Deputy AG Claims There's No Market For Better Security While Complaining About Encryption At A Cybercrime Conference

from the an-actual-thing-that-happened dept

The FBI still hasn’t updated its bogus “uncrackable phones” total yet, but that isn’t stopping the DOJ from continuing its push for holes in encryption. Deputy AG Rod Rosenstein visited Georgetown University to give a keynote speech at its Cybercrime 2020 Conference. In it, Rosenstein again expressed his belief that tech companies are to blame for the exaggerated woes of law enforcement.

Pedophiles teach each other how to evade detection on darknet message boards. Gangs plan murders using social media apps. And extortionists deliver their demands via email. So, it is important for those of us in law enforcement to raise the alarm and put the public on notice about technological barriers to obtaining electronic evidence.

One example of such a barrier is “warrant-proof” encryption, where tech companies design their products or services in such a way that they claim it is impossible for them to assist in the execution of a court-authorized warrant. These barriers are having a dramatic impact on our cases, to the significant detriment of public safety. Technology makers share a duty to comply with the law and to support public safety, not just user privacy.

Rosenstein says this has resulted in a “significant detriment [to] public safety,” but can’t point to any data or evidence to back that claim up. The FBI’s count of devices it can’t access is off by at least a few thousand devices, by most people’s estimates. In terms of this number alone, the “public safety” problem is, at best, only half as bad as the DOJ has led us to believe.

Going beyond that, crime rates remain at historic lows in most places in the country, strongly suggesting no crime wave has been touched off by the advent of default encryption. Law enforcement agencies aren’t complaining about cases they haven’t cleared — if you exclude encryption alarmist/Manhattan DA Cyrus Vance. (Anyone hoping to have an honest conversation about encryption certainly should.)

Somehow, Rosenstein believes the public would experience a net safety gain by making their devices and personal info more easily accessed by criminals. Holes in encryption can be marked “law enforcement only,” much like private property owners can hang “no trespassing” signs. But neither is actually a deterrent to determined criminals.

Rosenstein goes on to tout “responsible encryption” — a fairy tale he created that revolves around the premise tech companies can break/unbreak encryption at the drop of a warrant. But broken encryption can’t be unbroken, not even with some form of key escrow. The attack vector may change, but it still exists.

That Rosenstein is advocating inferior encryption during a cybercrime conference speaks volumes about what the DOJ actually considers to be worth protecting. It’s not businesses and their customers. It’s law enforcement’s access. He spends half the run time talking about security breaches involving tech companies and follows it up by suggesting they take less care securing all this info they collect.

He even goes so far as to claim better security is something customers don’t want and is bad for tech companies’ bottom lines.

Building secure devices requires additional testing and validation—which slows production times — and costs more money. Moreover, enhanced security can sometimes result in less user-friendly products. It is inconvenient to type your zip code when you use a credit card at the gas station, or type a password into your smartphone.

Creating more secure devices risks building a product that will be later to market, costlier, and harder to use. That is a fundamental misalignment of economic incentives and security.

The implicit statement Rosenstein’s making is that ramped-up security — including default encryption — is nothing more than companies screwing shareholders just so they can stick it to The Man. Following this bizarre line of thought is to buy into Rosenstein’s conspiracy theory: one that views tech companies as a powerful cabal capable of rendering US law enforcement impotent.

And as much as Rosenstein hammers tech companies for security breaches that have exposed the wealth of personal data they collect, he ignores the question his encryption backdoor/side door advocacy raises. This question was posed in an excellent post by Cathy Gellis at the beginning of this year:

“What is a company to do if it suffers a data breach and the only thing compromised is the encryption key it was holding onto?”

We’re headed into 2019 and no one in the DOJ or FBI is willing to honestly discuss the side effects of their proposals. Rosenstein clings to his “responsible encryption” myth and the director of the FBI wants to do nothing more than make it the problem of “smart people” at tech companies he’s seeking to bend to his will. No one in the government wants to take responsibility for the adverse outcomes of weakened encryption, but they’re more than willing to blame everyone else any time their access to evidence seems threatened.

Rosenstein’s unwavering stance on the issue makes this statement, made at the closing of his remarks, ring super-hollow.

We should not let ideology or dogma stand in the way of constructive academic engagement.

Fair enough, Rod. You go first.

Filed Under: , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Deputy AG Claims There's No Market For Better Security While Complaining About Encryption At A Cybercrime Conference”

Subscribe: RSS Leave a comment
18 Comments
Garysays:

Secure

Building secure devices requires additional testing and validation?which slows production times ? and costs more money. Moreover, enhanced security can sometimes result in less user-friendly products. It is inconvenient to type your zip code when you use a credit card at the gas station, or type a password into your smartphone.

