October 2015 – DoGoodSoft's Official Blog

Oracle hardwires encryption and SQL hastening algorithms into Sparc M7 silicon

Oracle execs used the final keynote of this week’s OpenWorld to praise their Sparc M7 processor’s ability to accelerate encryption and some SQL queries in hardware.

On Wednesday, John Fowler, veep of systems at Oracle, said the M7 microprocessor and its builtin coprocessors that speed up crypto algorithms and database requests stood apart from the generic Intel x86 servers swelling today’s data center racks.

“I don’t believe that the million-server data center powered by a hydroelectric dam is the scalable future of enterprise computing,” Fowler said. “We’ll need to keep doing it, but we also need to invest in new technology so you all don’t have to build them.”

He told the crowd that Oracle has spent the past five years working out how to build a chip that can handle some SQL database queries in hardware, offloading the job from the main processor cores.

The new Sparc has eight in-memory database acceleration engines that are capable of blitzing through up to 170 billion rows per second, apparently. The acceleration is limited by the memory subsystem, which tops out at 160GB/s. Each of the eight engines has four pipelines, which adds up to 32 processing units.

According to Oracle, an acceleration engine can read in chunks of compressed columnar databases, evaluate a query on those columns while decompressing the information, and then spit out the result. While powerful, these engines are tiny and account for less than one per cent of the M7 chip’s acreage, Fowler said.

Essentially, the hardware is tuned for performing analytics at high-speed on in-memory columnar databases. Decompression is more important than compression for handling information fast, Fowler said, and the decision to build in specific hardware to handle it all makes the M7 very speedy. Very speedy at running Oracle Database, anyway.

To access these engines, you need to use an Oracle software library that abstracts away the specifics of the hardware: the library queues up SQL queries for the coprocessors to process, much like firing graphics commands into a GPU. Naturally, Oracle Database takes advantage of this library.

Oracle has taken the same hardware approach to encryption, too. Inside the M7 are accelerators capable of running 15 crypto algorithms, including AES and Diffie-Hellman, although at least two of these – DES and SHA-1 – are considered to be broken by now. Hardware accelerated crypto is standard issue now in today’s microprocessors, from Intel and AMD CPUs to ARM-compatible system-on-chips.

As a result of these accelerators, the M7 chip is 4.5 times as fast as IBM’s Power8 processors, Fowler claimed, and in Oracle systems the processor handled encrypted data only 2.8 per cent more slowly than the same data unencrypted. The cryptographic capabilities of the chip don’t just work for Oracle code, Fowler said, but also in third-party Solaris applications.

“We’ve picked up the pace of silicon development,” he concluded. “This is our sixth processor in five years, with many more to come.”

Timothy Prickett Morgan, co-editor of our sister site The Platform said the M7 has 10 billion 20nm transistor gates, and its database analytics engines are available to any programs running on Solaris.

“The Sparc M7 processors made their debut at the Hot Chips conference in 2014, and it is one of the biggest, baddest server chips on the market,” Prickett Morgan added in his in-depth analysis on Wednesday.

“And with the two generations of ‘Bixby’ interconnects that Oracle has cooked up to create ever-larger shared memory systems, Oracle could put some very big iron with a very large footprint into the field, although it has yet to push those interconnects to their limits.”

Biometric data becomes the encryption key in Fujitsu system

Fujitsu says it has developed software that uses biometric data directly as the basis for encryption and decryption of data, simplifying and strengthening security systems that rely on biometrics such as fingerprints, retina scans and palm vein scans.

Current security systems that rely on encryption require the management of encryption keys, which are stored on secure smartcards or directly on PCs. Biometric scans can be used as a way of authenticating the user and providing access to those encryption keys in order to decrypt data.

Fujitsu’s system uses elements extracted from the biometric scan itself as a part of a procedure to encrypt the data, making the biometric scan an integral part of the encryption system and removing the need for encryption keys.

That has two big benefits, according to the company.

The lack of encryption keys means there’s no need for smartcards and hackers won’t have anything to find should they break into a network.

The second major benefit comes from biometric data use with cloud services. With current systems, a user’s biometric data is potentially vulnerable as it’s sent over the Internet to allow log-in to a service. Because Fujitsu’s new system uses random numbers to convert the biometric data as part of the encryption and decryption process, unconverted data is not transmitted over a network.

