(Staten Island/Albany/Sacramento) New York Assemblyman Matthew Titone (D-Staten Island) and California Jim Cooper (D-Elk Grove) are urging Congress to enact a statute requiring all operating system designers for smart phones and tablets sold or leased in the United States to ensure data on its devices is accessible to law enforcement, pursuant to a search warrant. This comes on the heels of their introduction of smartphone decryption legislation in their respective houses mandating that devices sold in the state would be capable of being decrypted and unlocked by its manufacturer.
“We have introduced legislation on the state level because Congress has failed to act,” said Assemblyman Titone.
Cooper concurred, “We would prefer to have legislation on the national level but if we have to do it piecemeal state-by-state we will. We cannot afford to let criminals, especially human traffickers hide their criminal activities via unbreakable encrypted phones”.
While their bills would accomplish the intended goal on the state level, legislation is set to be introduced in Congress establishing a national commission to study how police can access encrypted data without endangering Americans’ privacy. Both Titone and Cooper believe seeing that pass is crucial to fully understanding this evolving situation.
Acknowledged Assemblyman Titone, “Assemblyman Cooper and I understand the importance of making smartphone data accessible to law enforcement, which is why we have come together with our appeal to Congress. We applaud and endorse a national commission because that would be vital to advancing the conversation about smartphone encryption by starting a collaboration process between experts, however it is imperative it be formed immediately and required to deliver a report in an expeditious and judicious manner”.
“In the digital age the majority of people communicate via cell phones and a lot of information can be transferred between two phones”, said Cooper. “When law enforcement makes an arrest and collects a phone from a victim or suspect, prior to 2014 they would use data on the device to build a case. When law enforcement cannot access data on a device even with a court order from a judge, it poses a serious threat to the public’s safety and undermines our country’s judicial process”.
Between October 2014 and January 2016, the Manhattan District Attorney Office was locked out of 175 Apple devices. The cases to which those devices related include homicide, attempted murder, sexual abuse of a child, sex trafficking, assault, and robbery. There have also been a number of recent cases that were greatly supported through the use of an unlocked phone, including one in which a homicide victim managed to film his attacker using his phone and another where data from a phone exonerated a suspect and correctly linked another individual to a killing. More recently the FBI has been unable to access data on the San Bernardino terrorist’s smartphone.
A decision by two companies has changed the way law enforcement works to keep the public safe and bring justice to victims and their families. In September 2014, Apple announced that its new operating system for smartphones and tablets would employ “full-disk encryption”, making data on its devices completely inaccessible without a passcode. Shortly thereafter, Google announced that it would do the same. Apple’s and Google’s decisions to enable full-disk encryption by default on smartphones means that law enforcement officials can no longer access evidence of crimes stored on smartphones, even though the officials have a search warrant issued by a judge.
The consequences of these companies’ actions on the public safety are severe and not lost on Assemblyman Cooper, who before joining the California Assembly served as a Captain in the Sacramento County Sheriff’s Department for thirty years. He knows that every day, law enforcement faces cases with victims who suffer from the actions of criminals and they are obligated to do everything they can to bring these criminals to justice. Apple and Google’s decision to encrypt their devices make it impossible to access the data unless in possession of the user’s passcode, which has created real, not hypothetical, roadblocks and severely hindered their ability to solve and prosecute crimes.
Technologists and forensics experts have indicated that even if a hacker were able to learn Apple’s decryption process, which Apple guards closely, they would also need the actual device to steal data from it. Likewise, a thief who steals a person’s locked smartphone would also need to know either the victim’s passcode or Apple’s highly guarded decryption process to obtain the device’s data. Apple’s passcode bypass process cannot be used remotely (without possession of the targeted device) and the ability to decrypt does not, alone, give Apple or a hacker access to information stored on a device.
Titone cautioned, “These companies are misleading the public by inappropriately feeding the narrative that decrypting smartphones will create a ‘backdoor’ that criminals can exploit, which is simply untrue. The public is inappropriately being made to weigh the value of privacy against safety and that is a highly deceitful tactic” .
In the course of their investigation of the San Bernadino terrorist shooting, the FBI has asked Apple to allow them (through their required digital signature) to install a custom made firmware on the suspect’s devices that allows them to circumvent built-in security features, mainly by removing the escalating delays in between PIN attempts as well as the “data wipe” after ten failed PIN attempts. This firmware would be tied to the specific device and useless on any other, rendering Apples argument of preservation of public security and privacy erroneous.
Commenting on the San Bernadino case Cooper added, “The FBI is not asking to create a ‘backdoor’ or any other kind of vulnerability that would jeopardize the security of any other phone. They are requesting Apple do what they alone can in providing their digital signature so as to bypass the iPhone’s built-in security measures. Like many Californians, I’m appalled that after two months and a federal court order, the manufacturer of a phone used in a terrorist attack is unwilling to help law enforcement access crucial evidence”.
Apple and privacy advocates make it appear that the government is attempting to “create a backdoor” into people’s devices however, for more than 200 years the Constitution has provided protections against unreasonable search and seizure by requiring law enforcement to obtain a search warrant, signed by a judge, based on probable cause. With respect to legal searches the content of our phones are no different from the contents of our closets, and as the New York Times wrote recently in an editorial, “complying with constitutionally legal court orders is not ‘creating a back door’; in a democracy, that is a front door”.
“Encryption provides greater protection to one’s phone than one has in one’s home, which, has always been afforded the highest level of privacy protection by courts”, remarked Manhattan District Attorney Cyrus Vance, Jr.. “Apple and Google should not be able to alter this constitutional balance unilaterally. Every home can be entered with a search warrant. The same should be true of devices”.
About Matthew Titone: Assemblymember Matthew Titone represents Staten Island’s North Shore in the New York State Assembly (61st AD). For more information please contact Assemblyman Titone’s district office at (718) 442-9932 or email TitoneM@assembly.state.ny.us
Larry Banks is a keen follower of technology and finance. He has worked for a variety of online publications, writing about a diverse range of topics including mobile networks, patents, and Internet video delivery technologies.