Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Encryption Businesses Government Privacy Security United States Technology

DOJ: Strong Encryption That We Don't Have Access To Is 'Unreasonable' (arstechnica.com) 510

An anonymous reader quotes a report from Ars Technica: Just two days after the FBI said it could not get into the Sutherland Springs shooter's seized iPhone, Politico Pro published a lengthy interview with a top Department of Justice official who has become the "government's unexpected encryption warrior." According to the interview, which was summarized and published in transcript form on Thursday for subscribers of the website, Deputy Attorney General Rod Rosenstein indicated that the showdown between the DOJ and Silicon Valley is quietly intensifying. "We have an ongoing dialogue with a lot of tech companies in a variety of different areas," he told Politico Pro. "There's some areas where they are cooperative with us. But on this particular issue of encryption, the tech companies are moving in the opposite direction. They're moving in favor of more and more warrant-proof encryption." "I want our prosecutors to know that, if there's a case where they believe they have an appropriate need for information and there is a legal avenue to get it, they should not be reluctant to pursue it," Rosenstein said. "I wouldn't say we're searching for a case. I''d say we're receptive, if a case arises, that we would litigate."

In the interview, Rosenstein also said he "favors strong encryption." "I favor strong encryption, because the stronger the encryption, the more secure data is against criminals who are trying to commit fraud," he explained. "And I'm in favor of that, because that means less business for us prosecuting cases of people who have stolen data and hacked into computer networks and done all sorts of damage. So I'm in favor of strong encryption." "This is, obviously, a related issue, but it's distinct, which is, what about cases where people are using electronic media to commit crimes? Having access to those devices is going to be critical to have evidence that we can present in court to prove the crime. I understand why some people merge the issues. I understand that they're related. But I think logically, we have to look at these differently. People want to secure their houses, but they still need to get in and out. Same issue here." He later added that the claim that the "absolutist position" that strong encryption should be by definition, unbreakable, is "unreasonable." "And I think it's necessary to weigh law enforcement equities in appropriate cases against the interest in security," he said.

This discussion has been archived. No new comments can be posted.

DOJ: Strong Encryption That We Don't Have Access To Is 'Unreasonable'

Comments Filter:
  • Unreasonable huh (Score:5, Insightful)

    by Anonymous Coward on Thursday November 09, 2017 @08:49PM (#55523067)

    It's also pretty unreasonable that criminals can't just be forced to admit guilt. Think of all the wasted time giving criminals due process of law.

    • Re: (Score:2, Insightful)

      They can be forced, actually. The prosecution tells you that if you plead guilty you'll be given a reduced sentence, so you plead guilty regardless of whether or not you're actually guilty.
      • by Reverend Green ( 4973045 ) on Friday November 10, 2017 @12:34AM (#55523981)

        The semi-official media euphemize this as a "plea bargain". But I prefer the more old fashioned term: coerced false confession.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Just take a look at what that moron said:

      "People want to secure their houses, but they still need to get in and out. Same issue here."

      Uhh, your definition of the word "same" differs from that of most of humanity. Sorry but we don't provide the keys to our houses to the DOJ, lil' Roddy. Got any other faerie tales you'd like to tell?

      • by Bert64 ( 520050 )

        You don't need to provide the keys for your locks to the DOJ because:

        1, the manufacturer of the lock could provide them the key.
        2, there are other ways they can get in without the key (lockpicking, smashing the door etc).

        The idea is that suitably strong encryption cannot be broken at all.

        • by zifn4b ( 1040588 )

          The idea is that suitably strong encryption cannot be broken at all.

          That's the POINT of encryption: to be SECURE! Otherwise, criminals could take your personal data for identity theft purposes and ruin your finances. As soon as you introduce a backdoor, the security scheme is compromised. The DOJ is insisting it ought to compromise the ENTIRE security scheme for one case and thus put millions of people's security at risk. It's stupid and irrational.

          The more apt analogy is putting your entire military at risk to kill one enemy combatant but allowing them to decimate your

      • by raymorris ( 2726007 ) on Thursday November 09, 2017 @11:34PM (#55523795) Journal

        A decent locksmith can open any lock consumers use in a minute or two.* Yet the lock DOES generally work - if you lock up your bike with a decent lock, a thief probably isn't going to walk off with it.

        So the physical lock serves it's protective purpose, yet when you lock yourself out Pop-A-Lock can get you in for $25, and with a warrant police can enter an apartment. That's really not a bad situation. Compare if you lose your encryption key - you're permanently fucked; you can't call a digital locksmith if you're encryption is "good".

