Monday, February 1, 2016

New York Bill Proposes Backdoor on Encrypted Phones

If passed, the bill would require that all smartphones sold and leased in the state of New York as of Jan. 1, 2016 have the capability of being decrypted or unlocked by the manufacturer.
, Legaltech News
    | 0 Comments
Recently, there have been several battles in the encryption debate, which stands to undermine the privacy of consumer devices. The latest is a bill proposed by New York state assemblyman Matthew Titone, which aims to have encryption backdoors added to all smartphones in the state.
The bill was initially introduced in June 2015, months after Apple said it will no longer unlock its devices for the police, even with a search warrant. If passed, the bill which is currently with the consumer affairs committee, would require that all smartphones sold and leased in the state of New York as of Jan. 1, 2016, have the capability of being decrypted or unlocked by the manufacturer. 
“Lost cell phones are going to be an easy way for people to get into our lives, and I think putting a backdoor on the cell phone is a bad idea,” Yorgen Edholm, privacy advocate and CEO of private cloud company Accellion, told Legaltech News.
He added, “I think every time law enforcement uses it against the bad guys, the bad guys are going to use it against 100 good guys. I think it’s going to be one to 100 ratio of catastrophic privacy losses compared to maybe making it a little bit easier to catch the criminals, and I don’t think it’s going to be very effective because [the criminals] are going to use more secure methods.” 
Smartphone manufacturers could be fined as much as $2,500 per device for failing to comply.
The proposed bill states: “The sale or lease in New York of a smartphone manufactured on or after [Jan. 1, 2016] that is not capable of being decrypted and unlocked by its manufacturer or its operating system provider shall subject the seller or lessor to a civil penalty of two thousand five hundred dollars for each smartphone sold or leased if it is demonstrated that the seller or lessor of the smartphone knew at the time of the sale or lease that the smartphone was not capable of being decrypted and unlocked by its manufacturer or its operating system provider.”
The bill argues that the kind of encryption that is available in iOS 8/9 and the more recent versions of Android may help privacy, but can block access to evidence and "severely hampers" law enforcement.
“The security is always something that scares people much more than the privacy, but it’s much easier to lose privacy than it is to guarantee security,” said Edholm. “Everybody talks about terrorist security, and so far, I haven’t seen any report that [decrypting] cell phones have prevented a terrorism case.”
He added, “There are tons of things that [terrorists] can do to kind of sidestep this and the bad guys will do that and the normal guys are going to get their privacy violated.”
The bill has not yet been voted on by state assembly or senate. However, some experts say that if passed, such a law could lead to New Yorkers buying encrypted phones in another state, which could potentially drive business away from New York retailers.
“Weakening encryption with ‘backdoors’ will only increase cybersecurity risks. Hackers will inevitably find ways to exploit them. In addition, it’s an ineffective security measure because terrorists will simply find other ways to communicate discreetly,” David Jay, president of David Jay's Green Room Studios, told Legaltech News. “Since this would be a New York state law, encrypted devices could be easily purchased in neighboring states and would hurt the New York economy.”
He added, “Since 9/11, we have seen an erosion of our privacy in the name of security. While the issue of terrorism is a valid concern for the American people, the government is using reports of terrorist ‘threats’ as a canard to manipulate the public and justify their actions.”
Apple has expressed opposition to the bill, arguing that it will leave unavoidable gaps in its security, making it easier for hackers to gain access to consumers’ devices, as well as their data.
In fact, in a statement on the company’s privacy website, Apple’s CEO Tim Cook assured consumers that Apple has “never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.”
He further stated, “Our commitment to protecting your privacy comes from a deep respect for our customers. We know that your trust doesn’t come easy. That’s why we have and always will work as hard as we can to earn and keep it.”
Titone’s bill supports a previously distributed whitepaper, in which New York District Attorney Cyrus Vance demanded that encryption be outlawed to make law enforcement easier.
The whitepaper suggested that “the federal legislation would provide in substance that any smartphone manufactured, leased, or sold in the U.S. must be able to be unlocked, or its data accessed, by the operating system designer.”
Opposition to the decryption proposal has argued that making devices impregnable to the government lessens the devices’ security, and “thus increase the possibility of a bad actor unlawfully accessing device data.”
Vance said that “the loss of personal security would be minimal,” adding that “there is a cost-benefit analysis to be considered: The loss in personal security that would be occasioned by the proposed statute must be weighed against the gain in societal safety that it would create.”
“The problem with the cell phone is that my whole life is on that phone,” said Yorgen. “When authorities say they will not only be listening to my landline conversation but also my cell phone, that’s my life and I don’t think I’m okay with that.”
He said authorities will argue that they only want access to certain information, but “what I worry about is that now in order to get to my cell phone, and the records of who I talk to, they will also get the record of my banking, my browsing history, and other sensitive information, and that’s what I call my life.”



Read more: http://www.legaltechnews.com/id=1202748360189/New-York-Bill-Proposes-Backdoor-on-Encrypted-Phones#ixzz3yvblliCQ