The Manhattan District Attorney's Office has released a report on Smartphone Encryption and Public Safety. While much of the recent talk about encryption by politicians and law enforcement agencies has been about encrypted communications and messaging apps, this report has a different focus. Instead, the sole concern of the report is full disk encryption, which prevents any data on a phone from being accessed unless it is unlocked by the user. The report is very clear that is has no official position on encrypted communications.
Apple and Google both offer full disk encryption for their respective phone OSs. In earlier versions of iOS, it was actually possible for Apple to bypass the lock screen and access the data on the phone, but on iOS8 and later it is no longer possible. Apple can't get past its own encryption, only the user's password can. The report ultimately argues for a return to a pre-iOS8 state of affairs, and proposes legislation that would require backdoors to gain access to the data on a phone.
The complaint leveled at full disk encryption is that it prevents officers from executing warrants. Suspects may refuse to cooperate, and cannot be compelled to give authorities their password under the fifth amendment which prevents self-incrimination. In other cases the owner may be unknown, such as a phone found at a crime scene, or unavailable to unlock it, such as a kidnapping or murder victim. The report criticizes the idea that this is a "golden age of surveillance" and insist there are some forms of information which can only be obtained from a phone that can't be obtained from other sources. The types of information listed includes contacts, photos, videos, search history and bookmarks.
In a section about the cost of encryption it mentions it mentions numerous cases where warrants for data on a phone could not be executed. It lists of examples of homicide, rape, child pornography and sex trafficking and argues that these crimes might have been punished if law enforcement could have gotten the information contained on a phone. The section also includes a phone conversation of an inmate, apparently relieved that a DA will not be able to to get evidence because his phone is running iOS8. The section concludes, "As recognized by this defendant, criminals benefit significantly from iOS 8, and the safety of all American communities is imperiled by it," which is a fairly typical argument to attack privacy protecting measures.
Finally the report gets to its proposal, which is a law that, "would require producers of smartphones and operating systems to make smartphones amenable to governmental searches." The report states that Congress would have the power to make such a regulation under the commerce clause, since "smartphones are part of interstate and foreign commerce." The proposal would not require companies like Google and Apple to give government agencies the key to decrypt the phone, but they would hold the key themselves and only assist law enforcement when issued a warrant.
The report contains a section demonstrating that other countries are considering similar ideas, including David Cameron's Snooper's Charter in the UK. Interestingly, despite the fact that the report has stated no interest in encrypted communications, all of the examples in this section are laws and proposals about circumventing encrypted communications and none about full disk encryption. The report also contains a section with questions for Apple and Google, and the questions do suggest there is some concern here for privacy. The District Attorney's Office may reconsider or modify it proposal based on the responses it receives.
Should there be a law mandating a backdoor to decrypt the data stored on a phone? Leave your comments below.