FTC CTO: Full Disk Encryption Is Important In Preventing Crime
from the taking-a-stand dept
While the FBI and NSA continue their campaign to fight against allowing encryption for devices, it’s clear that not everyone in the government agrees. It does appear that there’s a bit of a fight going on within the administration over where to come down (as President Obama himself admitted), and in a recent blog post, it seems pretty clear where the FTC comes down in this debate. The FTC’s CTO, Ashkan Soltani, who has long been a strong user-privacy advocate (and before joining the FTC helped in some of the reporting on the Snowden documents), wrote the blog post celebrating the virtues of full disk encryption and other “end user device controls.” It starts out by noting that when he recently lost his own laptop, he wasn’t that worried, thanks to the fact that it was encrypted.
Strong end-user privacy and security controls, such as device encryption and firmware passwords, not only protect personal information from unwanted access ? they can also make it easier to recover lost or stolen devices as well.
Last month, I had the misfortune of having a personal laptop stolen.
Fortunately for me, while I was a bit bummed about losing my two-year-old laptop, I backup regularly and always enable disk encryption which is an important step to protect the information stored on the hard-disk from unwanted access by criminals, employers, or other actors (with the exception of very sophisticated adversaries).
He notes that this actually allowed him to help track down the device, because whoever ended up with the “useless” laptop tried to bring it to an Apple Genius Bar, which resulted in Soltani receiving an email.
Fast forward to a few weeks later, when I received an email to my personal account notifying me of an upcoming Apple Genius Bar visit. I was initially confused by the email but soon realized that it’s probably the thief (or the undiscerning buyer) of my laptop trying to take it into Apple for repair ? likely because they?re unable to use it without knowing the firmware password I set.
I immediately began calling local law enforcement and the nearby Apple stores notifying them of the theft and this development. After a few phone calls and the help of a fantastic Sergeant in the Local Crimes Unit of the Sacramento Police department, I was able to coordinate an agreement whereby Apple would notify law enforcement if the new user brought the machine in for repair. After an initial disappointment on account of the suspect skipping his Genius Bar reservation, a representative from Apple Customer Relations notified me that the device was brought into another store and they were coordinating with Sacramento Police Department to return it to me. I?m unclear as to whether they were able to track down the original thief.
And thus, the FTC’s CTO makes it clear that full disk encryption has benefits beyond even just keeping your own data safe:
In the end, strong end-user controls like device encryption and firmware passwords not only protect sensitive info stored on the device, they also prevent criminals from utilizing stolen property. The more devices feature strong end-user controls, the less likely thieves can profit from their theft on the open market.
Given that the FBI is supposed to be interested in preventing crime, you’d think James Comey would support that kind of thing…
Filed Under: ashkan soltani, encryption, ftc, full disk encryption, going dark, laptops
Comments on “FTC CTO: Full Disk Encryption Is Important In Preventing Crime”
Uh, no?
That makes as much sense as “given that hack drivers are supposed to be interested in transporting people, you’d think that the Iron Gustav would have supported automobiles”.
The FBI’s job description is preventing crime (well, they recently changed it to preventing terrorism since that’s a lot less work and basically means that you can spend all your time eavesdropping rather than trying to do detective work, but let’s be conservative). So why would they want their job to be made redundant?
In particularly, if it makes it harder for them to diddle their privates while they are nosing through other people’s affairs?
Re: Uh, no?
Bah. Replace “hack” by “droshky” or “coach” or anything else drawn by horses. Makes a lot more sense that way.
Given that their role is investigating crime, why would they be interested in preventing it, and putting themselves out of a job. They want access to everybody’s devices, and the ability to track them so that they find more crimes to investigate and so increase their budget and manpower.
Re: Hmmm...
That must be why the United States Trade Representatives have been such failures at negotiating trade agreements — job security.
Re: Re: Hmmm...
No, it’s more like an attitude problem.
It’s like a slave plantage owner negotiating with unionists. Once you figure out that your definitions of “human” are different, everything you negotiated so far becomes untenable.
Re: Re:
Agree. But to add to your point, if the FBI is running low on crimes to investigate, it is important to have access to everyone’s devices in order to manufacture crimes to investigate.
