A high-ranking Department of Justice official took aim at encryption of consumer products today, saying that encryption creates “law-free zones” and should be scaled back by Apple and other tech companies. Instead of encryption that can’t be broken, tech companies should implement “responsible encryption” that allows law enforcement to access data, he said.
“Warrant-proof encryption defeats the constitutional balance by elevating privacy above public safety,” Deputy Attorney General Rod Rosenstein said in a speech at the US Naval Academy today (transcript). “Encrypted communications that cannot be intercepted and locked devices that cannot be opened are law-free zones that permit criminals and terrorists to operate without detection by police and without accountability by judges and juries.”
Rosenstein was nominated by President Donald Trump to be the DOJ’s second-highest-ranking official, after Attorney General Jeff Sessions. He was confirmed by the Senate in April.
Rosenstein’s speech makes several references to Apple, continuing a battle over encryption between Apple and the US government that goes back to the Obama administration. Last year, Apple refused to help the government unlock and decrypt the San Bernardino gunman’s iPhone, but the FBI ended up paying hackers fora vulnerabilitythat it used to access data on the device.
“Fortunately, the government was able to access data on that iPhone without Apple’s assistance,” Rosenstein said. “But the problem persists. Today, thousands of seized devices sit in storage, impervious to search warrants.”
“If companies are permitted to create law-free zones for their customers, citizens should understand the consequences,” he also said. “When police cannot access evidence, crime cannot be solved. Criminals cannot be stopped and punished.”
We asked Apple for a response to Rosenstein’s speech and will update this story if we get one.
Separately, state lawmakers in New York and California have proposed legislationto prohibit the sale of smartphones with unbreakable encryption.
Despite his goal of giving law enforcement access to encrypted data on consumer products, Rosenstein acknowledged the importance of encryption to the security of computer users. He said that “encryption is a foundational element of data security and authentication,” that “it is essential to the growth and flourishing of the digital economy,” and that “we in law enforcement have no desire to undermine it.”
But Rosenstein complained that “mass-market products and services incorporating warrant-proof encryption are now the norm,” that instant-messaging service encryption cannot be broken by police, and that smartphone makers have “engineer[ed] away” the ability to give police access to data.
Apple CEO Tim Cook has argued in the past that the intentional inclusion of vulnerabilities in consumer products wouldn’t just help law enforcement solve crimesit would also help criminals hack everyday people who rely on encryption to ensure their digital safety.
Rosenstein claimed that this problem can be solved with “responsible encryption.” He said:
Responsible encryption is achievable. Responsible encryption can involve effective, secure encryption that allows access only with judicial authorization. Such encryption already exists. Examples include the central management of security keys and operating system updates; the scanning of content, like your e-mails, for advertising purposes; the simulcast of messages to multiple destinations at once; and key recovery when a user forgets the password to decrypt a laptop.
No one calls any of those functions a “back door.” In fact, those capabilities are marketed and sought out by many users.
It’s not clear exactly how Rosenstein would implement his desired responsible encryption.
Rosenstein’s”key recovery when a user forgets the password to decrypt a laptop” reference seems to refer to Apple and Microsoft providing the ability to store recovery keys in the cloud. But users who encrypt Mac or Windows laptops aren’t required to do thisthey can store the keys locally only if they prefer. To guarantee law enforcement access in this scenario, people who encrypt laptops would have to be forced to store their keys in the cloud. Alternatively, Apple and Microsoft would have to change the way their disk encryption systems work, overriding the consumer’s preference to have an encrypted system that cannot be accessed by anyone else.
Rosenstein gave some further insight into how “responsible encryption” might work in this section of his speech:
We know from experience that the largest companies have the resources to do what is necessary to promote cybersecurity while protecting public safety. A major hardware provider, for example, reportedly maintains private keys that it can use to sign software updates for each of its devices. That would present a huge potential security problem, if those keys were to leak. But they do not leak, because the company knows how to protect what is important. Companies can protect their ability to respond to lawful court orders with equal diligence.
