The last person San Diego should trust with their computers and smartphones is District Attorney Bonnie Dumanis.

Last week, Dumanis joined district attorneys in Los Angeles and Manhattan in supporting a fundamentally flawed Senate proposal they’re trying to brand as the National Technology Bill. If anything, the legislation sponsored by Sens. Richard M. Burr and Dianne Feinstein is an anti-technology bill, since it would require tech companies to weaken the security of their products and break encryption meant to protect their customers.

Dumanis and her colleagues argue that this bill would assist law enforcement, but they fail to mention the cost: the safety of all Americans’ data.

One needs only look at Dumanis’ track record on technology to understand that the district attorney is not credible on this issue.

In 2012, Dumanis spent $25,000 in public money on 5,000 copies of a piece of “parental monitoring” software called ComputerCop. This CD-ROM, which was distributed to families throughout the county for free, included a video from Dumanis promoting the program as the “first step” in protecting your children online.

This first step, however, involved parents installing keylogger software on their home computers. This type of technology is a favorite tool of malicious hackers, since it captures everything a user types, including personal information such as passwords and credit card numbers. Not only did ComputerCop store keylogs in an unencrypted file on the person’s computer, but it also transmitted some of that information over unsecured connections to a mysterious third-party server. If your child was sitting at a coffee shop, connecting a laptop with ComputerCop to an open Wi-Fi network, any two-bit hacker, identity thief or cyber-bully could snatch what your child typed right out of the air.


Support Independent Journalism Today

In other words, Dumanis was promoting software that installed faulty backdoors into home computers. The software did the opposite of its intent: Rather than protecting families, it actually made families less safe.

When this was revealed in 2014, Dumanis acknowledged the problem and issued a warning to families not to use that function and to uninstall it immediately.

In many ways, the ComputerCop debacle mirrors the current debate over the Burr-Feinstein anti-technology bill. Dumanis and her cohorts want Congress to force tech companies to create backdoors into your computers and devices or to simply remove basic security protections on the devices and software we all use every day.

Computer scientists and security researchers around the country have slammed the proposals, asserting that there is no way whatsoever to create a backdoor that can’t be exploited by malicious hackers or even foreign governments.

Dumanis’ support for Burr-Feinstein is tone-deaf to the concerns of the tech community, which has fought hard to restore its credibility in the wake of the NSA spying scandal. One way tech companies have tried to be responsive to the security concerns of users is by adding strong encryption to their technology so that even their technicians can’t access it. These companies – including Apple, Whatsapp and others – recognize that whenever possible, sensitive data should be controlled by the user and the user alone.

In addition, many of these pro-user tech companies believe that requiring this kind of access is not only costly but a violation of the First Amendment protected right to write and distribute software. This bill would undoubtedly hamstring the region’s innovation economy.

Dumanis does not seem to recognize the importance of encryption, which makes all our online communications and business transactions safe. The district attorney’s website fails to use HTTPS, the protocol that has become the industry standard for secure browsing online. This means that residents, including crime victims, whistleblowers and witnesses, cannot visit her site with confidence that their browsing won’t be intercepted or manipulated by third parties.

Dumanis’ support for the Burr-Feinstein anti-technology bill runs counter to her duty to the safety of her constituents. We shouldn’t have to wait years after its adoption for her to realize and publicly announce that she was, once again, dead wrong on digital security.

Dave Maass is an investigative researcher at the Electronic Frontier Foundation, a San Francisco-based nonprofit that defends civil liberties at the crossroads of technology and the law. Previously, Maass was a staff writer for San Diego CityBeat. Maass’ commentary has been edited for style and clarity. See anything in there we should fact check? Tell us what to check out here.

    This article relates to: Bonnie Dumanis, Opinion

    Written by Opinion

    Op-eds and Letters to the Editor on the issues that matter in San Diego. Have something to say? Submit a commentary.

    7 comments
    Richard del Rio
    Richard del Rio subscriber

    While sympathetic to the competitive dimensions of the technology companies' position, I do think the law enforcement position has merit too. The author seems to think that a court ordered warrant consistent with the Fourth Amendment is an invasion of privacy rights. That the companies have the ability to encrypt, does not mean that the societal costs of such technology do not weigh in the legal and moral equation. Constitutional law provides for few absolute rights. Are we truly prepared to say that suspected murderers, rapists, terrorists etc...have the right to conceal the evidence of their crimes in all cases? I am not a fan of Bonnie Dumanis yet I can't categorically dismiss the public safety arguments. 

