Another senior politician has weighed into the debate about online encryption and made a bit of a fool of themselves, as well as making some hugely controversial statements.
This time it was the U.S. Deputy Attorney General Rod Rosenstein, who made a series of comments in an explosive speech at the at the U.S. Naval Academy in Maryland. In it, he claimed that encryption had created “law-free zones”, was not protected under the Fourth Amendment of the US Constitution, and proposed a form of ‘responsible encryption’ as a possible solution.
In accusing companies who provide end-to-end encryption of creating a secure place for criminals to operate, Rosenstein remarkably began his comments by undermining his own argument. “Encryption is a foundational element of data security and authentication. It is essential to the growth and flourishing of the digital economy, and we in law enforcement have no desire to undermine it.”
Having said that, he then promptly went on to explain why he believed it should be undermined. He argued that in the past, judicial oversight was able to balance the rights of individual privacy with the security needs of the state.
“Our society has never had a system where evidence of criminal wrongdoing was totally impervious to detection, especially when officers obtain a court-authorized warrant,” he claimed. “But that is the world that technology companies are creating.”
He then claimed that there had never been an ‘absolute right to privacy in the USA because communications could be intercepted if the Government demonstrated just reason to do so. End-to-end encryption, he claimed, had now tipped the balance in favour of privacy.
Ignoring the fact, that it has already been revealed that the US Government systematically broke this ‘balance of privacy and security’ with their mass surveillance and bulk data retention programmes, this point is overlooking a crucial legal precedent.
The Bernstein vs United States case established that cryptography is free speech in the US, and protected by the First Amendment. Rosenstein’s argument would require this legal ruling to be overturned.
Rosenstein solution to this problem was something he described as ‘responsible encryption’. He claims that it is possible to have secure encryption that is safe from hackers but can still be accessed by approved authorities with a judicial warrant.
He went on to claim that this technology already exists but did not elaborate on how such a solution would be implemented. Cyber-security experts are already noting that he appears to be proposing some form of content-scanning middle-box which have already been proven insecure.
The fact that still seems to evade Deputy Attorney General Rosenstein, UK Home Secretary Amber Rudd, and so many other senior political figures engaged in this debate, is a painfully simple one.
Any system that allows access to encrypted communications is a vulnerability that hackers will eventually learn how to exploit. The idea that any encryption backdoor or system of ‘responsible encryption’, as Rosenstein describes it, can be secure is just not realistic.
One politician who does get it is Democratic Senator Ron Wyden. He said in a statement responding to the comments, “Despite his attempts at rebranding, a government backdoor by another name will still make it easier for criminals, predators and foreign hackers to break into our phones and computers.”
Perhaps Deputy Attorney General Rosenstein will read the responses to his speech and realise how out-of-touch with reality he is in his suggestions. But with US intelligence agencies still pushing him to help them legislate their way around the encryption problem, this seems unlikely.
But tech companies do still appear to be resolute on the importance of encryption to their products and their customers. And for internet users at least, as their politicians struggle to undermine their right to privacy without being seen to do so, this can offer some comfort.