Encryption

Justice Department Calls for 'Responsible' Encryption, Which Means 'Bad' Encryption

What Rosenstein wants would threaten data security. That's hardly responsible.

|

Encryption key
Zimmytws / Dreamstime

When the government demands "back doors" that bypass computer and phone encryption, it's calling for measures that weaken citizens' privacy rights and render us vulnerable to hackers. So Deputy Attorney General Rod Rosenstein is trying to reword the demand.

In a recent speech at the United States Naval Academy in Annapolis, Maryland, Rosenstein called for "responsible encryption." If you were expecting a new understanding of the importance of secure data privacy, prepare to be disappointed:

Responsible encryption is achievable. Responsible encryption can involve effective, secure encryption that allows access only with judicial authorization. Such encryption already exists. Examples include the central management of security keys and operating system updates; the scanning of content, like your e-mails, for advertising purposes; the simulcast of messages to multiple destinations at once; and key recovery when a user forgets the password to decrypt a laptop.

No one calls any of those functions a "back door." In fact, those capabilities are marketed and sought out by many users.

It's not true that "no one" calls such functions a "back door." These are all mechanisms by which encryption is bypassed in order to access data. In fact, hackers used his first example in 2016 to demonstrate exactly the danger of encryption back doors. They got their hands on Microsoft's internal security keys for system updates and demonstrated the vulnerability it created, all for the purpose of warning the federal government of what could happen if the "keys" escaped control.

In reality, Rosenstein is simply stubbornly demanding the same things the Justice Department, like its counterparts in some other governments, has been demanding all along: for tech companies to find ways to compromise customers' data privacy whenever the government demands their data. And like every government leader who has made this demand, he stubbornly refuses to care that the consequences will render Americans more susceptible to hacking.

Remarkably, his same speech discusses ransomware threats that struck hospitals and others back in May without mentioning that this attack (he doesn't even say its name: WannaCry) was the direct result of the National Security Agency losing control of exploits it had stored to infiltrate online security. It was a prime example of the dangers of giving the government the tools to bypass in encryption.

Rosenstein concludes his speech by insisting that Americans have no constitutional "right" to "warrant-proof encryption" and that businesses have no "right" to sell it. He gets the concept of citizen rights and government powers backwards. The Fourth Amendment grants the government the power to use warrants to access your private communications or data with cause; it has nothing to say about the limits of our abilities to keep our papers and communications secret. Warrants don't guarantee that the police or investigators will actually succeed. Do we have a constitutional "right" to a "warrant-proof" paper shredder? It's an absurd way to talk about the problem. Could the Justice Department demand that companies that manufacture paper shredders help the government put documents back together if they had a warrant for the contents of shredded documents? Could the Justice Department demand that fireplaces unburn important papers that were the target of a warrant? That toilets unflush any drugs that get dumped in them?

Such absurd demands are essentially arguments against physics and chemistry. In this case, as Robyn Greene points out at Just Security, Rosenstein is blaming math:

First, it is not true that we are newly experiencing the "advent of 'warrant-proof' encryption." Encryption was not recently invented or discovered, as Rosenstein suggests. Ciphers have been used to secure sensitive communications or information for millennia, including by our founding fathers. The use of full-disc and end-to-end encryption has certainly increased with the advent of the Internet and the adoption of digital and connected devices, and companies have increasingly started providing encryption as a default setting and in a manner where they don't maintain access to the key. However, unbreakable encryption is nothing new.

Further, the concept of "warrant-proof encryption" is a myth, a made-up term that the Department of Justice and the FBI use to describe a situation in which strong encryption poses an obstacle to an investigation. The reality is that encryption is just math—a set of very complex equations—and when encryption is developed, the only concern is making sure that the math is right. Because those equations are so complex, law enforcement often can identify and exploit vulnerabilities in the code to access the contents of a particular device, as it did with the San Bernardino shooter's iPhone. But if it can't, it's not because the encryption is "warrant-proof," it's just because the math is right. In other words, if the code was deliberately breakable, or warrant-friendly, to make-up another term, it wouldn't do what encryption is meant to do—keep data highly secure—it would leave it vulnerable to exploitation.

