NY Bill Would Force Decryption of Smartphones On Demand (onthewire.io) 353
Trailrunner7 sends word about New York Assemblyman Matthew Titone's bill that forbids the sale of smartphones that can't be cracked by their manufacturers. On the Wire reports: "A bill that is making its way through the New York state assembly would require that smartphone manufacturers build mechanisms into the devices that would allow the companies to decrypt or unlock them on demand from law enforcement. The New York bill is the latest entry in a long-running debate between privacy advocates and security experts on one side and law enforcement agencies and many politicians on the other. The revelations of the last few years about widespread government surveillance, especially that involving cell phones and email systems, has spurred device manufacturers to increase the use of encryption. New Apple iPhones now are encrypted by default, as are some Android devices. Apple, Google, and the other major manufacturers have said that user privacy and security is their main concern. The bill that is now in committee in the New York State Assembly makes no equivocation about what it is designed to do. 'Any smartphone that is manufactured on or after January First, Two Thousand Sixteen, and sold or leased in New York, shall be capable of being decrypted and unlocked by its manufacturer or its operating system provider,' the bill says."
Easy Fix (Score:5, Insightful)
Just stop selling phones in New York, and sell them in every where else. Make consumers order them via Amazon.
Re: (Score:3)
Re:Easy Fix (Score:5, Interesting)
Apple can continue to offer iPads and Macs in the stores, along with a large explanatory sign where the iPhones would normally be. In the meantime, New York residents will have to get their iPhones somewhere else, and most will. I don't think Apple will be as hurt by this as the residents.
Re:Easy Fix (Score:4, Insightful)
Apple can continue to offer iPads and Macs in the stores, along with a large explanatory sign where the iPhones would normally be. In the meantime, New York residents will have to get their iPhones somewhere else, and most will. I don't think Apple will be as hurt by this as the residents.
It would provide an easy way to determine which phones have backdoors.
Re: (Score:3)
It would provide an easy way to determine which phones have backdoors.
The door handle normally gives it away.
Re:Easy Fix (Score:5, Insightful)
It would, in fact, be a selling point.
We care so much about you that we're not going to cave in like our competitors whose phones you can buy.
Where it would become interesting is in how the carrier-stores (Verizon Store, Sprint Store, etc.) would choose to deal with it, since Apple would be unwilling to ship them product to sell in NY.
Re: (Score:2)
> Aha. That's going to go over really well after both Google and Apple have already long purchased some prime Manhattan real estate
If that is there price then that is their price. If they can't walk away from that investment, then they are owned by that investment. What is better for the long term good? Caving? Or publically walking away and telling Manhatten to suck an egg, they are not more important than liberty?
Its their investment to do what they want with, but its better to own your investment than
Re: (Score:3)
Re: (Score:3)
I'd happily join any shareholder lawsuit filed against them for capitulating to such an asinine law.
Re: (Score:2)
This, in fact, even as a non-shareholder, as an American Citizen I feel endangered by their reckless law abiding and feel they should be liable for damage resulting from not doing their due diligence to oppose abusive power.
Re:Easy Fix (Score:5, Insightful)
New York sales will not likely outstrip the losses in sales everywhere else in the world. Being the one company to not fold would be worth a fortune in people who will buy the only phone without a back door.
Re: (Score:3)
That's marketing a job. I don't think it would be too hard. John Oliver showed that all you have to do is ask people if they want the government to have copies of their dick Picts. Plus what percentage of people have to care. NY is small and the world is big. 1 percent improvement in market share in the rest of the world would probably be enough
Re: (Score:3)
Ask them if the police should be able to decrypt "their" phone. I'd bet it would swing to 80 percent saying NO!
Re: Easy Fix (Score:3, Insightful)
Never underestimate the power of Smartphone addicted masses.
Cut them off from their addictions, and the pitchforks and torches will come out.
Watch how fast they change their mind on this when their re-election prospects evaporate and the masses call for their heads.
for a week. New Yorkers want their smartphones (Score:2)
I'm thinking the law would last about three days if the manufacturers didn't ship backdoored phones, meaning it would be illegal to sell a modern smartphone in NYC. Every customer wanting to buy a phone would be told:
The city council made it illegal to sell modern smartphones in NYC. If you want to complain, here are the phone numbers of the council members you can call.