Who would have told?! The same technology can be used for protection and for crime! Where else have we seen that before? /sarc
Re: Re:
Computers are a technology that can be used for protection and for crime.
Don’t believe computers can be used for crime? Just ask anyone who has been hit over the head with a computer.
FIB CTO: Full Disk Encryption SHOULD BE A CRIME
So the government left hand doesn’t know what the other left hand is doing?
Full Disk Encryption is okay
As long as the encryption has magical golden keys sprinkled with the pure dust of genuine unicorns. The number of golden keys that should unlock the encryption is left unspecified until all interested government parties have put in their requests for copies of the golden keys.
Re: Full Disk Encryption is okay
Interested government parties should have no problem then, given that unicorns are abundant in the one place they exist: Cloud Cuckoo Land, where interested government parties are habitually resident.
Re: Full Disk Encryption is okay
Full Disk Encryption is okay…
…until your hard drive has problems and you need to recover the data from it. If the disk’s file system is intact then you or a tech guy probably can recover them–as long as you have the encryption keys. If however it is NOT intact–because, for example, your drive has suffered a head crash and corrupted the directory–forcing you to try to recover it on a block-by-block basis, then chances are you’re stuffed because each block will be gibberish, making it nightmarish to work out the block sequence for each file.
One further point: full disk encryption as a safeguard presumes you either don’t keep backups of your files or you do but those backups are also encrypted. Because if you DO keep backups and those backups are NOT encrypted then why would the thieves go for the encrypted drive when they’d do better to grab the backup files instead?
Comey is just misunderstood
I’m sure Mr. Comey is fine with encryption, just as long as only the Guv’ment is allowed to use it.
No more encryption?
So, if encryption is going to be banned, does that mean DRM is out the door as well?
Re: No more encryption?
So, if encryption is going to be banned, does that mean DRM is out the door as well?
Err – no you plebs need to do as I say – and quit trying to copy what I do.
Re: No more encryption?
DRM is worse than simple encryption, because I must be able to control (eg, trust) YOUR computer to do MY will. That is, to decrypt something, but make the crypto keys inaccessible to you. It’s all an exercise in obfuscation to make the barrier so high that few or no crackers will discover how to crack the encryption.
Now what arguments could be made that DRM could be used to commit crimes? If I must be able to control your computer in order for you to receive my encrypted message (or music or movie) then imagine the position that puts three letter agency snoopers in?
Re: Re: No more encryption?
Would that be like a large corporation which sold copies of its imaginary property and those copies came bundled with software which installed stealthily (unbeknownst to the new owner of that copy of the imaginary property and the device within which it was being used)? This behavior was not mentioned to the customer either before or after purchase time. This software is also well known to create an unsecurable security vulnerability.
Happily, some lucky (or prescient) users did not use the operating system on their devices which the corporation assumed they’d be using, so this subterfuge was discovered.
Re: Re: No more encryption?
It’s a crime to think DRM works…
"Preventing crime"
So he encrypted his laptop.
That did not prevent it from being stolen. It only prevented use of the laptop.
That’s like saying a burglar alarm prevents burglaries. NO, they do not, they only send signals that something needs to be checked.
Also like saying a fire alarm prevents fires. NO, they do not, they only send signals that something needs to be checked.
Re: "Preventing crime"
It prevented the permanent loss of the laptop, prevented the thief from accessing content on the laptop, and, if deployed at a wide enough scale, would render theft of laptops undesirable because of the risk that the stolen laptop would be a fancy brick for anyone without the owner password.
Re: Re: "Preventing crime"
And, could quite possibly lead to the recovery of said laptop, when it’s brought in for service, and perhaps even the arrest and prosecution of the thief. Gee, that’d almost be like crime prevention, yes?
Re: "Preventing crime"
It prevent the data from being used for criminal activities.
So yeah, the physical laptop was stolen, but the data on it was safe from identity thieves and and other sundry villains.
Re: "Preventing crime"
“That did not prevent it from being stolen. It only prevented use of the laptop.”
For a lot of people, the data inside the laptop is far more valuable than the laptop itself.
