District Attorney Arguing Against Encryption Handed Out Insecure Keylogging 'Monitoring' Software To Parents
from the let-them-eat-post-breach-free-credit-monitoring dept
Beyond James Comey, there are still a few law enforcement officials beating the anti-encryption drum. Manhattan DA Cyrus Vance is one of those. He’s been joined in this fight by some like-minded district attorneys from the other coast, seeing as New York and California both have anti-encryption bills currently working their way through local legislatures. Vance, along with Los Angeles County DA Jackie Lacey and San Diego County DA Bonnie Dumanis, penned an op-ed against encryption for the LA Times. In it, they argue that tech companies have set them up as “gatekeepers” of communications and data, which they believe law enforcement should always have access to, no matter what.
DA Dumanis goes even further in a press release issued by her office. Tech companies aren’t just gatekeepers standing between law enforcement and data. They’re “gatekeepers of justice,” apparently standing between victims of crime and punishment of wrongdoers.
The EFF’s Dave Maass has fired back, via a post of the Voice of San Diego, pointing out that Dumanis especially shouldn’t be inserting herself into the encryption debate — not with her general disdain for the security of her constituents.
It opens with this:
The last person San Diego should trust with their computers and smartphones is District Attorney Bonnie Dumanis.
And goes on to clearly articulate why Dumanis has no business attempting to legislate computer security. Dumanis spent public money acquiring and pushing a horrendously insecure piece of “parental monitoring” software.
In 2012, Dumanis spent $25,000 in public money on 5,000 copies of a piece of “parental monitoring” software called ComputerCop. This CD-ROM, which was distributed to families throughout the county for free, included a video from Dumanis promoting the program as the “first step” in protecting your children online.
This first step, however, involved parents installing keylogger software on their home computers. This type of technology is a favorite tool of malicious hackers, since it captures everything a user types, including personal information such as passwords and credit card numbers. Not only did ComputerCop store keylogs in an unencrypted file on the person’s computer, but it also transmitted some of that information over unsecured connections to a mysterious third-party server.
Two years later, Dumanis finally pulled the plug on the publicly-funded program, admitting the monitoring software was faulty and telling parents to disable the insecure keylogging function. Dumanis was hardly the only DA to recommend this terrible software, but she’s one of the few who’s stuck her head above the encryption parapet to offer her support of the Feinstein-Burr anti-encryption bill.
But that’s not all. Dumanis and her office won’t even secure their own website.
The district attorney’s website fails to use HTTPS, the protocol that has become the industry standard for secure browsing online. This means that residents, including crime victims, whistleblowers and witnesses, cannot visit her site with confidence that their browsing won’t be intercepted or manipulated by third parties.
Dumanis — like Vance, Comey, and others — would rather sacrifice the safety of the public for a few more criminal prosecutions. The “greater good” apparently means nothing when a very small percentage of cases might involve encrypted communications or devices.
Law enforcement has never had more access to communications and data that it does now. In the past, files were burned, papers were shredded, people passed notes and spoke in person — all of which rendered these inaccessible to law enforcement. Now that these files and communications are conveniently stored en masse on cellphones and personal computers does not mean the government is somehow entitled to 100% access. A warrant that runs into encryption is a small price to pay for the security of millions of cellphone users. Despite maintaining the narrative that criminals are moving toward encrypted platforms, law enforcement reps and officials have yet to deliver any evidence that this is so widespread that backdooring or banning encryption is the only option. And the loudest law enforcement voices protesting tech companies and their “gates” are often those who care the least about protecting innocent people from criminals.
[Dave Maass pointed out on Twitter that Suffolk County (MA) District Attorney Dan Conley — who spent a lot of time displaying his ignorance during the Congressional hearing about device encryption — has also stumped for the insecure monitoring software.]