Ten thousand complaint calls per day should get the council's attention pretty damn fast.
Re: for a week. New Yorkers want their smartphones (Score:3)
You really think they care? Ever called your representative? You get hours of wait and then arrive at a call center where you get read a standardized response.
I did send an email once to a rep in regards to the DMCA and the response: "My office has received a high number of calls not to support this law however I personally think it's in the best interest of local businesses to vote to support this law".
Re:Easy Fix (Score:4, Interesting)
It would be very entertaining (and even mildly interesting) to watch this from afar as politicians backpedal after public outcry that they can no longer buy smart phones in their state.
Even if this does become law in New York, I really hope that manufacturers don't cave to the pressure. After all, while large, NY is probably only a tiny fraction of overall sales.
Re:Easy Fix (Score:5, Interesting)
Re: (Score:2)
Re: (Score:3)
So it is an ex post facto law (Score:3)
Any smartphone that is manufactured on or after January First, Two Thousand Sixteen, and sold or leased in New York
So it looks like it will be an ex post facto law then.
Re: (Score:3)
They'd have to amend that bit, perhaps to '30 days after...'
I'm getting a bit tired of how much governments are pushing to violate our privacy for what's, really, no additional security.
Re: (Score:2)
...how much governments are pushing to violate our privacy for what's, really, no additional security.
This has nothing to do with security, unless you're talking about the job security of TLA's and LEO's.
Re: (Score:3)
Which still means that even if a manufacturer intends to comply, they'd have to immediately suspend all sales until the software patch is released. In fact, because of how the encryption is currently performed, it may require hardware modification to even make backdoored encryption possible: http://blog.cryptographyengine... [cryptograp...eering.com]
Re: (Score:2)
I mean to specify the Apple iPhone. Though I assume Android uses some kind of TPM in a similar way.
Re: (Score:2)
That caught my eye also, but this would not be an ex post facto law if I'm to believe the summary is accurate and complete (yes, I know...).
It does not criminalize an act performed in the past at which time it was legal.
The action it is criminalizing, after its passage, is selling a specific class of phones. That class of phones are those made after January 1, 2016 which the manufacturer has no means of decrypting. It doesn't even, based on the summary, prevent manufacturing of such a phone in New York (no
no, just no (Score:2)
Born and raised until 13 in upstate New York.
Beautiful part of the country, the Catskills and Finger Lakes and St. Lawrence seaway....
but this......
NY is still part of America, and I know its all been slowly slipping away....
Its mine......there are many like it but this one is mine......
If this passes, I'll never enter NY state again
Re:no, just no (Score:5, Insightful)
Do you think this is truly limited to NY? Or do you think it's part of a larger issue the entire country is facing?
Since when did America support such massive erosion of privacy and liberty?
In less than 20 years the US has gone from "give me liberty or give me death" to "if you have nothing to hide you have nothing to fear".
That shit ain't unique to New York state.
Increasingly the populace will vote for stuff which a generation ago would have drawn outrage and (correctly) been compared to fascism. America is becoming everything it used to stand against.
Re:no, just no (Score:5, Insightful)
The thing is, of course, that nearly everyone has something to hide, not because there is anything necesarily wrong, but because there are things that are private.
For example, what percentage of Americans wear clothes in public? Is there something wrong with all of these people's bodies that they feel they should conceal them from view?
The question is, of course, rhetorical... but I think it illustrates the point: having something to hide does not mean that anything is wrong.
Re: (Score:3)
Oh no it is still part of America. In fact NY is a trend setter - they are going and the rest will follow.
Now could you guys please use that 4th amendment to overthrow the government?
You never shut up about your right to do it but everyone overseas is still waiting for it to happen.
Re: (Score:2)
Just don't buy or take delivery of a phone there. (Score:3)
If this passes, I'll never enter NY state again
Just don't buy, order while in, or take delivery of, a phone there. Get your non-backdoored phone with all aspects of the transaction occurring out-of-state. Let "The Invisible Hand" slap them up alongside the head when it comes time to collect sales taxes. B-)
If they try make non-backdoored phones contraband (like drugs or untaxed cigarettes), THEN don't set foot there anymore.