Of course, there are many examples of companies leaking sensitive data due to errors or serious vulnerabilities. The knowledge that errors will happen at some point explains why technology companies take so many precautions to protect customer data. Maintaining a special system that lets third parties access data that would otherwise only be accessible by its owner increases the risk that sensitive data will get into the wrong hands.
Rosenstein claimed that “responsible encryption can protect privacy and promote security without forfeiting access for legitimate law enforcement needs supported by judicial approval.” But he doubts that tech companies will do so unless forced to:
Technology companies almost certainly will not develop responsible encryption if left to their own devices. Competition will fuel a mindset that leads them to produce products that are more and more impregnable. That will give criminals and terrorists more opportunities to cause harm with impunity.
“Allow me to conclude with this thought,” Rosenstein said just before wrapping up his speech. “There is no constitutional right to sell warrant-proof encryption. If our society chooses to let businesses sell technologies that shield evidence even from court orders, it should be a fully-informed decision.”
Go here to see the original:
Trumps DOJ tries to rebrand weakened encryption as responsible …
- Which Types of Encryption are Most Secure? - February 7th, 2019
- JSON Object Signing and Encryption (JOSE) - February 4th, 2019
- What Is Encryption, and How Does It Work? - January 26th, 2019
- The Pitfalls of Facebook Merging Messenger, Instagram, and ... - January 26th, 2019
- Encryption: Avoiding the Pitfalls That Can Lead to Breaches - January 14th, 2019
- Encryption | Information Technology Services - December 31st, 2018
- Encryption - Investopedia - December 16th, 2018
- How to Protect Data at Rest with Amazon EC2 Instance Store ... - December 9th, 2018
- Next Generation Encryption - blogs.cisco.com - December 4th, 2018
- 3 Different Data Encryption Methods - DataShield blog - November 22nd, 2018
- Security and encryption | Documentation | Turtl - November 18th, 2018
- Encryption | General Data Protection Regulation (GDPR) - November 16th, 2018
- Using Encryption and Authentication Correctly (for PHP ... - November 13th, 2018
- Encryption | SANS Security Awareness - November 9th, 2018
- Types of Encryption | Office of Information Technology - November 5th, 2018
- Use Your own Encryption Keys with S3s Server-Side ... - October 29th, 2018
- What is Tokenization vs Encryption - Benefits & Uses Cases ... - October 12th, 2018
- Device Encryption | it.ucsf.edu - October 12th, 2018
- 5 Common Encryption Algorithms and the Unbreakables of the Future - September 15th, 2018
- Top 5 best encryption software tools of 2018 | TechRadar - August 26th, 2018
- New EBS Encryption for Additional Data Protection | AWS ... - August 22nd, 2018
- Best Encryption Software 2018 - Encrypt Files on Windows PCs - August 20th, 2018
- Download BestCrypt Volume Encryption 3.78.05 / 4.01.09 Beta - July 26th, 2018
- End-to-end encryption - Wikipedia - July 24th, 2018
- Download Symantec Encryption Desktop 10.4.0 Build 1100 - July 15th, 2018
- HTTPS - Wikipedia - July 10th, 2018
- AES encryption - June 20th, 2018
- Encrypt email messages - Outlook - June 20th, 2018
- Download Sophos Free Encryption 184.108.40.206 - softpedia.com - June 19th, 2018
- Does Skype use encryption? | Skype Support - June 16th, 2018
- Encryption- Computer & Information Security - Information ... - May 25th, 2018
- Enable BitLocker on USB Flash Drives to Protect Data - May 25th, 2018
- Transparent Data Encryption (TDE) - msdn.microsoft.com - April 12th, 2018
- Encryption Software Market - Global Forecast to 2022 - March 24th, 2018
- What AES Encryption Is And How It's Used To Secure File Transfers - March 24th, 2018
- Encryption vs. Cryptography - What is the Difference? - March 24th, 2018