The procedure employs error correction to smooth out slight differences in successive biometric scans that are the result of variations in a user’s position or motion when the scan is taken.

At present, the system has been developed to work with palm vein authentication, a technology that Fujitsu has spent years developing and has already deployed on systems like bank ATMs in Japan. But the company said it could readily be adapted to work with other biometric data such as fingerprints or retina scans.

The software was developed by Fujitsu Laboratories and two Japanese universities, Kyushu University and Saitama University, and is being presented this week at the 8th International Symposium on Foundations and Practice of Security in Clermont-Ferrand, France.

Tech Companies and Civil Liberties Groups Force Obama To Weigh In On Encryption Debate

President Obama will now be forced to publicly describe the extent of his commitment to protecting strong encryption, after nearly 50 major technology companies, human rights groups, and civil liberties collectives—including Twitter, the ACLU, and Reddit — succeeded in getting over 100,000 signatures on a White House petition on Tuesday.

The government’s “We the People” platform, created in 2011, was designed as “a clear and easy way for the American people to petition their government.” Once a petition gains 100,000 signatures, it is guaranteed a response.

The savecrypto.org petition demands that Obama “publicly affirm your support for strong encryption” and “reject any law, policy, or mandate that would undermine our security.”

FBI director James Comey has been preaching about the dangers of end-to-end encryption for the past year, saying it blocks law enforcement from monitoring communications involving criminals and terrorists. He’s asked for special access into encrypted communications — a “back door” or “front door.”

However, technologists and privacy advocates insist that any hole in encryption for law enforcement can be exploited by hackers.

Comey testified earlier this month before the Senate Homeland Security and Governmental Affairs Committee that the White House was not seeking legislation to force companies to build backdoors into their products—at least not yet.

However, top intelligence community lawyer Robert S. Litt wrote in a leaked e-mail obtained by the Washington Post that public opinion could change “in the event of a terrorist attack or criminal event” where encryption stopped law enforcement from detecting the threat. He recommended “keeping our options open for such a situation.”

Now, the White House will have to speak for itself.

“More than 100,000 users have now spoken up to ask the Administration to make a strong statement in support of data security – no back doors, no golden keys, no exceptional access,” said Amie Stepanovich, the U.S. Policy Manager for digital rights group Access Now, one of the founding organizations of the petition along with the Electronic Frontier Foundation. “We thank those who have stood with us and look forward to President Obama’s response.”

Your self-encrypting hard drive isn’t nearly as secure as you thought

If you want to keep your information away from hackers and snoops, whether it’s your Internet use, email, hard drive data or your backup, the best thing you can do is use encryption. Encryption scrambles your data and, in theory, the only way to unscramble it is to know the password. That’s why choosing a strong password no one can guess is important.

This is also what makes a ransomware virus that encrypts your files so dangerous. Without paying for the decryption password, you can’t get your files back. Learn three steps you can take to beat ransomware. Unfortunately for your security, encryption isn’t always a secure as you’d hope.

Without going into too much technical detail, there are a lot of ways that encryption can happen, from the method it uses to encrypt the data to how many bits it uses. For example, you’ll see 128-bit AES and 256-bit AES show up a lot in programs and Web encryption. There’s SHA-1 and SHA-2 from the NSA. For your router, you’ll see options like WEP, WPA TKIP, WPA2 AES and more.

Unfortunately, not all encryption is created equal. For centuries, mathematicians and cryptographers have been coming up with and breaking encryption schemes. As computers have gotten more powerful, encryption that should have taken centuries to crack can fail in seconds.

That’s why you don’t see much 64-bit AES anymore, why using WEP on your router is the same has having no encryption, and why large organizations are moving from SHA-1 to SHA-2 encryption.

Of course, this is way more than the average person should have to think about. You should be able to trust that every company is using the best encryption possible in the products you buy and use. Unfortunately, that often isn’t the case, and we just got a fresh reminder.

Western Digital’s hard drive encryption is useless. Totally useless

The encryption systems used in Western Digital’s portable hard drives are pretty pointless, according to new research.

WD’s My Passport boxes automatically encrypt data as it is written to disk and decrypt the data as it is read back to the computer. The devices use 256-bit AES encryption, and can be password-protected: giving the correct password enables the data to be successfully accessed.

Now, a trio of infosec folks – Gunnar Alendal, Christian Kison and “modg” – have tried out six models in the WD My Passport family, and found blunders in the software designs.