        I think it's perfectly reasonable for a non-technical person to say "I like the idea of a security system or lock that protects things from the bad guys, but with enough effort can be bypassed in an emergency or by an expert with a warrant". Again, it works well for physical locks, so CONCEPTUALLY it's reasonable.

        However, in today's digital world everything is connected to the internet and computer accessible, so a bad guy 5,000 miles away can have his computer working around the clock to try to break everybody's encryption. He doesn't have to hire a locksmith to work each lock. As computers get faster, it gets easier and easier to break a given level encryption, too. Therefore as a PRACTICAL matter, encryption needs to be super strong to be very useful. That's a practical fact for internet-connected devices.

        So I think the person is either a) unfamiliar with the practical realities of computer encryption or b) expressing a desire of what they'd want if they could have whatever they want, not proposing that it's actually available in a practical way today. Possibly both.

        It's not unreasonable to desire that digital locks worked like physical locks, secure from ordinary bad guys but locksmiths can open them. We just don't have any practical implementation that works that way, and probably never will.

        We actually DO have a technical implementation that *would* work if the government could be trusted to a) keep the keys secret and b) not abuse the keys, using them without a properly executed warrant.

        * Medeco locks used by some businesses and $5,000 safes take a few minutes longer.

    • by dweller_below ( 136040 ) on Thursday November 09, 2017 @10:17PM (#55523501)
      I think it is entirely unreasonable that I can't excrete diamonds. Therefore, I shouldn't have to go to work..

      The government knows every important detail of the Sutherland Springs shooter's life. There is no question of what he did, where he went, how he did it. This case is completely irrelevant to their demand to discard the constitution and remake the world into a police state.

  • Why don't we all give you our front door keys as well? That will make things easier for you too!!!

    • by sconeu ( 64226 )

      Dammit... Forgot to preview...

      Our front door keys, the combinations to all our safes, and the keys to any and all safe deposit boxes that we have.

    • by fahrbot-bot ( 874524 ) on Thursday November 09, 2017 @09:00PM (#55523139)

      Why don't we all give you our front door keys as well? That will make things easier for you too!!!

      Not really much easier than simply breaking down the door -- which isn't something they can do to a smartphone.

      More seriously, I don't remember the part of the Constitution that says our rights are contingent on how easy it is for the Government to usurp and/or ignore them.

    • Re:Tell you what... (Score:4, Interesting)

      by blindseer ( 891256 ) <blindseer@eartBO ... minus physicist> on Friday November 10, 2017 @01:41AM (#55524153)

      You think that local police forces don't try? I remember going to a political rally of sorts where they were talking about how the city wanted all businesses and multi-unit housing to hand over copies of keys to the police and fire departments. For your safety of course.

      All kinds of questions were raised. Would the city be required to make attempts to call the property owner before entering? Would there be a log of these entries? Would this be public record? What of lost or stolen keys, would the city pay for locks being rekeyed? What happens in the case of a burglary? What responsibility would the police have if there is damaged property, missing items, or other losses? Can they prove someone in the city government was not responsible? What kind of prevention for abuse of this kind of access by city employees would be in place? What punishment for this abuse would there be?

      This was happening in a neighboring town so it didn't affect me directly, only as an example that might spread. As far as I know this didn't get far. Of course many of those questions on having the keys to our homes and businesses also apply to having the keys to our data.

      Oh, and why not have keys to single unit homes? Probably because the city council members all lived in single unit homes.

      • by jbengt ( 874751 )
        Just to be clear, it is common for certain types of buildings in a lot of jurisdictions that they are required to have a locked box (Knox Box (TM)) with keys to the facility in it, and the fire department has the keys to that box.
        I was involved with a project where the local fire department insisted on having a Knox Box for access to a pharmacy located within an office building (they already had access to the building) but the state health department insisted that only a licensed pharmacist could have that
  • Hmmm (Score:5, Insightful)

    by rmdingler ( 1955220 ) on Thursday November 09, 2017 @08:52PM (#55523097) Journal

    In the interview, Rosenstein also said he "favors strong encryption." "I favor strong encryption, because the stronger the encryption, the more secure data is against criminals who are trying to commit fraud," he explained.

    Let's just punch in random players here for the purpose of examining random outcomes: What if the governments are/become the criminals? It's not exactly unheard of.