(Of course not setting foot there - or, more importantly, spending any money ther
Re: (Score:2)
Let "The Invisible Hand" slap them up alongside the head when it comes time to collect sales taxes. B-)
They'll want use tax for that. Doesn't mean they'll get it or have a good way to enforce it, but it doesn't strictly exempt you from tax: https://www.tax.ny.gov/pubs_an... [ny.gov]
On the other hand, you get to credit any sales tax paid in the other state against your use tax owed. So they won't get much anyway.
Re: no, just no (Score:2)
This is as brilliant as their gun control agendas, which now want to include prohibition on buying enough ammunition to go target shooting for longer than 15 minutes per year. When the legislators are so removed from reality, it's just a symptom of public that is so exquisitely scared that they are willing to support notions that are clearly against their interests, with a far higher probability of causing harm than good.
Apple/Google..... (Score:2, Insightful)
If you want to see an entire political organization lose their seats, refuse to sell compliant phones.
Can you imagine what would happen to NY's political apparatus after telling their constituents that they cannot buy an iPhone/Pad/Pod or Google Android device anymore? Next election would be more than fun.
Re:Apple/Google..... (Score:4, Insightful)
If you want to see an entire political organization lose their seats, refuse to sell compliant phones.
For even more fun, sell two models - with prominent consumer warning markings - which also pop up occasionally in the interface - on the backdoored NY models.
uhm... (Score:2)
Re:uhm... (Score:5, Interesting)
You seem to be missing the point where they don't care, and aren't there to protect phones being "secure".
They don't give a crap about your security. Not even a little.
And, of course, since some animals are more equal than others, they'll insist it's OK if they have things which can't be decrypted ...or at the very least will moronically make it a crime for people other than them to exploit this now useless encryption.
Do not make the mistake of thinking this is about anything other than a government who wants to exert control which defies both logic and technology ... logic isn't a factor here. Fear, paranoia, and a desire to control the world around them is what drives this.
If they can't spy on everything you do, they will try to fix that with badly written laws.
Papers please, comrade. Failure to comply is not one of your options in the new America.
Not for sale in NY (Score:3)
Expect to see disclaimers on smart-phones that they are not for sale in NY.
Fuck New York (Score:2, Flamebait)
Once again, New York proving that it belongs in North Korea rather than the United States.
Re: (Score:2)
Let me guess? Bible belt resident?
Re: (Score:2)
Yeap that's exactly how people greet each other in NY....CA's standard greeting is pretty similar.
Might seem like a good idea on paper, but-- (Score:5, Insightful)
Re:Might seem like a good idea on paper, but-- (Score:5, Insightful)
There's two outcomes which seem plausible to me:
1) Another state comes along and demands that all phones sold can't have backdoors -- hilarity ensues.
2) The feds get in on the game and decree all phones have backdoors -- and America stops pretending it's a free country and embraces the New World Order.
Oh, and of course if all iPhones ever had to have a back door in them, the rest of the world stops buying US technology products because they can't be trusted. (Which is already becoming an issue for US tech companies who can't comply with both US law and the laws of the countries where they do business.)
Re: (Score:2)
3) This assemblyman buys a phone with a backdoor that gets compromised and his dirty laundry ends up on the Internet. The assemblyman may backpedal faster than Michael Jackson moonwalking.
4) The assemblyman buys a phone without the backdoor. Assemblyman's opponent in the next election finds out and gets a target to use to accuse assemblyman of hypocrisy.
Re: (Score:2)
So that adds four states to the list, and the distinction only affects about half the state's population. Does that really change the point?
Retroactive bill (Score:2)
...manufactured on or after January First, Two Thousand Sixteen, and sold or leased in New York, shall be capable of being decrypted and unlocked by its manufacturer...
Doesn't this part make the bill an illegal retroactive law, since "January First, Two Thousand Sixteen" was almost 2 weeks ago?
China would be so proud. (Score:5, Insightful)
China would be so proud.
Re: (Score:2)
China would be so proud.
And see a business opportunity to sell the mandated kind of phones :)
Easy to beat (Score:2)
Comment removed (Score:4, Informative)
Re:The 5th amendment protects your keys (Score:5, Informative)
Except that this bill is about requiring the manufacturers of smartphones and their operating systems provide a way to unlock them without the keys between your ears.