- Energy-efficient encryption for the internet of things | MIT News - February 16th, 2018
- The Best Encryption Software - TopTenReviews - February 16th, 2018
- File-Based Encryption | Android Open Source Project - February 7th, 2018
- Beyond Encryption | Secure Enterprise email using existing ... - February 1st, 2018
- Azure Search enterprise security: Data encryption and user ... - January 26th, 2018
- Skype finally getting end-to-end encryption | Ars Technica - January 13th, 2018
- FBI chief says phone encryption is a 'major public safety issue' - January 13th, 2018
- Encryption and Export Administration Regulations (EAR) - December 27th, 2017
- Key (cryptography) - Wikipedia - December 21st, 2017
- security - Fundamental difference between Hashing and ... - December 15th, 2017
- What Is Encryption? | Surveillance Self-Defense - December 4th, 2017
- Comodo Disk Encryption Download - softpedia.com - December 1st, 2017
- Encryption - Simple English Wikipedia, the free encyclopedia - November 24th, 2017
- BitLocker Drive Encryption Overview - technet.microsoft.com - November 23rd, 2017
- The Encrypting File System - technet.microsoft.com - November 18th, 2017
- FBI cant break the encryption on Texas shooters smartphone - November 13th, 2017
- DOJ: Strong encryption that we dont have access to is ... - November 13th, 2017
- DOJ Fires Up New War With Apple Over Encryption - November 12th, 2017
- Security Awareness - Encryption | Office of Information ... - October 15th, 2017
- Data Encryption and Decryption (Windows) - October 14th, 2017
- How to encrypt (almost) anything | PCWorld - September 22nd, 2017
- Private Internet Access | VPN Encryption - September 21st, 2017
- Encryption Substitutes | Privacy | Encryption - September 21st, 2017
- Data Encryption: Hardware & Software Security: Online ... - September 21st, 2017
- How To Enable BitLocker Drive Encryption In Windows 10? - September 21st, 2017
- PGP Encryption Tool - iGolder - September 21st, 2017
- encryption - How to encrypt String in Java - Stack Overflow - September 21st, 2017
- Encryption Software Market, Size, Trends and Forecast 2020 - September 21st, 2017
- Encryption Definition - Tech Terms - September 20th, 2017
- Why You Should Be Encrypting Your Devices and How to Easily Do It - Gizmodo - September 6th, 2017
- Black Hats, White Hats, and Hard Hats The Need for Encryption in Mining and Resources - Australian Mining - September 6th, 2017
- How can enterprises secure encrypted traffic from cloud applications? - TechTarget - September 6th, 2017
- Encryption Explained - Arizona Daily Wildcat - September 6th, 2017
- News in brief: Call to link encryption to ID; Facebook maps everyone ... - Naked Security - September 2nd, 2017
- 'Independent' gov law reviewer wants users preemptively identified before they're 'allowed' to use encryption - The Register - September 2nd, 2017
- High-Dimensional Quantum Encryption Performed in Real-World ... - Futurism - September 2nd, 2017
- It's Time to Replace Your Encryption-Key Spreadsheet - Data Center Knowledge - September 2nd, 2017
- Legislation to limit smartphone encryption 'may be necessary,' deputy AG Rosenstein says - Washington Times - August 31st, 2017
- Cloud Encryption Market by Component, Service Model, Organization Size, Vertical And Region - Global Forecast to ... - Markets Insider - August 31st, 2017
- Cipher Suites: Ciphers, Algorithms and Negotiating Security Settings - Hashed Out by The SSL Store (registration) (blog) - August 31st, 2017
- Encryption in Office 365 - Office 365 - August 29th, 2017
- Need-to-Know Only: Use Encryption to Make Data Meaningless to ... - Security Intelligence (blog) - August 29th, 2017
- Four strategies to prevent data encryption from hijacking your network - Digital News Asia - August 29th, 2017
- Amber Rudd is wrong - real people do want end-to-end encryption - ITProPortal - August 29th, 2017