DA’s Office Releases Version 3.0 of its Report on Smartphone Encryption and Public Safety
Manhattan District Attorney Cyrus R. Vance, Jr., today hosted the 8th Annual Financial Crimes and Cybersecurity Symposium at the Federal Reserve Bank of New York in Manhattan. At the event, District Attorney Vance was joined by Jay Clayton, Chairman of the U.S. Securities and Exchange Commission; Ian Dyson, Commissioner of the City of London Police; François Molins, Paris Prosecutor; James P. O’Neill, Commissioner of the NYPD; and John J. Miller, NYPD Deputy Commissioner of Intelligence and Counter-terrorism.
“Today’s cyber threat landscape demands that we change the paradigm of traditional crime fighting,” said District Attorney Vance. “It isn’t our prosecutions alone, but rather public-private partnerships like the Global Cyber Alliance and tools like Quad9—focused squarely on prevention—that will protect Manhattan from the rising tide of cybercrime.”
President and CEO of the Global Cyber Alliance Philip Reitinger said: “Protecting against attacks by blocking them through DNS has been available for a long time, but has not been used widely. Sophisticated corporations can subscribe to dozens of threat feeds and block them through DNS, or pay a commercial provider for the service. However, small to medium-sized businesses and consumers have been left behind – they lack the resources, are not aware of what can be done with DNS, or are concerned about exposing their privacy and confidential information. Quad9 solves these problems. It is memorable, easy to use, relies on excellent and broad threat information, protects privacy, and security and is free.”
The annual symposium is convened to bring together leaders in government, law enforcement, finance, cybersecurity, and technology to exchange threat intelligence, form new partnerships, and share industry insights.
Global Cyber Alliance
In 2015, the Manhattan District Attorney’s Office, City of London Police, and Center for Internet Security announced the creation of the Global Cyber Alliance, an international coalition of organizations dedicated to reducing cyber vulnerability worldwide. To date, the alliance has grown to include over 190 partners from 22 different countries and 17 industries.
As part of GCA’s mission to enhance cybersecurity on a global scale, the organization developed a suite of powerful tools designed to combat phishing attempts and email spoofing through the implementation of DMARC defense protocols, which are free and available to organizations of any size. Nearly one year after the release of these tools, many agencies have begun working with GCA to implement DMARC, including the U.S. Department of Homeland Security.
Quad9 Domain Name System (DNS) Service
In partnership with IBM Security and Packet Clearing House, GCA also announced the release of Quad9, a free security solution that leverages the DNS system to prevent users from accessing malicious websites. The system uses threat intelligence from more than 19 cybersecurity companies, giving consumers and small and medium-sized businesses access to enterprise level security while preserving privacy – no personally identifiable data is collected.
Report on Smartphone Encryption and Public Safety
Today, the Manhattan District Attorney’s Office also released the third update to its report on Smartphone Encryption and Public Safety. As the era of default device encryption enters its fourth year, the inaccessibility of smartphone data remains, in more and more cases, an insurmountable obstacle for law enforcement and victims of crime. In one recent and tragic example, federal law enforcement officials investigating the mass shooting at First Baptist Church in Sutherland Springs, Texas on November 5, 2017—the deadliest shooting in Texas history—publicly acknowledged that they have been unable to extract evidence from a smartphone linked to the assailant.
Meanwhile, investigators confront this problem daily in less publicized cases. Criminals, like everyone else, operate increasingly in the digital realm. Traditional investigative techniques—searches of targets’ homes, physical surveillance, wiretaps on telephones—often fall short when it comes to gathering enough evidence to solve and prosecute today’s criminal activity. Unfortunately, much of today’s evidence exists in a space that, prior to 2014, was largely unheard-of: warrant-proof smartphones that have been designed to keep law enforcement out.
Over the past year, the debate over lawful access to smartphone evidence has shifted away from whether Apple and Google should be required to comply with court orders, and has focused increasingly on the idea that investigators can and should break into their products instead—using “workarounds” collectively known as “lawful hacking.”
However, obtaining this evidence is extremely costly in the expanding “lawful hacking” marketplace, and is available only in cases handled by a small minority of well-funded agencies. The report concludes that crime victims currently have unequal access to justice, depending on the resources of the city or county in which they live.
The full report can be found here.