The DOJ Wants Weak Encryption on Devices, A Clueless Perspective
The Department of Justice has been on a mission to weaken encryption so it’s easier for officials, when needed, to break into devices.
Deputy Attorney General Rod Rosenstein has made it clear that the DOJ will only be applying more pressure on technology companies. On Tuesday, he made a speech at the U.S. Naval Academy, where he called for “warrant-proof encryption” again.
“A requirement to implement a solution could be applied thoughtfully, in the places where it is needed most,” said Rosenstein. “Encrypted communications and devices pose the greatest threat to public safety when they are part of mass-market consumer devices and services that enable warrant-proof encryption by default.”
The DOJ and technology companies, especially Apple disagree on this issue.
As does the PunchingBag Post. First, weak encryption guarantees widespread invasion of privacy by government and the black hat community. Yes – “guarantees” is the right word. Second, having the police tell private citizens they need guaranteed access to any device is a perversion of society. In
First, weak encryption guarantees widespread invasion of privacy by government and the black hat community. Yes – “guarantees” is the right word. Second, having the police tell private citizens they need guaranteed access to any device is a perversion of society. In America the police do NOT dictate the behavior of private citizens and innocent citizens are NOT required to submit to search or make available their private business to the government.
Rodenstein’s philosophies go directly against the fourth amendment. The founding fathers would see this as potential for government repression of its citizens. Information is power. Power corrupts.
Rodenstein’s proposed strategy is also exceeding naive. The rest of the world will not willingly allow the U.S. government to access their data. An underground market of advanced encryption packages will quickly emerge, and, of course, Apple and other manufacturers will always be suspected of collusion with U.S. intelligence services (which of course would be correct).
The Justice Department wants potential evidence to be more accessible. The department isn’t explicitly asking companies like Apple to break a phone’s encryption at the request of a government agency.
Instead, the DOJ wants the company to disable a feature on the iPhone that limits the number of wrong passwords that can be entered before the information on the phone is automatically destroyed. This function is in place to protect iPhone owners.
“In recent years, new methods of electronic communication have transformed our society, most visibly by enabling ubiquitous digital communications and facilitating broad e-commerce. As such, it is important for our global economy and our national security to have strong encryption standards,” said James Comey when he was the FBI Director. “The benefits of our increasingly digital lives, however, have been accompanied by new dangers, and we have been forced to consider how criminals and terrorists might use advances in technology to their advantage. We are seeing more and more cases where we believe significant evidence resides on a phone, a tablet, or a laptop—evidence that may be the difference between an offender being convicted or acquitted.”
Last year, Apple refused to help the government unlock and decrypt the San Bernardino gunman’s iPhone. The FBI ultimately hired hackers to access the phone’s data, but officials remain bitter about Apple’s decision to stay out of it.
“Fortunately, the government was able to access data on that iPhone without Apple’s assistance. But the problem persists. Today, thousands of seized devices sit in storage, impervious to search warrants,” sad Rosenstein. “If companies are permitted to create law-free zones for their customers, citizens should understand the consequences. When police cannot access evidence, crime cannot be solved. Criminals cannot be stopped and punished.”
The DOJ continues to urge technology companies to find a solution to this encryption problem. However, Apple argues that weakening encryption will have a devastating impact on the privacy of its customers.
Tim Cook, Apple’s CEO argues that making devices more vulnerable won’t help agencies solve crimes, instead it would make it easier for criminals to hack devices.
“The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers–including tens of millions of American citizens–from sophisticated hackers and cybercriminals,” said Cook in response to the backlash from the government about the Bernardino gunman case. “The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.”
But Rosenstein believes that “responsible encryption” is obtainable. (Again, he is full of crap.)
“Responsible encryption is achievable. Responsible encryption can involve effective, secure encryption that allows access only with judicial authorization. Such encryption already exists. Examples include the central management of security keys and operating system updates; the scanning of content, like your e-mails, for advertising purposes; the simulcast of messages to multiple destinations at once; and key recovery when a user forgets the password to decrypt a laptop,” said Rosenstein. “No one calls any of those functions a “back door.” In fact, those capabilities are marketed and sought out by many users.”
Although Rosenstein has theories about how this can be done, he isn’t a cyber security expert and he places the burden on technology companies.
“We know from experience that the largest companies have the resources to do what is necessary to promote cybersecurity while protecting public safety. A major hardware provider, for example, reportedly maintains private keys that it can use to sign software updates for each of its devices. That would present a huge potential security problem, if those keys were to leak. But they do not leak, because the company knows how to protect what is important. Companies can protect their ability to respond to lawful court orders with equal diligence,” said Rosenstein.
He is well aware that technology companies won’t offer a solution unless they are forced to.
“There is no constitutional right to sell warrant-proof encryption. If our society chooses to let businesses sell technologies that shield evidence even from court orders, it should be a fully-informed decision,” said Rosenstein.
Author’s note: Shouldn’t the rights of private citizens always outweigh the rights of law enforcement to solve crimes? It’s always been and should remain that way. If technology companies intentionally make security weaker, then more breaches, like the recent Equifax one, are clearly going to happen.