Re: (Score:3)
Or some flavor of the sentence "I plead the fifth." as the password.
Re: (Score:2)
Re: (Score:2)
You mean, keep your mouth shut and don't say anything other than "I want my lawyer" until your lawyer shows up.
Re: (Score:2)
Re: (Score:2)
Hmm, New York or literally the entire world (minus New York)... that's a hard one...
Re: (Score:2)
Re: (Score:2)
You have to abide by state law when you're in that state.
The law only applies to the sale or lease of the phones. Not the usage.
But on IOS, the encryption chip doesn't even share the UID with the OS. I don't think Apple can build a backdoored version without modifying the hardware.
Re: (Score:2)
Fuck it. Apple and Google should just accept market share loss and tell NY to go fuck itself. Maybe then the locals would complain and and fight to have the bill abolished.
Good luck with that. Smith & Wesson and Ruger have both done the same thing in California due to the "safe guns roster" horseshit, and nothing has budged. At least NY is small enough that you can just drive over the border into another state and buy your contraband iPhone to skirt the law, which will be the most likely outcome if this bill is passed.
Re: (Score:2)
Re:Just fight it (Score:4, Informative)
New York City is small enough and close enough to New Jersey that traveling to another state to buy a phone may be reasonable.
New York state is a bit over 300 miles wide (estimated from Albany to Niagara Falls on a more or less straight route) and at its tallest about 330 miles tall (estimated from New York City to Champlain.) If you're in the center of the state (in the vicinity of Syracuse, roughly) I'd estimate you're looking at a two to three hour drive one way to get to Vermont, Massachusetts, Connecticut, Pennsylvania, or the Canadian border.
Since this bill is in the state legislature, I'm not so sure I'd call a four or five hour round trip an easy way to skirt the law for Syracuse residents.
SoCriminals will use "Old" Smartphones (Score:3)
There value of old smartphones will go up if the bill passes.
Corporate & business users who want safe communications will seek out those old phones.
Putting words into our mouths (Score:2)
What's this? The post says, "The revelations of the last few years about widespread government surveillance, especially that involving cell phones and email systems, has spurred device manufacturers to increase the use of encryption."
Really? THAT'S why we increase the use of encryption? POLITICS? I wonder if the Mr. Fisher believes that as a fact, or is just writing copy.
Re: (Score:2)
Don't be poor. Sell the backdoor! (Score:3, Insightful)
If I had access to the backdoor, I could sell it, for more money than I would make in my entire career, by orders of magnitude. Repeatedly.
Why would I not sell it? How could they ever catch me?
Eat Your Own Dog Food. (Score:4, Insightful)
If passed, New York Assemblyman Matthew Titone's smartphone should be the first phone to be unlocked and decrypted on demand for the whole world to see (LIVE on CNN).
Time to play "guess the party" (Score:5, Insightful)
"New York Assemblyman Matthew Titone"
Let's see, no "R", "Republican", etc., so I guess we know which one it is.
Completely pointless (Score:2)
Re: (Score:2)
Re: (Score:2)
What authority do they have to mandate this? (Score:3)
Another work around... (Score:3)
So, from now on all cell phones in NY are free, not sold or leased, and are not subject to the law as worded.
Of course, cell phone plans will go up to $100 per month/line, but you can get a small discount by selecting a formerly expensive phone, or a larger discount by selecting a formerly cheap phone. Oh, and don't forget more heinous early termination fees...
I wonder if... (Score:2)
I wonder if companies would willingly pull their products off the shelves, sit back, and wait with crossed arms. Would Apple release the newest iPhone everywhere but New York just to watch voters squirm and demand it be fixed? Samsung and Galaxy whatever? Or would they cave just because it's a huge market?
I doubt they have the true resolve to follow through.
Re: (Score:2)
I doubt they have the true resolve to follow through.
I doubt it too.
But I still hope that they don't cave.
It would be fun to see the frenzy that ensues after Andoid and iPhones are pulled from NY shelves.
I have no doubt that Microsoft would comply with this... which would make Windows Phone the only smart phone on the shelves. Perhaps that would help bump it up .001% market share.