So he is also against minor security precautions to keep our credit cards safer? I bet he cheered the security gaffe of not requiring "Chip and PIN" on the new systems.

Agammamonsays:

There are three different types of ‘unbreakable phones) that make up the FBI’s stat.

1. Phones that the FBI thinks may (though they may not) have evidence on. But they just want to take a peek to make sure.

2. Phones that have evidence that may be useful to prosecutors but not necessary.

3. Phones that have evidence that is absolutely key to the prosecution’s case.

If the FBI has gotten to the point of arresting a suspect and seizing their phone, frankly, you’d think they’d have a sufficiently good case that it wouldn’t hinge on evidence that is solely contained on it.

Anonymoussays:

Re:

If the FBI has gotten to the point of arresting a suspect and seizing their phone, frankly, you’d think they’d have a sufficiently good case that it wouldn’t hinge on evidence that is solely contained on it.

However getting into the phone will likely show things they did not know about but which make railroading the suspect into a plea bargain much easier.

ECAsays:

Secrets..

“Pedophiles teach each other how to evade detection on darknet message boards.”

Umm, no..
The old ways work and are the best..No matter what they say, the only privacy to be had, is when 2 person travel together..A car going down the road isnt easy to monitor.

For some reason.. this sounds like ALLOT of other persons bitching about Tech/internet/advances..
People Who dont know it, never learned it, Dont want to learn it…
And only know a few subjects..
And want the EASY way out..
And knowing our CORP/Capitalist system..IF you pay enough, someone will make you a tool..
But, because of how cellphones are, and WHO OWNS them..The person who makes the tool, Will probably be SHOT..Every copyright he bypasses will be at his door.

OR:
they already have a way to do it, and this is grandstanding.. Making everyone think they are SAFE, and ARNT..

Also,
To be a Pedophile of note…
you REALLY need money.
Even to kidnap a person take money/security/safety..
and unless you Murder everyone of them, Which goes beyond Pedo,you will repeat this over and over, and that is a pattern that wont be missed easily..
Or is our Police agencies MORE stupid then we think??

That One Guysays:

'... and don't even get me started on door locks!'

Building secure devices requires additional testing and validation?which slows production times ? and costs more money. Moreover, enhanced security can sometimes result in less user-friendly products. It is inconvenient to type your zip code when you use a credit card at the gas station, or type a password into your smartphone.

Creating more secure devices risks building a product that will be later to market, costlier, and harder to use. That is a fundamental misalignment of economic incentives and security.

I think it’s safe to assume that if he’s speaking at a security conference he’s knowledgeable enough on the subject to know that as arguments go this one is not just wrong it’s monumentally stupid, to the point that the organizers of the event should have made it crystal clear that he is not welcome at any future conferences as he’s demonstrated either gross ignorance of the field, or positively stunning levels of intellectual dishonesty.

I mean really, saying that making sure that devices are secure such that mere possession of it is not enough to gain access adds just too much design work and creates unnecessary delays is so monumentally stupid it boggles the mind that he was able to say it with a straight face, and that the audience was able to refrain from busting out laughing.

What next, is he going to whine about how making sure that the airbags and seatbelts in a new car design work properly is just unneeded busywork because it’s a ‘fundamental misalignment of economic incentives and security’?

When the groups and individuals trying to undermine public safety and security are making arguments this boneheaded and dishonest, I’d say it’s a pretty good indicator of how laughably weak their position really is.

Anonymoussays:

Creating more secure devices risks building a product that will be later to market, costlier, and harder to use.

The very fact that he is announcing this brilliant insight at a conference is sufficient evidence that it’s a lie. If it was actually true he would have no time to speak at conferences, since he’d be out there becoming insanely rich and famous by starting dozens of technology companies which are "superior" to all the existing options.

IsRosensteinABadPersonsays:

Is Rosenstein a bad person?

Yo! Rosenstein, how is it that you are so familiar with how pedophiles hide traffic, and gangs hide plans for violence? Are you somehow part of both sets of people?

Sure seems like that could be the case, what with how familiar you seem to be about how they do all their planning and hiding and shit.

I’m not pointing fingers here, but it sure seems kind of “suspicious” to me.

And since we’re supposed to “say something” when we “see something”, I think we should all be “saying” something about the in-depth knowledge Rosenstein seems to have with all these “bad things” being done by “bad actors”.

Anonymoussays:

Somehow, Rosenstein believes the public would experience a net safety gain by making their devices and personal info more easily accessed by criminals. Holes in encryption can be marked “law enforcement only,” much like private property owners can hang “no trespassing” signs. But neither is actually a deterrent to determined criminals.

For years, fire departments had little boxes mounted on multi-tenant buildings; the fire department held the key to the box (the key to all the boxes in the city was the same) and inside was a master key to the building. The idea was that this way, the fire department could easily access all suites in case of an emergency.