  • by fortfive ( 1582005 ) on Thursday November 09, 2017 @08:55PM (#55523117)

    i know the fourth hangs by a thread, tattered and mostly extinguished, but it still chills me to hear the government speak so blatantly.

    • What hangs by a thread? The 4th has been neutered for years if not decades.

      It hasn't been about what's "legal" for...what, a century or more? It's more about what they can get away with. Unfortunately, I get the feeling that while we were focusing on the irrelevant ( 'what's legal' ), we lost the war ( 'what people pay attention to' ).

  • Comment removed (Score:5, Interesting)

    by account_deleted ( 4530225 ) on Thursday November 09, 2017 @09:00PM (#55523133)
    Comment removed based on user account deletion
    • Comment removed (Score:5, Insightful)

      by account_deleted ( 4530225 ) on Thursday November 09, 2017 @10:19PM (#55523515)
      Comment removed based on user account deletion
    • by markdavis ( 642305 ) on Thursday November 09, 2017 @10:26PM (#55523551)

      >"draw attention away from the real issues like competent gun control "

      Bzzzzz. Your first two sentences were perfect and then you had to go and ruin it. Study after study after study proves that "gun control" doesn't prevent such murders. People who want to murder are going to illegally get a gun somehow and use it illegally (and overwhelming against unarmed groups of victims). Or they are going to run 20 people over with a car. Or throw gas on a building and burn a dozen people to death. Or make a pressure cooker bomb and set it off somewhere interesting. "Gun control" does one thing really well- it takes weapons out the hands of law-abiding, GOOD people, who use them to protect themselves and loved ones and frequently stop and deter crime.

      Areas in the USA with the highest (most unconstitutional and most draconian) gun control laws have the most gun murders and crime. This is fact. And when those laws get removed, magically, the gun murders and crime start going down and down. Also fact. Most gun murders occur in so-called "gun-free" zones. Yep- fact. Another interesting fact- licensed concealed-carry citizens commit 600% fewer felonies (ANY type of felony) than police officers. And ANOTHER fact- gun murders have been going down for decades. And this is despite there being more guns and more population.

      So we can continue to respond emotionally and "do something" about violence by passing more and more gun laws that make the problem worse. OR we can learn from fact and realize that gun laws are not the solution.

  • He said there were companies who were cooperative.

    I'd love to see that list published, so more companies can add them to blacklists.

  • We have a problem that the FBI is controlled by political ebb and tides. How can democracy function if a politician has access to their competitors plans?
  • there own fault (Score:5, Insightful)

    by gravewax ( 4772409 ) on Thursday November 09, 2017 @09:03PM (#55523155)
    Authorities have no one to blame but themselves. They have proven beyond any doubt time and time again that they cannot be trusted to have such access without abusing it, so why would anyone ever trust them.
  • Doublespeak (Score:5, Insightful)

    by XSportSeeker ( 4641865 ) on Thursday November 09, 2017 @09:08PM (#55523179)

    War is peace
    Freedom is slavery
    Ignorance is strength

    Stop trying to doublespeake the issue, you cannot treat things differently just because it's covenient to you.
    Encryption is either strong, or weak and thus useless, there is no middleground, you cannot devise a way to make it weak for some case scenarios while being strong for others because this defeats it's ultimate purpose.

    There is zero reason to pursue something like this because the moment US based companies start using a crippled encryption scheme like that is the moment hackers will find a way to exploit it, and criminals will switch to encryption systems made in a country that does not have such ignorant moronic people in the DOJ barking crap like that.
    Or do these morons really thing that criminals will go "oh hey, these chat apps have US weakened and backdoored encryption and we are commiting crimes in the US, let's use it!". Fucking stupid.

    You know what encryption is about? Reducing the rampant privacy erosion that has been happening in recent years because DOJ and other US governmental agencies cannot control their hunger for data. Crimes were solved well before this age of constant mass surveillance and privacy invasion at dystopic scales. Police should be able to do their jobs without having to step on the privacy of everyone they can reach, and arguably sometimes they can do a better job when they are not focusing so much on how to better collect data without anyone knowing about it.

    So you can go suck a cock Rosenstein. No one wants to live in a totalitarian state where your half assed ideas comes to fruition. Fucking deal with the reality that there will always be methods for criminals to lock information down in ways that they become unaccessible.

  • by 93 Escort Wagon ( 326346 ) on Thursday November 09, 2017 @09:09PM (#55523187)

    "I don't understand how strong encryption works" - Deputy Attorney General Rod Rosenstein.