For example, on some models, the drive’s encryption key can be trivially brute-forced, which is bad news if someone steals the drive: decrypting it is child’s play. And the firmware on some devices can be easily altered, allowing an attacker to silently compromise the drive and its file systems.

“We developed several different attacks to recover user data from these password-protected and fully encrypted external hard disks,” the trio’s paper [PDF] [slides PDF] states.

“In addition to this, other security threats are discovered, such as easy modification of firmware and on-board software that is executed on the user’s PC, facilitating evil maid and badUSB attack scenarios, logging user credentials, and spreading of malicious code.”

My Passport models using a JMicron JMS538S micro-controller have a pseudorandom number generator that is not cryptographically safe, and only cycles through a series of 255 32-bit values. This generator is used to create the data encryption key, and the drive firmware leaks enough information about the random number generator for this key to be recreated by brute-force, we’re told.

“An attacker can regenerate any DEK [data encryption key] generated from this vulnerable setup with a worst-case complexity of close to 240,” the paper states.

“Once the DEK [data encryption key] is recovered, an attacker can read and decrypt any raw disk sector, revealing decrypted user data. Note that this attack does not need, nor reveals, the user password.”

Drive models using a JMicron JMS569 controller – which is present in newer My Passport products – can be forcibly unlocked using commercial forensic tools that access the unencrypted system area of the drive, we’re told.

Drives using a Symwave 6316 controller store their encryption keys on the disk, encrypted with a known hardcoded AES-256 key stored in the firmware, so recovery of the data is trivial.

Meanwhile, Western Digital says it is on the case.

“WD has been in a dialogue with independent security researchers relating to their security observations in certain models of our My Passport hard drives,” spokeswoman Heather Skinner told The Register in a statement.

“We continue to evaluate the observations. We highly value and encourage this kind of responsible community engagement because it ultimately benefits our customers by making our products better. We encourage all security researchers to responsibly report potential security vulnerabilities or concerns to WD Customer Service.

NSA, Apple Chiefs Decode Encryption Views

LAGUNA BEACH, Calif.—The heads of the National Security Agency and the world’s most valuable company appeared to try to make nice Monday night over their contrasting views on encryption—to a point.

NSA Director Adm. Michael Rogers and Apple Inc. Chief Executive Tim Cook, appearing at The Wall Street Journal’s technology conference, WSJDLive, spoke in broad terms about encryption in back-to-back interviews.

Asked about efforts by Apple and other tech firms to build products that protect user data and communications from law enforcement, Mr. Rogers said, “Strong encryption is in our nation’s best interest.”

But asked if that included impenetrable encryption, he quickly interrupted, “That’s not what I said.”

Mr. Cook, appearing later, disagreed on the latter point. “I don’t know a way to protect people without encrypting,” he said. “You can’t have a backdoor that’s only for the good guys.”

Apple and federal officials have been at odds for more than a year, since Apple issued a new version of its mobile-operating system that it said safeguards user information, even from law enforcement. But the White House signaled recently that it won’t seek new laws to force tech companies to make products that allow law enforcement to eavesdrop.

Messrs. Cook and Rogers said both sides in the encryption debate need to turn down the vitriol. “Reasonable people can have discussions and figure out how to move forward,” Mr. Cook said.

On other subjects, Mr. Cook said, Apple has 15 million users on its streaming music service, including 6.5 million paying subscribers.

Apple launched Apple Music on June 30, offering every user a three-month trial period. Once the trial period ends, customers pay $9.99 a month for individual users and $14.99 for families. The first batch of customers came off the trial period at the end of September.

Mr. Cook also spoke unusually frankly about the automobile industry, although he declined to address Apple’s interest in building an electric car. The Apple CEO said he sees a “massive change” coming in the automobile industry as major technologies shift the sector away from today’s combustion-engine focus.

He said he sees software, electrification and autonomous driving technologies playing a crucial role in the cars of the future. “That industry is at an inflection point for massive change, not just evolutionary change,” he said.

The NSA may have been able to crack so much encryption thanks to a simple mistake

The NSA could have gained a significant amount of its access to the world’s encrypted communications thanks to the high-tech version of reusing passwords, according to a report from two US academics.

Computer scientists J Alex Halderman and Nadia Heninger argue that a common mistake made with a regularly used encryption protocol leaves much encrypted traffic open to eavesdropping from a well-resourced and determined attacker such as the US national security agency.

