(Bloomberg) -- Manhattan District Attorney Cyrus Vance Jr. waded into the renewed debate over government access to smartphones, proposing a compromise to companies such as Apple Inc. and Google Inc. that may mollify privacy advocates while preserving the ability of investigators to retrieve data with a warrant.
Vance’s statements Wednesday at a cybersecurity conference in New York echo those of CIA Director John Brennan and other national security and law enforcement officials, who in recent days have cited the need to stay a step ahead of terrorists who may use encryption to hide planned attacks, like those in Paris last week.
French media reported predawn raids in a Paris suburb Wednesday that led to seven arrests were triggered in part by information gleaned from a discarded mobile phone.
"The line to protect the public should not be drawn by two companies who make smartphones," Vance said, noting that his office has 111 cases where new encryption technology prevents investigators from accessing phone data. New York City Police Commissioner William Bratton called on technology companies to help investigators, saying Monday that otherwise, they are “working against us.”
In his speech Wednesday at New York’s Federal Reserve, Vance asked companies to allow easier law enforcement access to data such as texts and e-mails stored on mobile devices. Such calls have long met with resistance from privacy advocates. Vance, who has urged Apple, Google and Twitter Inc. to cooperate with investigators, proposed a middle road that can assist law enforcement across the spectrum of criminal investigation, not just terrorism.
“Photos and videos of child sexual assault; text messages between sex traffickers and their customers; even a video of a murder victim being shot to death -- these are just a few of the pieces of evidence found on smartphones,” his office said in a 42-page report that notes Apple has devised an encryption method that has stymied investigators.
In his report, Vance asked for an open discussion with technology companies, and proposes a solution that would only cover “data at rest” -- information on phones in physical possession of authorities. He proposed that Congress pass legislation requiring any designer of an operating system for a smartphone or tablet made or sold in the U.S. to ensure that data is accessible under a search warrant.
“We all support legitimate privacy concerns while giving law enforcement the data that’s necessary to fight crime and defeat terrorism,” Vance said. “We do not want a government backdoor, we do not want a key for the government and we don’t want to collect data on anyone.”
Action from Washington may not come for some time. Senate Intelligence Committee Chairman Richard Burr, a North Carolina Republican, said Tuesday that Congress isn’t ready to pass a law limiting the use of encryption, but lawmakers are on an “exploratory route to determine what options we have,”
“The reality is we don’t expect this to be received very well from companies who market their products on the ability to provide end-to-end encryption,” Burr said.
In 2014, after revelations by former National Security Agency contractor Edward Snowden that companies including Apple, Google and Yahoo Inc. had been compelled to cooperate with government spying programs, those and other companies announced stronger encryption, known as “full disk encryption.”
The new generation of phones automatically scramble data so that a digital key kept by the owner is needed to unlock it. The move made it harder for investigators to examine the contents of suspects’ phones without their knowledge or cooperation.
“Apple and Google are not responsible for keeping the public safe,” according to Vance’s report. “That is the job of law enforcement.”
Shortly after Apple and Google made the encryption change, Vance said in a Washington Post op-ed that the companies, whose operating systems are on 96 percent of smartphones worldwide, were helping criminals. This summer, he testified before a Senate Judiciary Committee, saying that the Fourth Amendment allowed for “reasonable searches” by the government.
Vance said at the time that his office had sent letters asking the companies if there was a way to encrypt their data without sacrificing security, and had yet to receive a response.
Privacy advocates have misconceptions about law enforcement’s position related to encryption, including a myth that it wants a “backdoor” or government-held “key,” Vance claimed. His proposal would cover individual mobile phones for which there was a court order, asking companies like Apple and Google to retrieve information, and wouldn’t allow data collection without possession of the device. Nor would it cover “data in transit,” which could allow eavesdropping on live communication.
Putting it more bluntly in an August op-ed published in the New York Times, Vance said Apple’s and Google’s switch to full- disk encryption wouldn’t have stopped the NSA’s mass surveillance as revealed by Snowden. The column was co-written by Paris Chief Prosecutor François Molins, City of London Police Commissioner Adrian Leppard, and High Court of Spain Chief Prosecutor Javier Zaragoza.
Vance’s office, which formed a cybercrime unit in 2010, is also trying to respect privacy as part of the Global Cyber Alliance, an effort with Leppard and the Center for Internet Security (CIS) announced Monday. The alliance, based out of both London and New York, will not collect any “personal identifiable information, and will only possess what is voluntarily provided -- data that describes or identifies the attackers’ information, such as location or infrastructure, and the threats associated with them,” according to a statement.
“We must get the right legislation to find the right balance between the right to privacy people have in society and the right you have to be protected by law enforcement agencies,” Leppard said Wednesday.
The issue of privacy versus security on mobile phones has only been partially tested in courts. It was weighed by the U.S. Supreme Court, which last year said a warrant is usually required to access data on a phone held by someone arrested. It’s also the subject of a lawsuit in Brooklyn, New York, where Apple is fighting the U.S. Justice Department’s demand for access to data on an iPhone seized during a drug probe.
In the dispute, the government argued that Apple had complied with at least 70 similar court orders and the company’s position represented “a stunning reversal” of past policy. Apple told the Brooklyn judge that the request goes beyond the boundaries of the law and that the government needs more authority from Congress to back such requests.
Vance also faced off with Twitter on similar issues of whether the maker of the technology is responsible for providing law enforcement with information. In 2012, shortly after New York’s Occupy Wall Street protests, a judge ruled that Twitter had to hand over information about protesters’ posts, comparing the duties of social media sites to witnesses of a street crime. Twitter had argued it shouldn’t be responsible for its users’ activities under the federal Stored Communications Act, a law enacted in 1986 which governs disclosure of electronic communications.
Top Stories:TOP Bloomberg Legal Resources: BLAW Top Legal Stories: TLAW
--With assistance from Christie Smythe, Chris Strohm and Chris Dolmetsch.
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access