Everyone In the Cook County Criminal Court System Too Busy Pointing Fingers To Fix Its Antiquated Records System
Furnished content.
When you write regularly about lawsuits, you learn very quickly that not all court systems are equal when it comes to allowing modern access to public filings and records. The country is a veritable panoply of an access spectrum, with some districts offering modern e-filing systems and websites to review documents, while other districts are far more antiquated and restrictive. That said, it's hard to imagine a county court system more backwards than that of Chicago's Cook County.Every workday, attorneys enter criminal courtrooms across Cook County, put away their smartphones and operate in a world that their grandparents would have recognized: accordion-style Manila folders to hold paper documents, handwritten orders for judges to sign, even carbon paper to make copies of the paper filings.“God help us all if the carbon didn’t take,” said defense attorney Alana De Leon, who had never used the outdated copying method — invented more than two centuries ago — before setting foot in a West Side branch court a few years ago. While the Tribune article notes that these antiquated techniques result in derisive jokes from the attorneys forced to use them, the reality is that they are no laughing matter. The article tells the story of a woman looking for filing information for her boyfriend's criminal court case and was forced to travel 14 miles just to find out what charges her boyfriend was facing. And this sort of thing isn't reserved for the lay public. Criminal defense attorneys must also make a similar trek just to find out the basic case information for any clients they may take on in Cook County as well. In the surrounding counties, this information would be available via e-filings via an internet connection. In Cook County, home to the third largest city in the union, its all physical filings and carbon copies.Circuit Court Clerk Dorothy Brown, in charge of this love letter to the days of robber barons, does not want to hear you blame her for any of this, however.Circuit Court Clerk Dorothy Brown bristled at the suggestion that her office has been slow to adapt to the internet age, telling the Tribune in an hourlong interview last week that a complete overhaul of the criminal case management system is expected to be completed by March 2019. Brown spoke of an “interactive” system in which much of the work performed by attorneys and judges in the courtrooms could be done electronically. Brown said her ultimate goal is to end the reliance on ink and paper. While that may all sound good, if quite late, it's worth noting that Brown is the same Clerk that has gone to court to block press access to e-filings in recent weeks.Dorothy Brown, Chicago’s elected court clerk, filed her appeal notice this week, challenging a ruling in early January by U.S. District Judge William Kennelly. The judge found the First Amendment prohibits the clerk from withholding new efiled complaints, a regular source of news, from the press corps. He gave the clerk 30 days to provide access.She made no move to comply and continues to argue that she must first screen the filings for confidentiality. In his 16-page opinion, Kennelly found that argument belied by a number of effective alternatives available to the clerk. It's moves like that which create the impression that the lack of transparency that comes along with Cook County's laughably anachronistic records systems is a feature rather than a bug. Cook County has long been a place where county and city officials have played a game of subterfuge with the press and the public, hiding legal machinations as well as actions taken by the city, such as million dollar payouts to the families of victims of police shootings. Making the court system as opaque as possible for as long as possible seems to be the goal.Brown, of course, insists otherwise and blames the state Supreme Court and Chief Judge Timothy Evans for Cook County's woes.Brown said her hands have been tied by the Illinois Supreme Court dragging its feet in allowing e-filing statewide in criminal cases for the first time just last year. She also blamed Chief Judge Timothy Evans’ office for blocking her from making basic docket information available online for criminal cases.In an email, however, Evans’ spokesman, Pat Milhizer, denied Brown’s claim, saying his office would consider any such proposal from the circuit clerk. Many will say this all smells of classic Chicago machine politics. And, in many respects, it certainly comes off that way. The suburban counties all have modern e-filing systems in place, after all, including several rural counties that don't have nearly the breadth of resources afforded to Cook County. What should be kept top of mind, however, is the tax all of this puts on the public and its interest in justice in the county. Going back to defense attorney De Leon and the use of technology as outdated as carbon copy:“To a certain extent ... the lack of transparency kind of is the ugly product of the old system,” De Leon said. “I don’t know if it’s necessarily on purpose — to keep this information away from the average citizen — but it certainly is a consequence of that.” And no amount of CYA or finger-pointing should distract anyone from the obvious reality that the public is not being well-served by the Cook County court filing system.
