District Attorney Arguing Against Encryption Handed Out Insecure Keylogging 'Monitoring' Software To Parents
Beyond James Comey, there are still a few law enforcement officials beating the anti-encryption drum. Manhattan DA Cyrus Vance is one of those. He's been joined in this fight by some like-minded district attorneys from the other coast, seeing as New York and California both have anti-encryption bills currently working their way through local legislatures. Vance, along with Los Angeles County DA Jackie Lacey and San Diego County DA Bonnie Dumanis, penned an op-ed against encryption for the LA Times. In it, they argue that tech companies have set them up as "gatekeepers" of communications and data, which they believe law enforcement should always have access to, no matter what.
DA Dumanis goes even further in a press release issued by her office. Tech companies aren't just gatekeepers standing between law enforcement and data. They're "gatekeepers of justice," apparently standing between victims of crime and punishment of wrongdoers.
The EFF's Dave Maass has fired back, via a post of the Voice of San Diego, pointing out that Dumanis especiallyshouldn't be inserting herself into the encryption debate -- not with her general disdain for the security of her constituents.
It opens with this:
The last person San Diego should trust with their computers and smartphones is District Attorney Bonnie Dumanis.And goes on to clearly articulate why Dumanis has no business attempting to legislate computer security. Dumanis spent public money acquiring and pushing a horrendously insecure piece of "parental monitoring" software.
In 2012, Dumanis spent $25,000 in public money on 5,000 copies of a piece of "parental monitoring" software called ComputerCop. This CD-ROM, which was distributed to families throughout the county for free, included a video from Dumanis promoting the program as the "first step" in protecting your children online.Two years later, Dumanis finally pulled the plug on the publicly-funded program, admitting the monitoring software was faulty and telling parents to disable the insecure keylogging function. Dumanis was hardly the only DA to recommend this terrible software, but she's one of the few who's stuck her head above the encryption parapet to offer her support of the Feinstein-Burr anti-encryption bill.
This first step, however, involved parents installing keylogger software on their home computers. This type of technology is a favorite tool of malicious hackers, since it captures everything a user types, including personal information such as passwords and credit card numbers. Not only did ComputerCop store keylogs in an unencrypted file on the person's computer, but it also transmitted some of that information over unsecured connections to a mysterious third-party server.
But that's not all. Dumanis and her office won't even secure their own website.
The district attorney's website fails to use HTTPS, the protocol that has become the industry standard for secure browsing online. This means that residents, including crime victims, whistleblowers and witnesses, cannot visit her site with confidence that their browsing won't be intercepted or manipulated by third parties.Dumanis -- like Vance, Comey, and others -- would rather sacrifice the safety of the public for a few more criminal prosecutions. The "greater good" apparently means nothing when a very small percentage of cases mightinvolve encrypted communications or devices.
Law enforcement has never had more access to communications and data that it does now. In the past, files were burned, papers were shredded, people passed notes and spoke in person -- all of which rendered these inaccessible to law enforcement. Now that these files and communications are conveniently stored en masse on cellphones and personal computers does notmean the government is somehow entitledto 100% access. A warrant that runs into encryption is a small price to pay for the security of millions of cellphone users. Despite maintaining the narrative that criminals are moving toward encrypted platforms, law enforcement reps and officials have yet to deliver any evidence that this is so widespread that backdooring or banning encryption is the only option. And the loudest law enforcement voices protesting tech companies and their "gates" are often those who care the least about protecting innocent people from criminals.
Permalink | Comments | Email This Story