The information about the NSA leaked by Edward Snowden in the summer of 2013 revealed that the NSA broke one sort of encrypted communication, virtual private networks (VPN), by intercepting connections and passing some data to the agency’s supercomputers, which would then return the key shortly after. Until now, it was not known what those supercomputers might be doing, or how they could be returning a valid key so quickly, when attacking VPN head-on should take centuries, even with the fastest computers.

The researchers say the flaw exists in the way much encryption software applies an algorithm called Diffie-Hellman key exchange, which lets two parties efficiently communicate through encrypted channels.

A form of public key cryptography, Diffie-Hellman lets users communicate by swapping “keys” and running them through an algorithm which results in a secret key that both users know, but no-one else can guess. All the future communications between the pair are then encrypted using that secret key, and would take hundreds or thousands of years to decrypt directly.

But the researchers say an attacker may not need to target it directly. Instead, the flaw lies in the exchange at the start of the process. Each person generates a public key – which they tell to their interlocutor – and a private key, which they keep secret. But they also generate a common public key, a (very) large prime number which is agreed upon at the start of the process.

Since those prime numbers are public anyway, and since it is computationally expensive to generate new ones, many encryption systems reuse them to save effort. In fact, the researchers note, one single prime is used to encrypt two-thirds of all VPNs and a quarter of SSH servers globally, two major security protocols used by a number of businesses. A second is used to encrypt “nearly 20% of the top million HTTPS websites”.

The problem is that, while there’s no need to keep the chosen prime number secret, once a given proportion of conversations are using it as the basis of their encryption, it becomes an appealing target. And it turns out that, with enough money and time, those commonly used primes can become a weak point through which encrypted communications can be attacked.

In their paper, the two researchers, along with a further 12 co-authors, describe their process: a single, extremely computationally intensive “pre-calculation” which “cracks” the chosen prime, letting them break communications encrypted using it in a matter of minutes.

How intensive? For “shorter” primes (512 bits long, about 150 decimal digits), the precalcuation takes around a week – crippling enough that, after it was disclosed with the catchy name of “Logjam”, major browsers were changed to reject shorter primes in their entirety. But even for the gold standard of the protocol, using a 1024-bit prime, a precalculation is possible, for a price.

The researchers write that “it would cost a few hundred million dollars to build a machine, based on special purpose hardware, that would be able to crack one Diffie-Hellman prime every year.”

“Based on the evidence we have, we can’t prove for certain that NSA is doing this. However, our proposed Diffie-Hellman break fits the known technical details about their large-scale decryption capabilities better than any competing explanation.”

There are ways around the problem. Simply using a unique common prime for each connection, or even for each application, would likely reduce the reward for the year-long computation time so that it was uneconomical to do so. Similarly, switching to a newer cryptography standard (“elliptic curve cryptography”, which uses the properties of a particular type of algebraic curve instead of large prime numbers to encrypt connections) would render the attack ineffective.

But that’s unlikely to happen fast. Some occurrences of Diffie-Hellman literally hard-code the prime in, making it difficult to change overnight. As a result, “it will be many years before the problems go away, even given existing security recommendations and our new findings”.

“In the meantime, other large governments potentially can implement similar attacks, if they haven’t already.”

The next steps for the White House on encryption

THE OBAMA administration’s decision not to seek legislation requiring technology companies to give law enforcement access to encrypted communications on smartphones has a certain logic. In this age of hacking and cyberintrusion, encryption can keep most people safer. But the decision also carries risks. Encryption can give a tiny band of criminals and terrorists a safe haven. The United States must now make the most of the useful side of encryption, but without losing sight of the risks.

FBI Director James B. Comey warned last year that law enforcement might be “going dark” because technology companies, including Apple and Google, are introducing ways for users to send encrypted messages by smartphones that can be unlocked only by the users, not by the companies. Mr. Comey was alarmed this would give criminals and terrorists a place to communicate that was beyond reach even of law enforcement with a court order. Mr. Comey suggested Congress require tech companies to provide what is known as extraordinary access to encrypted information, a “lawful intercept” capability, sometimes referred to as a backdoor, or a special key for the government. We sympathized with Mr. Comey’s appeal and urged all sides to look for a compromise.