Filed Under: bonnie dumanis, dianne feinstein, encryption, going dark, richard burr, sand diego
Comments on “District Attorney Arguing Against Encryption Handed Out Insecure Keylogging 'Monitoring' Software To Parents”
Waiting for the inevitable doxxing of these DAs by someone like Anonymous or the like. Would be so sweet to see the DAs hoisted by their own petards.
“DA Dumanis goes even further in a press release issued by her office. Tech companies aren’t just gatekeepers standing between law enforcement and data. They’re “gatekeepers of justice,” apparently standing between victims of crime and punishment of wrongdoers. “
And the barbarians are at the gate.
Given that it’s the tech companies who put cameras in millions of people’s pockets with which to catch Cops Behaving Badly, then they’ve earned the title “gatekeepers of justice”, and a damn good thing, too.
“Law enforcement has never had more access to communications and data that it does now. In the past, files were burned, papers were shredded, people passed notes and spoke in person — all of which rendered these inaccessible to law enforcement. Now that these files and communications are conveniently stored en masse on cellphones and personal computers does not mean the government is somehow entitled to 100% access.”
BRILLIANT!!!! Bravo!!!
Seems like an Enlightenment age for LEO’s rather than “going dark.”
Re: Re:
The reality is that LEOs aren’t “going dark”, it’s that they’re getting blinded by the light. The Boston Marathon bombing case (where the Feds blew of clear and specific warnings about the Tsarnaev brothers) is a classic example of the real information-overload problem.
It may exist, but I have not seen it. Think of this:
Phone encryption software that stores the key on a microSD,(sorry iPhone users)and does not let the user know the key. In times of peril you remove the mSD and toss it.
Judge orders you to produce the key and you can’t because you never knew it. Worst that could happen is you getting charged with tampering with evidence rather than being detained indefinitely.
Anyone?
Re: Re:
What you really want is a public/private keypair, where the private key is stored on the mSD. The user still has the decryption code for that key, and the public key is available for encryption purposes (both on the device, and anyone else who wants to send information to the device). Pull the mSD, and information can still be sent/written to the device due to the public key, but no decrypted data can be read off of it, unless the private key has already been copied.
This does, however, open another security hole in that anyone who gets their hands on the SD card has the private key and can duplicate it. So someone with physical access to your phone but no access code could quickly duplicate your key while you aren’t looking. Do we just depend on the fact that it’s password protected, so hard to crack even if someone grabs the encrypted private key? In which case, if someone gets their hands on the mSD card or a copy of its data, we’re back where we’ve started, with the protection depending on a memorized passcode.
Re: Re:
That relies on having the opportunity to dispose of the card without the police noticing, which is not guaranteed.
Need to develop the next generation of felons, else
there won’t be anything for us LEO’s to do.
Re: Need to develop the next generation of felons, else
If cops and prosecutors started caring about protecting people and preventing crime, they wouldn’t have as many victims of crime. It gets hard to justify MRAPs and surveillance balloons (and Stingrays and grenade launchers and mentally augmented combat-ready battlegoats, …) when the crime rate is low.
Same general problem with cops not being able to get high-level drug distributors off the street: without their big-money purchases, the flow of cars leaving town filled with bales of forfeiture-ripe cash would slow to a trickle. Without all the seized cash, what’s the point of becoming a cop in the first place?
Matches
Can you imagine if 50 years ago law enforcement voices were calling for matches to be banned because criminals were sometimes using them to set evidence afire and destroy it?
Surely thats a typo
I think you misspelled her name, its gotta be DA Dumanus
Piss poor security from a government sponsored app. No surprise here. Also completely useless app.
The only way to make sure your children stay arguably safe is through responsible parenting. Whether done in person or by proxy (hired tutor), education goes a long way towards preventing both “actually bad” and “socially bad” behavior.
Stopping teenage boys from occasionally spanking the monkey (porn or no porn) is an absolutely futile endeavor.
Try to focus on real damage areas like preventing teen pregnancies, sexual infections and predatory behavior.