Unfortunately, some kid discovered that the bic pen trick used for unlocking the old-style U-bolt bike locks also worked on the fire department keyboxes. Meaning anyone with a bic pen could gain full access to any multi-tenant suite in any building in any city that used these boxes.

In my city, around a decade ago, the fire department went around and removed the face plate off of all these boxes and returned the keys inside to the building managers.

What these people in law enforcement are requesting is essentially a digital version of the FD key boxes. And like the key boxes, even if every person who has access to the master key is trustworthy, you’re also trusting that nobody will ever be able to circumvent what is now essentially one lock to the city.

Coyne Tibbetssays:

Deputy AG Claims There’s No Market For Better Security While Complaining About Encryption At A Cybercrime Conference

What he meant is "no legitimate market." Since, in his view, the only people interested in protecting their privacy through encryption are pedophiles, extortionists, drug dealers, terrorists, and other "detriments to public safety."

Note that this implicitly pigeonholes anyone who desires privacy through encryption as a "detriment to public safety." Because, as has been so often stated, everyone not in that category has "nothing to hide."

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...
Older Stuff
13:40 It's Great That Winnie The Pooh Is In The Public Domain; But He Should Have Been Free In 1982 (Or Earlier) (35)
12:06 Norton 360 Now Comes With Crypto Mining Capabilities And Sketchy Removal Process (28)
10:45 Chinese Government Dragnet Now Folding In American Social Media Platforms To Silence Dissent (14)
10:40 Daily Deal: The 2022 Ultimate Cybersecurity Analyst Preparation Bundle (0)
09:29 A Fight Between Facebook And The British Medical Journal Highlights The Difficulty Of Moderating 'Medical Misinformation' (9)
06:29 Court Ruling Paves The Way For Better, More Reliable Wi-Fi (4)
20:12 Eighth Circuit (Again) Says There's Nothing Wrong With Detaining Innocent Minors At Gunpoint (15)
15:48 China's Regulatory War On Its Gaming Industry Racks Up 14k Casualties (10)
13:31 Chinese Government Fines Local Car Dealerships For Surveilling While Not Being The Government (5)
12:08 Eric Clapton Pretends To Regret The Decision To Sue Random German Woman Who Listed A Bootleg Of One Of His CDs On Ebay (29)
10:44 ICE Is So Toxic That The DHS's Investigative Wing Is Asking To Be Completely Separated From It (29)
10:39 Daily Deal: The 2022 Complete Raspberry Pi And Arduino Developer Bundle (0)
09:31 Google Blocked An Article About Police From The Intercept... Because The Title Included A Phrase That Was Also A Movie Title (24)
06:22 Wireless Carriers Balk At FAA Demand For 5G Deployment Delays Amid Shaky Safety Concerns (16)
19:53 Tenth Circuit Denies Qualified Immunity To Social Worker Who Fabricated A Mother's Confession Of Child Abuse (35)
15:39 Sci-Hub's Creator Thinks Academic Publishers, Not Her Site, Are The Real Threat To Science, And Says: 'Any Law Against Knowledge Is Fundamentally Unjust' (34)
13:32 Federal Court Tells Proud Boys Defendants That Raiding The Capitol Building Isn't Covered By The First Amendment (25)
12:14 US Courts Realizing They Have A Judge Alan Albright Sized Problem In Waco (17)
10:44 Boston Police Department Used Forfeiture Funds To Hide Purchase Of Surveillance Tech From City Reps (16)
10:39 Daily Deal: The Ultimate Microsoft Excel Training Bundle (0)
09:20 NY Senator Proposes Ridiculously Unconstitutional Social Media Law That Is The Mirror Opposite Of Equally Unconstitutional Laws In Florida & Texas (25)
06:12 Telecom Monopolies Are Exploiting Crappy U.S. Broadband Maps To Block Community Broadband Grant Requests (7)
12:00 Funniest/Most Insightful Comments Of 2021 At Techdirt (17)
10:00 Gaming Like It's 1926: Join The Fourth Annual Public Domain Game Jam (6)
09:00 New Year's Message: The Arc Of The Moral Universe Is A Twisty Path (33)
19:39 DHS, ICE Begin Body Camera Pilot Program With Surprisingly Good Policies In Place (7)
15:29 Remembering Techdirt Contributors Sherwin And Elliot (1)
13:32 DC Metro PD's Powerful Review Panel Keeps Giving Bad Cops Their Jobs Back (6)
12:11 Missouri Governor Still Expects Journalists To Be Prosecuted For Showing How His Admin Leaked Teacher Social Security Numbers (39)
10:48 Oversight Board Overturning Instagram Takedown Of Ayahuasca Post Demonstrates The Impossibility Of Content Moderation (10)
More arrow
This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it