    • No, he fully understands. What he was actually saying was, "It is possible to have encryption with special super secret ways to crack that everyone knows exist but only the government can use." We need to keep reminding people that if your house has a secret, hidden entrance with no locks so that the police can quickly enter your house in an emergency that everyone knows exists the criminals will search around until they find it. And oh yes, since it is the same on every house, once the criminals find where
  • by chromaexcursion ( 2047080 ) on Thursday November 09, 2017 @09:10PM (#55523197)
    Headline: "The DOJ Supports Criminals"
    There is no such thing as a safe backdoor.
    If it's there, especially if knowledge of it is public, criminals will get access.
    It will drive everyone who has any sense to use non US encryption products.
  • by rsilvergun ( 571051 ) on Thursday November 09, 2017 @09:10PM (#55523203)
    you have to stop voting the right wing "Tough on Crime" folks into office. I know that's not a popular thing to say, but this stuff all comes from the same folks (you'd not I said Right wing, nothing about "Ds" or "Rs", that's because right wing is a political ideology, not a party, and both sides have plenty of right wingers).

    You also need to get your friends and family on board. And for Pete's sake vote in your primary. It doesn't do any good to vote if everyone running is a right wing "Tough on Crime" politician.

    Or you can keep reading these stories and hoping for the best. I guess that works too.
    • >"You also need to get your friends and family on board. And for Pete's sake vote in your primary. It doesn't do any good to vote if everyone running is a right wing "Tough on Crime" politician. "

      "Tough on crime" is a perfectly valid goal and platform. But that doesn't and shouldn't necessarily mean:

      1) Throwing out the Constitution
      2) Mass surveillance
      3) Broken encryption

      • by whoever57 ( 658626 ) on Thursday November 09, 2017 @10:14PM (#55523491) Journal

        "Tough on crime" is a perfectly valid goal and platform. But that doesn't and shouldn't necessarily mean:

        1) Throwing out the Constitution
        2) Mass surveillance
        3) Broken encryption

        I agree that it should not include those things, but you are horribly naive if you don't realize that it always does mean those things.

      • by rsilvergun ( 571051 ) on Thursday November 09, 2017 @11:25PM (#55523765)
        multiple studies have shown that it doesn't do any good. Throwing people in jail and doing nothing to address the root causes of crime doesn't solve anything. It's just being punitive for it's own sake. Tough on crime basically means revenge. If you're not trying to rehabilitate and you're not locking up a mentally deranged person to keep them from harming others you're just committing an act of revenge out of anger and fear. Rather than a reasoned, scientific approach to crime it's an emotional one. One that does it's best to ignore that criminals are human beings in order to maintain the goal of revenge.
  • by Pluvius ( 734915 ) <(pluvius3) (at) (gmail.com)> on Thursday November 09, 2017 @09:14PM (#55523233) Journal

    People want to secure their homes in such a way that they can get in and out. Not you, and not anyone else. So get your fucking paws off of our private information.

    Rob

  • Cause and effect. (Score:5, Insightful)

    by Gravis Zero ( 934156 ) on Thursday November 09, 2017 @09:30PM (#55523313)

    What he should be asking is why this happened. Working backwards we know that Corporations rarely do things that aren't in the interest of profit which means there was a demand for this feature. Why was there a sudden demand for iron clad smartphone security? Well strong encryption didn't start showing up in smartphones until after the exposure of a massive surveillance apparatus.

    Now, you can kill the messenger but it's the reality that is the real problem: people don't want to live in a surveillance state!

    The government exists to serve the people, not the other way around.

  • *facepalms* (Score:5, Insightful)

    by DivineKnight ( 3763507 ) on Thursday November 09, 2017 @09:37PM (#55523353)

    Somehow I don't think we should be limiting the world to the smartest that the DoJ can buy...

  • ...that tries to hide nearly everything it does from the public? FOIA requests are regularly ignored or tied up in the bureaucracy. Backroom deals are done all the time without any oversight. Money pours into campaigns while reporting laws are ignored. Top Secret information and State Department emails are stored on private servers and then wiped clean (and not with a cloth) so no one can see what was in them. Subpoenas are regularly ignored. Yet if they can't see everything that we do, that is somehow 'unr
  • by account_deleted ( 4530225 ) on Thursday November 09, 2017 @10:21PM (#55523525)
    Comment removed based on user account deletion
  • by The Cynical Critic ( 1294574 ) on Friday November 10, 2017 @03:39AM (#55524439)
    I'm probably going to annoy some people by saying this, but his frustration with the current situation on encryption is completely understandable.