No compromise was forthcoming. The reaction to Mr. Comey’s suggestion in the technology world was a strong protest that any weakening of encryption — even a tiny bit, for a good reason — creates a vulnerability for all. The firms also made the argument that encryption can be a positive force in today’s chaotic world of cyberattacks; their customers want absolute privacy, too, for the digital lives held on the smartphones in their pockets. They also pointed out that if backdoor access is granted to the U.S. government, it will provide cover for authoritarian governments such as China and Russia to demand the same or worse.

Mr. Comey said last week that private talks with the tech companies have been “increasingly productive.” That is promising. There are methods the FBI might use to crack encryption case by case or to find the information elsewhere. The FBI and state and local law enforcement are most in need; the National Security Agency has much stronger tools for breaking encryption overseas.

Having stood up to Mr. Comey, Silicon Valley should demonstrate the same fortitude when it comes to China and Russia and absolutely refuse to allow intrusions by these and other police states. It would help, too, if President Obama articulated the principle loud and clear.

That leaves a nagging worry. The United States is a rule-of-law nation, and encryption technology is creating a space that is in some ways beyond the reach of the law. Encryption may indeed be valuable to society if it protects the majority. But what if it enables or protects the 1 percent who are engaged in criminality or terrorism? That threat has to be taken into account, and so far it remains unresolved. It will not go away.

Aadhaar encryption protects privacy, will take eons to crack

The Aadhaar system’s data collection and storage is strongly protected by sophisticated encryption processes to ensure biometric data does not leak either through private contractors running enrollment centres or at the central data servers that store the details.

The unique identity authority of India’s processes are intended to allay fears that biometric data collected by private contractors might be vulnerable to falling in unauthorized hands as the biometric detail is encrypted using the highest available public key cryptography encryption.

Even if the data is stolen or lost the encryption prevents access to the biometrics as it will require the most powerful computers literally eons to crack the code. Similarly at the central data centre, the encryption processes are repeated while storing the details, making attempts to access and use the data very difficult.

The government hopes that the lack of human interface in storing the data and procedures such as data collectors being required to authenticate every entry though their own biometric verification will help convince the Supreme Court that privacy concerns have been addressed by the UIDAI.

The UIDAI programme’s success is indicated by lack of any credible complaints or proof of misuse of data since it started the ambitious scheme almost five year ago. This is partly due to the processes that make even loss of a recording machine or copying on a flash drive a futile exercise.

The data are being collected on software-Enrollment Client (EC) Software-written, maintained and provided by the UIDAI and is encrypted to prevent leaks at the enrollment centres managed by private vendors and in transit. The private agencies on ground use the EC Software which ensures that only authentic and approved person can sign-in for the purpose of enrolling people.

The enrollment client software used by private vendors strongly encrypts individual electronic files containing demographic and biometric details (enrollment data packets) of residents at the time of enrollment and even before the data is saved in any hard disk.

The encryption uses highest available public key cryptography encryption (PKI-2048 and AES-256) with each data record having a built-in mechanism to detect any tampering.

The e-data packages are always stored on disk in PKI encrypted form and is never decrypted or modified during transit making it completely inaccessible to any system or person.

Among other security measures, UIDAI has ensured that the Aadhaar database is not linked to any other databases., or to information held in other databases and its only purpose is to verify a person’s identity at the point of receiving a service, and that too with the consent of the Aadhaar number holder.

Encrypted Smartphones Challenge Investigators

Law-enforcement officials are running up against a new hurdle in their investigations: the encrypted smartphone.

Officials say they have been unable to unlock the phones of two homicide victims in recent months, hindering their ability to learn whom those victims contacted in their final hours. Even more common, say prosecutors from New York, Boston and elsewhere, are locked phones owned by suspects, who refuse to turn over passcodes.

Manhattan District Attorney Cyrus Vance says his office had 101 iPhones that it couldn’t access as of the end of August, the latest data available.

The disclosures are the latest twist in a continuing dispute between law-enforcement officials and Apple Inc. and Google Inc., after the two tech companies released software last year that encrypted more data on new smartphones. The clash highlights the challenge of balancing the privacy of phone users with law enforcement’s ability to solve crimes.

“Law enforcement is already feeling the effects of these changes,” Hillar Moore, the district attorney in Baton Rouge, La., wrote to the Senate Judiciary Committee in July. Mr. Moore is investigating a homicide where the victim’s phone is locked. He is one of 16 prosecutors to send letters to the committee calling for back doors into encrypted devices for law enforcement.