Permalink | Comments | Email This Story
Read more here
posted at: 12:00am on 23-Feb-2018
path: /Policy | permalink | edit (requires password)
Report On Device Encryption Suggests A Few Ways Forward For Law Enforcement
Furnished content.
Another paper has been released, adding to the current encryption discussion. The FBI and DOJ want access to the contents of locked devices. They call encryption that can be bypassed by law enforcement "responsible encryption." It isn't. A recent paper by cryptograpghy expert Riana Pfefferkorn explained in detail how irresponsible these suggestions for broken or weakened encryption are.This new paper [PDF] was put together by the National Academies of Science, Engineering, and Medicine. (h/t Lawfare) It covers a lot of ground others have and rehashes the history of encryption, along with many of the pro/con arguments. That said, it's still worth reading. It raises some good questions and spends a great deal of time discussing the multitude of options law enforcement has available, but which are ignored by FBI officials when discussing the backdoors/key escrow/weakened encryption they'd rather have.The paper points out law enforcement now has access to much more potential evidence than it's ever had. But that might not always be a good thing.The widespread use of cloud storage means that law enforcement has another potential source of evidence to turn to when they do not have access to the data on devices, either because the device is unavailable or the data on the device is encrypted. Not all of this digital information will be useful, however. Because storage is cheap or even free, people keep all sorts of non-noteworthy electronic documents forever. What's unsaid here is law enforcement should be careful what it wishes for. Encryption that allows government on-demand access may drown it in useless data and documents. If time is of the essence in cases where law enforcement is seeking to prevent further criminal activity, having a golden key may not move things along any faster. I'm sure the FBI and others would prefer access all the same, but this does point to a potential negative side effect of cheap storage and endless data generation.And the more access law enforcement has, the more chances there are for something to go horribly wrong on the provider's end.How frequently might vendors be asked to unlock phones? It is difficult to predict the volume of requests to vendors, but a figure in the tens of thousands per year seems reasonable, given the number of criminal wiretaps per year in the United States and the number of inaccessible devices reported by just the FBI and Manhattan District Attorney’s Office. As a result, each vendor, depending on its market share, needs to be able to handle thousands to tens of thousands of domestic requests per year. Such a change in scale, as compared to the software update process, would necessitate a change in process and may require a larger number of people authorized to release an unlock code than are authorized to release a software update, which would increase the insider risk. The paper also runs down stats provided by the FBI and the Manhattan DA's office. It notes the overall number of unlockable phones has continued to rise but points out these numbers aren't all that meaningful without context.In November 11, 2016, testimony to this committee, then-Federal Bureau of Investigation (FBI) General Counsel James Baker reported that for fiscal year 2016, the FBI had encountered passcodes on 2,095 of the 6,814 mobile devices examined by its forensic laboratories. They were able to break into 1,210 of the locked phones, leaving 885 that could not be accessed. The information Baker presented did not address the nature of the crimes involves nor whether the crimes were solved using other techniques.[...]Although existing data clearly show that encryption is being encountered with increasing frequency, the figures above do not give a clear picture of how frequently an inability to access information seriously hinders investigations and prosecutions. It goes on to note that we may never see this contextual information. Any attempt to collect this data would be hindered by law enforcement's reluctance to provide it, and there are currently no visible efforts being made by agencies to determine just how often encryption stymies investigations. Whatever would actually be reported would be tainted by subjective assessments of encryption's role in the investigation. However, without more context, the endless parade of locked device figures is nothing more than showmanship in service to the greater goal of undermining encryption.The paper helpfully lists several options law enforcement can pursue, including approaching cloud services for content stored outside of locked devices. It also points out the uncomfortable fact that law enforcement doesn't appear to be making use of tools it's always had available. One of these options is compelled production of passwords or biometric data to unlock phones. While the Fifth Amendment implications of compelled password production are still under debate, it's pretty clear fingerprints or retinas aren't going to receive as much Constitutional protection.On top of that, there's the fact that a number of device owners have already voluntarily provided copies of encryption keys, and these can likely be accessed by law enforcement using a standard warrant or an All Writs Act order.