    There are completely legitimate cases where law enforcement should be able to access the contents of devices and communication s between individuals and like any investigative technique, it can be abused. However the fact that something can and is being abused does not make the legitimate use cases for something go away. Don't get me wrong, the fact that weakening encryption and installing backdoors into devices, applications and protocols is not lost on me and I fully understand that this can lead to the additions being exploited by unscrupulous members of law enforcement and other parties. However I can understand why someone in law enforcement and government would ask for them and I don't consider these people to be morons for doing so.

    The way I see it, encryption is one of those "peace in the middle east" type topics that are incredibly complicated and nobody has anything that even resembles a good answer...
  • by Sqreater ( 895148 ) on Friday November 10, 2017 @04:54AM (#55524599)
    Rights and freedoms cost not just on the battlefields of our wars but in our daily lives. And if we cannot accept the daily costs of those rights and freedoms we cannot have them. There will always be those who argue that the costs of rights and freedoms are unacceptable and that they must be curtailed and eliminated. We must be strong enough to say no and mean it.
  • by Chas ( 5144 ) on Friday November 10, 2017 @04:57AM (#55524611) Homepage Journal

    They can't even keep their OWN secrets.

    What makes them think that a secret backdoor only THEY have been entrusted with will be safe?

    Sorry, but if a weakness exists, it'll be found.

    What's more, if it's a DELIBERATE weakness, it will likely be found FASTER, as what CAN be done to compromise such a thing is predictable.

  • by spiritwave ( 4392317 ) on Friday November 10, 2017 @05:37AM (#55524691) Homepage

    "People want to secure their houses, but they still need to get in and out. Same issue here."

    But we do not leave our doors unlocked, nor instead give the police (or basically anyone else who does not reside there) a key to use when they deem fit (abusively or not).

    Any backdoor basically completely bypasses the security of encryption, because history clearly shows that any such backdoor will likely quickly become common knowledge for hackers.

  • by next_ghost ( 1868792 ) on Friday November 10, 2017 @06:36AM (#55524847)
    If the police can break encryption without the owner's consent, then criminals and foreign powers can break it just as easily. There is no magic encryption that opens only for the "good" guys.
  • by sad_ ( 7868 ) on Friday November 10, 2017 @06:37AM (#55524851) Homepage

    you can't have one without the other. Anything good can be abused for bad purposes.

  • by MoarSauce123 ( 3641185 ) on Friday November 10, 2017 @06:57AM (#55524897)
    ...Dr. Mai-Lin Cha in Quantico. She cracks everything that Jerry Cotton gives her. Joke aside...maybe the FBI should hire some better people. If the government apparently has money for new nukes and pointless border walls then there should be a some cash left for hiring better experts.
  • by Maritz ( 1829006 ) on Friday November 10, 2017 @08:28AM (#55525249)
    An encrypted volume or file is not a house, it never was a house, and it never will be a fucking house. The analogy is fucking stupid, stop using it.
  • Math says that "absolutist" encryption is the only kind that actually works. Deal with it.

    I wonder if some of these idiots honestly believe that it's mathematically possible to have encryption that can be cracked by law enforcement but not criminals. I still think it's more likely an "Ask for a pony to get a dog" tactic: they ask for magical encryption to prod tech companies into providing other, actually possible forms of cooperation.

  • by nehumanuscrede ( 624750 ) on Friday November 10, 2017 @10:37AM (#55525877)

    always so damned ignorant ?

    Why do we have to keep explaining the same things over and over to the same people ?

    Encryption is doing its job if it prevents unauthorized folks from obtaining the data it's protecting. This includes the government. ( Whom no one fully trusts with anything ) Especially the government in some instances.

    As leaky as the government is with their own networks and the data that rides them, it would only be a matter of time before any mandated backdoor became semi-public knowledge. At which point the damage that can be done would be epic.

    What's " unreasonable " is the government demanding levels of transparency on the people while doing their damndest to hide everything they do under veils of secrecy, NSL's and secret courts. ( All under the guise of 'protecting' us of course. )

    Tell you what, we'll give you access to our data, when you give us full access to yours.

    Until then, you all can go fuck yourselves.

    Hugs and kisses from all of us.

The last person that quit or was fired will be held responsible for everything that goes wrong -- until the next person quits or is fired.

Working...