The comments are significant because, until now, the debate over encrypted smartphones has been carried by federal officials. But local police and prosecutors handle the overwhelming share of crimes in the U.S., and district attorneys say encryption gives bad guys an edge.

Encrypted phones belonging to victims further complicate the issue, because some families want investigators to have access to the phones.

“Even if people are not terribly sympathetic to law-enforcement arguments, this situation might cause them to think differently,” said Paul Ohm, a Georgetown University Law Center professor and former prosecutor.

Last week, Federal Bureau of Investigation Director James Comey told a Senate hearing that the administration doesn’t want Congress to force companies to rewrite their encryption code. “The administration is not seeking legislation at this time,” White House National Security Council spokesman Mark Stroh said in a written statement Monday.

Some independent experts say the handful of cases that have emerged so far isn’t enough to prove that phone encryption has altered the balance between law enforcement and privacy. In many cases, they say, investigators can obtain the encrypted information elsewhere, from telephone companies, or because the data was backed up on corporate computers.

—————————————————————————————————————————————————–

‘In the past this would have been easy for us. We would have an avenue for this information, we’d get a subpoena, obtain a record, further our investigation.’

—Evanston Police Commander Joseph Dugan

—————————————————————————————————————————————————–
“It depends on what the success rate is of getting around this technology,” said Orin Kerr, a George Washington Law professor.

Apple encrypted phones by default beginning with iOS 8, the version of its mobile-operating system released last fall. The decision came amid public pressure following former national-security contractor Edward Snowden’s revelations of tech-company cooperation with government surveillance.

With iOS 8, and the newly released iOS 9, Apple says it cannot unlock a device with a passcode. That means Apple cannot provide information to the government on users’ text messages, photos, contacts and phone calls that don’t go over a telephone network. Data that isn’t backed up elsewhere is accessible only on the password-protected phone.

“We have the greatest respect for law enforcement and by following the appropriate legal process, we provide the relevant information we have available to help,” Apple wrote in a statement to The Wall Street Journal.

Apple Chief Executive Tim Cook is an advocate of encryption. “Let me be crystal clear: Weakening encryption, or taking it away, harms good people that are using it for the right reasons,” he said at a conference earlier this year.

Only some phones, such as the Nexus 6 and the Nexus 9, running Google’s Android Lollipop system are encrypted by default. Google declined to comment about the role of encryption in police investigations.

Three of the 16 district attorneys who wrote to the Senate—from Boston, Baton Rouge and Brooklyn—told the Journal they were aware of cases where encrypted phones had hindered investigations. Investigators in Manhattan and Cook County in Illinois also have cases dealing with encrypted phones. Investigators say, however, they have no way of knowing whether or not the locked phones contain valuable evidence.

Mr. Moore, of Baton Rouge, thinks there might be important information on a victim’s phone. But he can’t access it.

Brittany Mills of Baton Rouge used her iPhone 5s for everything from sending iMessages to writing a diary, and she didn’t own a computer, her mother said. Ms. Mills, a 28-year-old patient caregiver, was shot to death at her door in April when she was eight months pregnant.

Police submitted a device and account information subpoena to Apple, which responded that it couldn’t access anything from the device because it was running iOS 8.2. Mr. Moore thinks the iCloud data Apple turned over won’t be helpful because the most recent backup was in February, two months before her death. The records he obtained of her phone calls yielded nothing.

“When something as horrible as this happens to a person, there should be no roadblock in the way for law enforcement to get in there and catch the person as quickly as possible,” said Barbara Mills, Brittany Mills’s mother.

Investigators in Evanston, Ill., are equally stumped by the death of Ray C. Owens, 27. Mr. Owens was found shot to death in June with two phones police say belonged to him, an encrypted iPhone 6 and a Samsung Galaxy S6 running Android. A police spokesman said the Samsung phone is at a forensics lab, where they are trying to determine if it is encrypted.

The records that police obtained from Apple and service providers had no useful information, he added. Now the investigation is at a standstill.

“In the past this would have been easy for us,” said Evanston Police Commander Joseph Dugan. “We would have an avenue for this information, we’d get a subpoena, obtain a record, further our investigation.”

Barbara Mills is committed to making sure more families don’t have to see cases go unsolved because of phone encryption. “Any time you have a situation of this magnitude, if you can’t depend on law enforcement, who can you depend on?”