Technology Illegal Because Criminals Use It? (Score:3)
And here I thought that the standard was "If a technology has a substantial legal use, it's considered legal even if some people use it for illegal purposes."
I look forward to the ban on automobiles. After all, "even though cars may help some people get around, they are used by some criminals to outrun police pursuing them on foot and thus the criminals will act with impunity."
Safes (Score:2)
Unlawful, UnConstitutional (Score:3)
4th Amendment: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Perhaps, as an American I would rather die than comply, rather than give up my rights.
Am I the only one that read it like... (Score:5, Funny)
Bill Nye is great. But, his evil doppleganger from the 25th century, NY Bill, sounds fucking horrible.
Escape From New York's Apple Store (Score:3)
"In 2016, the crime rate in the United States rises four hundred percent. The once great city of New York becomes the one maximum security prison for the entire country. A fifty-foot containment wall is erected along the New Jersey shoreline, across the Harlem River, and down along the Brooklyn shoreline. It completely surrounds Manhattan Island. All bridges and waterways are mined. The United States Police Force, like an army, is encamped around the island. There are no guards inside the prison, only prisoners and the worlds they have made. The rules are simple: once you go in, you don't buy an iPhone."
Re: (Score:2)
Useful? You are sooooo confused! Useless Moron would be more correct.
Re: (Score:2, Insightful)
Re:Brutus (Score:5, Insightful)
I love it when Democrats whine that Republicans are too zealous with police powers, then turn around and try to one-up them.
It's all a game: we're tricked into blaming each other, instead of actually fighting back against ever-growing state power. Any general election of "establishment Democrat" vs "establishment Republican" is an election the voters have already lost. The real battle is at the primaries, and the primaries are happening soon. Look's like we'll be spared "Bush vs Clinton" but "Rubio vs Clinton" is about the same.
I don't like Trump. I don't like Sanders. I'd take either of them in a heartbeat over "more of the same"! (Cruz looks less crazy than I'd figured - maybe it's just the contrast with Trump but I'm re-considering him).
Re: (Score:2)
I don't like Trump. I don't like Sanders. I'd take either of them in a heartbeat over "more of the same"! (Cruz looks less crazy than I'd figured - maybe it's just the contrast with Trump but I'm re-considering him).
I would not vote any at all. If I am asked to choose to eat one of different kind of poo, why should I pick one to eat if I am also allowed to pick none of them? It is stupid to "must pick" one if you can simply "not do it" instead.
Re: (Score:2)
I don't like Trump. I don't like Sanders. I'd take either of them in a heartbeat over "more of the same"! (Cruz looks less crazy than I'd figured - maybe it's just the contrast with Trump but I'm re-considering him).
Cruz looks pretty bad, when you actually pay attention. The reason his polls are good is that the evangelicals adore him.
In the real world, Trump doesn't actually have a chance of being the candidate: his 30% poll standing among Republicans only looks good because the 70% that doesn't like him haven't unified behind a candidate. But 30% isn't anywhere near enough to win the nomination against strong opposition from the party machinery.
Re: (Score:3)
Cruz looks pretty bad, when you actually pay attention
I have started paying attention. I was favorably impressed by his ad on the illegal immigration problem: it was humorous, it showed the "DC elite" in a bad light instead of showing immigrants in a bad light (it didn't show immigrants at all, let alone try to paint them as bad people). That's good stuff.
I want a candidate who can say the words "illegal immigration" and "Islamic terrorist", but is making rational points about those real problems, not playing up racism for votes from the cheap seats. I wa
Re: (Score:3)
I don't like Trump. I don't like Sanders. I'd take either of them in a heartbeat over "more of the same"! (Cruz looks less crazy than I'd figured - maybe it's just the contrast with Trump but I'm re-considering him).
I would not vote any at all. If I am asked to choose to eat one of different kind of poo, why should I pick one to eat if I am also allowed to pick none of them? It is stupid to "must pick" one if you can simply "not do it" instead.
Because someone's getting elected whether you vote or not. In your analogy, you have to eat something. Are you going to let everyone else determine what that is for you, when the most popular option so far is poo?
