DOJ's Rosenstein Again Hammers Warrant-Proof Encryption

Cites thousands of phones law enforcement can't access

Warning of digital torpedoes abetted by warrant-proof encryption that threaten the rule of law, Deputy Attorney General Rod Rosenstein told cadets in a speech at the Naval Academy in Annapolis that new tech is a threat if it prevents law enforcement from accessing evidence of crimes.

The Administration is clearly stumping hard for greater access to electronic communications and an end to tech "lock boxes" made possible by encryption.

"Sometimes we face real torpedoes," Rosenstein told the cadets, "and sometimes, in the cyber world, we face virtual torpedoes. Whatever the challenges ahead, we are duty-bound to sustain our timeless rule of law values in an era of disruptive technological change."

Rosenstein took a similar message to a Cambridge Cyber Summit last week.

In his speech at Annapolis Tuesday (Oct. 10), according to a copy of his remarks supplied by Justice, Rosenstein said that it was essential for law enforcement to be able to collect evidence, but that in a digital world, "the tools we use to collect evidence run up against technology that is designed to defeat them.

The privacy vs. security debate between Silicon Valley and D.C. is a long and contentious one, with the most high-profile recent flashpoint being the FBI's attempt in 2016 to force Apple to create a software backdoor so it could access information in the cell phone of one of the San Bernardino shooters.

While he said private entities are crucial partners in the fights against cyber threats, he suggested they can be impediments as well. "[D]igital infrastructure is not always constructed with adequate regard for public safety, cybersecurity, and consumer privacy," he said. He pointed to tech outstripping the ability for laws to keep up with it, posing a new dangers created by those innovations.

That includes child sex trafficking on the dark web, another hot-button issue in Washington. He also cited U.S. communications providers storing content overseas and criticized "some domestic technology providers" who "do not design their systems to facilitate responses to court orders" or "do not adequately staff their legal compliance departments."

He called warrant-proof encryption a big problem. "[T]here has never been a right to absolute privacy. Courts weigh privacy against other values, including the need to solve and prevent crimes. Under the Fourth Amendment, communications may be intercepted and locked devices may be opened if they are used to commit crimes, provided that the government demonstrates showing of probable cause," he said.

Rosenstein referred to the Apple case and how it had thwarted government efforts to access an iPhone used "by a terrorist who shot and killed 14 people."

He said that while the government was eventually able to get the data without Apple's help, the clear message was that Apple should not have rejected the government’s request for access.

Thousands of seized devices sit in storage, he said, unable to be accessed due to encryption, with the FBI unable to access even the 750 for which warrants gave them the authority to do so.

Rosenstein also opined over the government's inability to access content of instant messages, yet another flashpoint in the tension between protecting privacy and combatting crime.

"Encrypted communications and devices pose the greatest threat to public safety when they are part of mass-market consumer devices and services that enable warrant-proof encryption by default," he said.

Hoping tech companies will do the right thing is not a plan, he signaled.

"The approach taken in the recent past — negotiating with technology companies and hoping that they eventually will assist law enforcement out of a sense of civic duty — is unlikely to work. Technology companies operate in a highly competitive environment. Even companies that really want to help must consider the consequences. Competitors will always try to attract customers by promising stronger encryption. That explains why the government’s efforts to engage with technology giants on encryption generally do not bear fruit. Company leaders may be willing to meet, but often they respond by criticizing the government and promising stronger encryption. Of course they do. They are in the business of selling products and making money. We use a different measure of success. We are in the business of preventing crime and saving lives.

"Technology providers are working to build a world with armies of drones and fleets of driverless cars, a future of artificial intelligence and augmented reality," he said. "Surely such companies could design consumer products that provide data security while permitting lawful access with court approval."

(Photo via Jeroen Bennink's Flickr. Image taken on Feb. 6, 2017 and used per Creative Commons 2.0 license. The photo was cropped to fit 16x9 aspect ratio.)