samantha Corbin, from the Electronic Frontier Foundation, disagrees. I also disagree with the proposal. We need to draw a line in the sand for our individual rights for privacy. It is a difficult area to figure out where to draw that line -- but this is one of them. There are a lot of flaws in the proposal:
1. If police do have a court order to be permitted to explore the contents of a cell phone, then there are computer resources that must be available to help them do it by "brute force" decryption. Yes, the police department may have to pay either private companies, or NSA to perform the task. Criminals using mobile phones have to use some sort of password, and it is possible to crack fairly long passwords within 24 hours or processing using modern computers and algorithms.
2. If a back door is put into encryption of all mobile phones sold in California, anyone with criminal intent will buy their cell phones from out of the state -- or out of the country if all states passed similar laws.
3. If such a law was passed, that same "back door" could be used by others. What is to stop political opponents from using it to spy on competitors? What happens when the "back door" is discovered by someone and made public on the internet?
4. Third-party applications could be installed on phones that would add another layer of encryption on top of the manufacturer's encryption. If such a bill passed, most of us, and certainly most criminals would begin using such applications. Yes, it would encumber the use of the phones, but the cost would be reasonable compared to the risks involved.
The right answer is to pass a law that requires an owner of a mobile phone to unlock a phone when presented with a legal search warrant with probable cause. The owner should be entitled to at least one appeal, where counter argument could be presented before having to unlock the device. The search warrant should be written to only look for certain information, and not be permitted access to everything on the phone. If the owner of the device refuses to unlock the phone, there should be some sort of immediate jail sentence (if nothing else but "contempt of court") and the owner should be fined and required to reimburse the cost expended to "crack" the encryption using high-powered computers and algorithms.
Assemblyman Jim Cooper is a retired Captain in the Sacramento Sheriff's Department, and states this capability is necessary to stop human trafficking. Yes, I think it might help the police stop human trafficking. I suspect their real reason is to use it in their terribly frustrating "war on drugs." He is probably using the human trafficking example as a Trojan horse to get such a bill passed, since most people would be against human trafficking, but probably less than half of the voting population is in favor of continuing the war on drugs. We really cannot trust our prosecutors and police to not "stretch" the use of this "crime fighting tool if they got it. They would eventually use it to become a serious abuse of powers. Every time they have been granted an additional power, they have abused it, such as the RICO laws, property confiscation, and the "3 Strikes" law. The requirement in this law to be able to remotely disable a smartphone is described as disabling it for "unauthorized users" -- but that also implies that the police could disable the phone to prevent someone from erasing incriminating information on it.
It is also very strange that a Democrat would be sponsoring a bill to tear down our individual rights -- that is usually what Republicans advocate. Cooper also claims that the big tech companies are putting profits over people by fighting such a proposal. I would put it the other way -- his bill puts the profits of the immense "police/counter drug" industry over the rights of individuals.
Samantha Corbin, from the Electronic Frontier Foundation, disagrees. I also disagree with the proposal. We need to draw a line in the sand for our individual rights for privacy. It is a difficult area to figure out where to draw that line -- but this is one of them. There are a lot of flaws in the proposal:
1. If police do have a court order to be permitted to explore the contents of a cell phone, then there are computer resources that must be available to help them do it by "brute force" decryption. Yes, the police department may have to pay either private companies, or NSA to perform the task. Criminals using mobile phones have to use some sort of password, and it is possible to crack fairly long passwords within 24 hours or processing using modern computers and algorithms.
2. If a back door is put into encryption of all mobile phones sold in California, anyone with criminal intent will buy their cell phones from out of the state -- or out of the country if all states passed similar laws.
3. If such a law was passed, that same "back door" could be used by others. What is to stop political opponents from using it to spy on competitors? What happens when the "back door" is discovered by someone and made public on the internet?
4. Third-party applications could be installed on phones that would add another layer of encryption on top of the manufacturer's encryption. If such a bill passed, most of us, and certainly most criminals would begin using such applications. Yes, it would encumber the use of the phones, but the cost would be reasonable compared to the risks involved.
The right answer is to pass a law that requires an owner of a mobile phone to unlock a phone when presented with a legal search warrant with probable cause. The owner should be entitled to at least one appeal, where counter argument could be presented before having to unlock the device. The search warrant should be written to only look for certain information, and not be permitted access to everything on the phone. If the owner of the device refuses to unlock the phone, there should be some sort of immediate jail sentence (if nothing else but "contempt of court") and the owner should be fined and required to reimburse the cost expended to "crack" the encryption using high-powered computers and algorithms.