    Ben Adams
    Ben Adams

    Dumanis imprisoned a man because of his song lyrics.  She is a horrible person and wrong about everything.

    Darren Chaker
    Darren Chaker

    By Darren Chaker, http://darrenchaker.us, I typically post on TOR and give talks about cyber security, but could not resist to comment : Here's the plan folks: when USA manufactured encryption is weakened, simply buy Russian, or any of the "546 encryption products from outside the US" per encryption guru Bruce Schneier. See, https://www.schneier.com/.../2016/02/worldwide_encry.html Besides the hype, the fact is the bill will never pass, but good to keep your options in mind!


    On this note, and in honor of those who want to attack our privacy,  I would suggest:


    1. Use a PIN, at least 6 digits for our phone and turn on encryption; do NOT use finger print to get in your phone as you can be forced to swipe your finger (mixed cases say yes and no, currently before the Ninth Circuit).

    2. Encrypt your computer's hard drive - BitLocker is good for Windows (Windows 10 Pro comes with it - do NOT save back up pass-phrase to Outlook email as it provided this option - and do not write it down), BestCrypt is one of my favorites. Apple computers and tablets (as well as Android tablets) come with encryption, so turn it on. Once encrypted, the hard drive is a useless brick - just be sure your pass-phrase (aka password) is complex.

    3. Use a history wiping utility - CCleaner is free and a good product for the typical person to wipe internet history, delete digital tracks, and wipe hard drive at least once a week; CyberScrub or East-Tec do the same, but with additional options, and are cheap ($20-60 range).

    4. Encrypt (WPA2) your WiFi connection with a password (do not use the factory PW); if you want ultra security, get a secure router, I use Sophos.

    5. When using free WiFi, use a Virtual Private Network (VPN) - this secures your info when away from home, and prevents the coffee shop selling your browsing data to third parties - remember - if it's free - YOU are the product. It also prevents someone with technical know how from viewing your internet activities; and 

    6. Go into your Google settings, and pause all search history, YouTube viewing history, location history, etc. While at it, delete the history too. If you like everything you do to be archived and available, that's cool too. You decide your privacy fate. 


    The above is the tip of privacy iceberg. It's not everything one needs to do, but it is a lot more than most do. Keep in mind, doing the above helps protect the common folks, to the corporate executive whose computer is taken by a foreign company who wants to salvage corporate secrets from it. 


    Dean Cunliffe
    Dean Cunliffe

    I take it that the constitution no longer applies, and we've been stripped of our rights..

    4th amendment?

    Chris OHara
    Chris OHara

    The ignorance on display here would be hilarious if it wasn't so dangerous.

    These are the clowns people trust to keep them safe?

    All the encryption bill would accomplish is end Internet banking and Commerce as we know it.

    It would Force communication app developers to move outside US jurisdiction or close shop.

    This is an absolutist argument, there are no comprises to encryption, you're either secure or you're not.

    If the Government attempts to ban math, there are a Dozen end to end encryption apps outside of US jurisdiction on the Internet now. At the pace in which government moves there will be 100's by the time they could ban math in America.

    mwkingsandiego
    mwkingsandiego subscriber

    Ms Dumanis may be a fine lawyer, but how is it that we trust her and Sen. Feinstein to make technology decisions for us, rather than someone with credibility in the field? If I, an experienced engineer, told Ms D how to prosecute, I doubt she would listen to me...


    And have Ms D & Ms F not realized that if those mythical backdoors are created, then their private work and personal information be cracked by whoever is interested. Do yo think Ms Dumanis and her staff ever send emails or texts or makes cell calls regarding investigation? Wouldn't a criminal element love to know what she says? Or maybe those elements already do, since CURRENT technology isn't as secure as it could be.


    If you care about this, even a little, urge your legislators to vote NO on any such bills, and look into using WhatsApp for you private phone and texts. BTW, you know email is insecure by design, right?

    Desde la Logan
    Desde la Logan subscriber

    I wouldn't trust Da Bonnie with anything. Let alone access to my iPhone.