Re:Brutus (Score:4, Insightful)
I would not vote any at all. If I am asked to choose to eat one of different kind of poo, why should I pick one to eat if I am also allowed to pick none of them? It is stupid to "must pick" one if you can simply "not do it" instead.
You seem to be confused, thinking that you must choose one of the poos in front of you. You can always write in filet mignon. Sure, you prolly won't get it, but you can still write it in.
Unless you're in a non-swing state. Then it might be possible, but only if voters of the less popular poo color realize that their poo cannot win that state, so all they are doing is voting for who the runner up will be.
Or to get rid of the analogy... voting Democrat in a solidly red state, or Republican in a solidly blue state, is pointless. The person you are voting for can not and will not win your state. So might as well vote for some third option. If the polls read 60% D, 39% R, and 1% Other, that's just business as usual. But if they read 60% D, 1% R, and 39% Other, then people start to go "WTF??".
Re: (Score:3)
Re: (Score:3)
Yeah, this. When people like the guy above who says he doesn't like anyone - Who does he like? You've got the entire gamut running right now. You've got literal Fascists to literal Socialists and everything in-between. No one will EVER, never ever, never ever ever line up exactly with what you want out of a candidate unless you run yourself. Most people are old enough to know this and vote based on who closest matches their own ideals.
Re: (Score:3, Insightful)
Apple: Sure, I can decrypt this phone. Just tell me the password.
Re: (Score:2)
iPhones use AES-256. Just enumerating the possible keys, let alone apply them to see if something intelligible appears, with sufficiently advanced quantum computers, would take more than just the total resources of the Solar System. I consider AES-256 to be proof against brute force attacks. It can perhaps be cracked, but the NSA still thinks it's OK for the most secure communications, so it appears that nobody has a crack, and it's very likely that nobody ever will.
An iPhone has a component of the ke
Quantum wierdness. (Score:2)
Just enumerating the possible keys, let alone apply them to see if something intelligible appears, with sufficiently advanced quantum computers, would take more than just the total resources of the Solar System.
Actually, the whole POINT of quantum computers is that "enumerating" them all only takes one pass - because the computation does them all simultaneously, with only the "right answer" surviving the wave function collapse when the computation is complete and you read the result.
It's non-quantum compute
Re:Every phone can be decrypted... (Score:5, Insightful)
I can just see the argument here: "The Supreme Court ruled that "limited Copyright terms" are still limited even if they expire in 100 years. Therefore, our encrypted phones can be decrypted as far as the law is concerned. Yes, it would take 100+ years to decrypt, but that's a finite period of time and thus should be allowed."
Then, we can either throw out "all phones must be able to be decrypted" or "100+ year Copyright is still 'limited'."
Re: (Score:2)
Re: (Score:2)
I would assume that the manufacturer only has to be able to decrypt the phone AT SALE TIME.
I was thinking this as well - if the phone SHIPS decrypted, and during the intro has an option that says, "would you like to encrypt your stuff?" with 'yes' as the default, then one could argue that Google and Apple have done their due diligence. The problem is then the law gets amended, saying that the OEM cannot ship a phone that includes encryption technology, so they make it an app in the [App|Play] Store...then it becomes "the OEMs cannot provide software for doing this", at which point things start to
Re: (Score:2)
... or give up the fight against rooting and give their users root access in order to make the installation of low-level encryption tools possible. None of these things seem like options that either Apple or Google are going to be okay with...
Apple might have an issue, but the Android devices that you can buy from Google (the Nexus line) already include full manufacturer support for rooting in the form of the "fastboot oem unlock" command, no exploits required. For security reasons this wipes any user data on the phone (like a factory reset), but once it's been done you can continue to run the default OS or install whatever other software you wish.
Re: (Score:2)
Re: (Score:2)
Naw, use that plastic wrap that everybody in the rest of the world uses.
Re: (Score:3)
I think zip ties might actually be more secure than TSA locks.
The T&B nylon ones are more durable than the cheap-ass ones and when wrapped tight, you pretty much have to use a wire cutter to cut them off. I've been without one when I wanted to remove some and found a pair of conventional scissors and a pocket knife inadequate. This means that opportunistic people without tools are SOL.
I've used them on luggage and I mark mine in a surreptitious way. If they're completely off, I know the bag was opene