The Justice Department’s Deputy Attorney General Rod Rosenstein is calling on Silicon Valley to provide a avenue for law enforcement to access encrypted digital evidence that is stored and transferred by private technology companies.
Rosenstein described this avenue as “responsible encryption.” He vaguely defined it as encryption that is able to “protect privacy and promote security without forfeiting access for legitimate law enforcement needs supported by judicial approval.”
Privacy and security advocates say that making such a compromise would effectively weaken encryption technology writ large because it would require creating an inherent vulnerability in the process. Rosenstein, like his predecessors, believes this arrangement wouldn’t have a negative consequence on cybersecurity significant enough to warrant a different strategy.
“When encryption is designed with no means of lawful access, it allows terrorists, drug dealers, child molesters, fraudsters, and other criminals to hide incriminating evidence,” Rosenstein said. “Mass-market products and services incorporating warrant-proof encryption are now the norm.”
While leading FBI and Justice Department officials have rallied for a “solution” to encryption for the better part of two decades, the advent and widespread adoption of end-to-end, so-called “warrant-proof encryption” is putting increased pressure on the FBI to form relations with the technology sector in order to gather private information relevant to criminal cases.
Warrant-proof encryption can be understood as technology that creates “encrypted communications that cannot be intercepted and locked devices that cannot be opened,” said Rosenstein. This description is linked to Apple, who last year told the Justice Department they could not conceivably open a locked device belonging to a terrorist for law enforcement access.
In a statement sent to CyberScoop, Oregon Senator Ron Wyden described Rostenstein’s comments as unproductive.
“Despite [Rosenstein’s] attempts at rebranding, a government backdoor by another name will still make it easier for criminals, predators and foreign hackers to break into our phones and computers,” Wyden said. “The Department of Justice should be using their bully pulpit to promote the adoption of strong encryption and other defensive cybersecurity technologies, not demonizing companies who are attempting to protect their customers’ private data and compete on cybersecurity.”
Rosenstein’s opinion mirrors that of prior FBI Director James Comey with the exception that his speech Tuesday appeared to be more pointed and aggressive towards private enterprise. He specifically criticized American technology firms that are reportedly willing to cooperate with foreign governments, but not the Trump administration.
“American technology providers sell products and services in foreign markets where the governments have questionable human rights records and enforce laws affording them access to customer data, without American due process or legal protections,” Rosenstein said. “Surely those same companies and their engineers could help American law enforcement officers enforce court orders issued by American judges, pursuant to American rule of law principles.”
The prior approach by the DOJ and FBI to individually negotiate access to data — where possible — is similarly not suitable for law enforcement to effectively gather evidence, said Rosenstein.
“The approach taken in the recent past — negotiating with technology companies and hoping that they eventually will assist law enforcement out of a sense of civic duty — is unlikely to work,” he explained.
“Technology companies operate in a highly competitive environment. Even companies that really want to help must consider the consequences,” Rosenstein continued. “The makers of smart phones previously kept the ability to access some data on phones, when ordered by a court to do so. Now they engineer away even that capability.”