Re: "Preventing crime"
Your burglar alarm analogy is close on the secondary point, but you missed the details. If an entire neighborhood is known to have almost every house equipped with alarms, the whole neighborhood is less likely to be burglarized. If encryption becomes near ubiquitous, there will be less market for stolen electronic devices.
Re: Re: "Preventing crime"
“If encryption becomes near ubiquitous, there will be less market for stolen electronic devices.”
I don’t see how that follows, since reformatting the disk renders the device usable again.
Re: Re: Re: "Preventing crime"
Oh, I was under the impression that with firmware level encryption, that would not be possible.
Re: Re: Re:2 "Preventing crime"
Yeah, that would be such a bad idea.
Humans have a tendency to lose the access codes to things they legitimately own.
Reformatting the system is a chore in and of itself. But bricking the unit for want of a passcode…that would be a whole lot of harsh.
Re: Re: Re:2 "Preventing crime"
” I was under the impression that with firmware level encryption”
The discussion is about whole disk encryption. Firmware encryption is an entirely different topic, and is very rare (for very good reason).
Re: Re: Re: "Preventing crime"
True, but that assumes the new possessor has the time and resources to do this. I agree, this seems like a pretty low bar, but it is not a zero cost operation. Some non-technical users probably have no valid OS install media, so they could not necessarily load a functioning OS onto the device.
Also, for non-Mac laptops, it introduces the threat that the new possessor will have to install a new version of Windows. Just the threat of having Windows 10 on a system would deter me from using it. 😉
Re: Re: Re:2 "Preventing crime"
Since in this case we’re talking about a 2013 MacBook…
The EFI firmware is protected by a password, meaning that you’d need to physically remove the drive to reformat it… and the drive is likely a flash drive soldered onto the motherboard.
Next up: if the thief DOES succeed in formatting the drive, they need to re-install the OS. To do this, they need to either have a hard copy (which Apple doesn’t sell), or boot into recovery mode, where Apple requires their Apple ID and CLSID (hardware serial numbers) to download and install the OS.
Since Apple already knows which Apple ID the CLSID belongs to, that’s the ID and password they require.
In this case, a thief would really have to start by stealing the Apple ID BEFORE they stole the physical computer. And if they stole the Apple ID first, they’d have no need to steal the computer to get at the information, as they could just remote log-in to the computer and do whatever they wanted.
But either way, the hardware is protected and linked to the account. If you have the equipment to get around the protections, you’re unlikely to actually have incentive to steal the MacBook in the first place.
Re: Re: Re:3 "Preventing crime"
I’m not familiar with the Apple BIOS. Is it impossible to clear the BIOS password using the usual methods?
What do you do if you lose your password? Does the Apple ID substitute for a password, does Apple hold the password, or does Apple have a back door?
If the answer to any of those three questions is “yes”, that’s a very good reason not to buy Apple computers.
Re: Re: Re:4 "Preventing crime"
There is a pretty well-known story where tech writer Mat Honan’s Apple ID was reset through some well executed social engineering, but that was a few years ago. I would guess that they’ve toughened things up since then, knock on wood.
Re: Re: Re:4 Reasons not to buy apple products
For people who are security minded or like to custom-tweak their own OSes / interfaces, yeah there are a lot of good reasons to not buy apple.
Re: Re: Re:2 "Preventing crime"
“but that assumes the new possessor has the time and resources to do this”
Actually, it assumes the thief or the fence has the time and resources to do this. Which they almost certainly do.
Re: Re: Re: "Preventing crime"
It does add expense to the thief. Now, they not only have to steal a laptop, but they have to format the drive and install a new OS onto it so they can sell it.
While there are probably lots of sophisticated thieves out there, this could easily have an impact on those that are unable to easily perform this task (like someone stealing to support drug habits).
Also, if the sophisticated thieves do have a corporate install key of some sort, it could add another crumb to the trail of catching them if they are reformatting a bunch of stolen laptops and installing a new OS with a single product key.
It doesn’t “prevent theft”, but it adds another barrier that may help reduce it’s frequency – thus preventing some thefts.
I like happy endings involving end-to-end encryption. 🙂