As we saw with Australia's prime minister, the fact that encryption is just math cannot penetrate the skulls of officials who just simply want access to as much information as possible and do not care about the consequences.

Bonus link: The Russian government is fining the messaging app Telegram for refusing to hand over its encryption keys and give the government access to people's correspondences. We're supposed to be concerned about Russian hacking, right?

Advertisement

NEXT: North Korea Threatens Nuclear War 'At Any Moment' As U.S.-South Korea Run Joint Military Drill

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Shut the fuck up, Rod Rosenstein. Or as John called him this morning, Rob Reinstein.

    1. How about Meathead

      1. I Make up to $90 an hour working from my home. My story is that I quit working at Walmart to work online and with a little effort I easily bring in around $70h to $86h.. Go this site and start your work..

        Good luck….. http://www.webcash20.com

  2. It’s not a sin to admit you don’t know something.

    1. Of course not, but it might cost you a comfy government sinecure.

      1. It would be refreshing to have a politician willing to say they don’t know enough on a topic to comment. Unfortunately, in many cases this would lead to them being castigated as stupid and unfit.

        1. *cough* Gary Johnson *cough*

  3. I’ll give you a backdoor asshole

    1. Isn’t “backdoor asshole” redundant?

      1. “The men don’t know; but the little girls understand.”

      2. Sure but it’s fun to say

  4. “”The Russian government is fining the messaging app Telegram for refusing to hand over its encryption keys and give the government access to people’s correspondences. We’re supposed to be concerned about Russian hacking, right?””

    It’s not ‘hacking’ when you have the keys.

    N_J

    1. Hacking is only what bad people do. The government is here to help.

  5. “Examples include the central management of security keys and operating system updates; the scanning of content, like your e-mails, for advertising purposes; the simulcast of messages to multiple destinations at once; and key recovery when a user forgets the password to decrypt a laptop.”

    “Oh, and my Ashley Madison account.”

  6. “the fact that encryption is just math cannot penetrate the skulls of officials”

    Are you implying something about the thickness of our officials’ skulls, Mr. Shackford? Think carefully on your answer. {levels C-96}

    1. REASON MAKES UNFOUNDED CLAIMS ABOUT SKULL THICKNESS. BROADCASTING LICENSE PULLED

      1. “Broadcasting license pulled”. That’s one euphemism for it.

  7. There’s no way they can prevent people from using encryption.

    They can make it a pain in the ass for normal people.

    You might as well demand that terrorists start speaking English only. Good luck.

    This is all about violating the privacy of normal people who won’t go through the trouble until it’s too late.

  8. What a class A shithead.

  9. “responsible encryption.” same thing as “reasonable gun control”, right?

    impossible and unconstitutional

    1. To talk about “responsible encryption” is to talk about “responsible mathematics”, which is label oneself right out of the box as a blithering shitgibbon asshat.

      Might as well try to regulate chemistry or physics.

      Jesus H. Christ on a pogo stick, what these fuckwits think they can be in charge of. Every day I think it’s impossible to be any more disappointed in my government than I am already, and every day, tomorrow comes.

  10. Rosenstein concludes his speech by insisting that Americans have no constitutional “right” to “warrant-proof encryption” and that businesses have no “right” to sell it.

    The asshole never read the first amendment, obviously.

    -jcr

    1. Or the 10th. The government’s powers are enumerated, even if they are contorted beyond their text. The rights of the people are inalienable, inherant in our humanity and not limited to those the document protects expressly.

      This “conversation” by security types extends far beyond encription. Hypotheticals in this arena range from legal justification of total servalance to the court ordered delving of an individuals thoughts and memories.
      They are trying to get out in front of technology for once.
      God help us.

  11. If I use paper, pen and a mathematical algorithm to encrypt my notes, it is completely legal and not subject to any forced decryption orders. Even with a warrant, the government can only seize the physical form, but not the information contents.

    I see no reason whatsoever why using electronics should suddenly change this legal landscape.

    1. Knowing the current state of jurisprudence WRT passwords, they could probably still hold you in contempt

Please to post comments

Comments are closed.