[M]any storage encryption products today offer key escrow-like features to avoid data loss or support business record management requirements. For example, Apple’s full disk encryption for the Mac gives the user the option to, in effect, escrow the encryption key. Microsoft Windows’ BitLocker feature escrows the key by default but allows users to request that the escrowed key be deleted. Some point to the existence of such products as evidence that key recovery for stored data can be implemented in a way that sensibly balances risks and benefits at least in certain contexts and against certain threats. In any case, data that is recoverable by a vendor without the user’s passcode can be recovered by the vendor for law enforcement as well. Key escrow-type systems are especially prevalent and useful where the user, or some other authorized person such as the employer, needs access to stored data. The report also claims law enforcement "had not kept pace" with the increase of digital evidence. It posits the problem is a lack of funding and training. Training is almost certainly a problem, but very few law enforcement agencies -- especially those at the federal level -- suffer for funding or expertise. This might be due to bad assumptions, where officials believed they would always have full access to device contents (minus occasional end user initiative on encryption). When it became clear they wouldn't, they began to seek solutions to the problems. This put them a few steps behind. Then there are those, like Manhattan DA Cy Vance and FBI Director Chris Wray, who are putting law enforcement even further behind by pushing for legislation rather than focusing their efforts on keeping officers and agents well-supplied and well-trained.While the report does suggest vendors and law enforcement work together to solve this access "problem," the suggestions place the burden on vendors. One suggested fix is one-way information sharing where vendors make law enforcement aware of unpatched exploits, allowing the government (and anyone else who discovers it) to use these vulnerabilities to gain access to communications and data. It's a horrible suggestion -- one that puts vendors in the liability line of fire and encourages continued weakening of device and software security.The report also points out the calls for harder nerding have been at least partially answered. The proposed solutions aren't great. In fact, one of them (running lawful access keys and software update keys through the same pipeline) is terrible. But it's not as though no one on the tech side is trying to come up with a solution.Several individuals with backgrounds in security and systems have begun to explore possible technical mechanisms to provide government exceptional access. Three individuals presented their ideas to the committee.• Ernie Brickell, former chief security architect, Intel Corporation, described ways that protected partitions, a security feature provided by future microprocessor architectures, could be used to provide law enforcement access to devices in their physical possession, provide remote access by law enforcement, or provide key escrowed cryptography for use by applications and nonescrowed cryptography for a set of “allowed” applications.• Ray Ozzie, former chief technical officer and former chief software architect, Microsoft Corporation, argued that if a user trusts a vendor to update software, the user should be able to trust the vendor to manage keys that can provide exceptional access. He proposed that this extension of the trust model used for software updates could be used to provide government exceptional access to unlock mobile devices. Ozzie also provided the committee with materials describing how this approach could be extended to real-time communications such as messaging.• Stefan Savage, professor of computer science and engineering, University of California, San Diego, described how phone unlock keys could be stored in hardware and made available via an internal hardware interface together with a “proof-of-effort” lock that together would require physical possession and a time delay before law enforcement could unlock a device. The report points out these are only suggestions and have yet to be rigorously examined by security professionals. But their existence belies the narrative pushed by the FBI in its search for a federal statutory mandate. There are experts trying to help. Unfortunately, every solution proposed is going to require a sacrifice in device security.The problem is complex, if you choose to believe it's a problem. It may be troublesome that law enforcement can't have access to device contents as easily as they could five years ago, but it's not the threat to public safety anti-encryption enthusiasts like Chris Wray and Cy Vance make it out to be. Encryption use has gone up while crime rates have remained steady or decreased. The emphasis on cellphones as the ultimate investigative goldmine is misplaced. Plenty of options remain and law enforcement spent years solving crimes without having one-stop access to communications and personal documents. An ancient discovery known as "fire" has put evidence out of reach for hundreds of years, but no one's asking the smart guys at Big Match to come up with a solution. Things are harder but they're not impossible. What is impossible is what Wray and others are asking for: secure compromised encryption.
Permalink | Comments | Email This Story
Read more here
posted at: 12:00am on 23-Feb-2018
path: /Policy | permalink | edit (requires password)
|
|