White House Cyber Security Boss Also Wants Encryption Backdoors He Refuses To Call Backdoors

from the torturing-words dept

Deputy Attorney General Rod Rosenstein recently pitched a new form of backdoor for encryption: "responsible encryption." The DAG said encryption was very, very important to the security of the nation and its citizens, but not so important it should ever prevent warrants from being executed.

According to Rosenstein, this is the first time in American history law enforcement officers haven't been able to collect all the evidence they seek with warrants. And that's all the fault of tech companies and their perverse interest in profits. Rosenstein thinks the smart people building flying cars or whatever should be able to make secure backdoors, but even if they can't, maybe they could just leave the encryption off their end of the end-to-end so cops can have a look-see.

This is the furtherance of former FBI director James Comey's "going dark" dogma. It's being practiced by more government agencies than just the DOJ. Calls for backdoors echo across Europe, with every government official making them claiming they're not talking about backdoors. These officials all want the same thing: a hole in encryption. All that's really happening is the development of new euphemisms.

Rob Joyce, the White House cybersecurity coordinator, is the latest to suggest the creation of encryption backdoors -- and the latest to claim the backdoor he describes is not a backdoor. During a Q&A at Cyber Summit 2017, Joyce said this:

[Encryption is] "definitely good for America, it's good for business, it's good for individuals," Joyce said. "So it's really important that we have strong encryption and that's available."

Every pitch against secure encryption begins exactly like this: a government official professing their undying appreciation for security. And like every other pitch, the undying appreciation is swiftly smothered by follow-up statements specifying which kinds of security they like.

"The other side of that is there are some evil people in this world, and the rule of law needs to proceed, and so what we're asking for is for companies to consider how they can support legal needs for information. Things that come from a judicial order, how can they be responsive to that, and if companies consider from the outset of building a platform or building a capability how they're going to respond to those inevitable asks from a judge's order, we'll be in a better place."

In other words, Joyce loves the security encrypted devices provide. But he'd love them more if they weren't quite so encrypted. Perhaps if the manufacturers held the keys… The same goes for encrypted communications. Wonderful stuff. Unless the government has a warrant. Then it should be allowed to use its golden key or backdoor or whatever to gain access.

Once again, a government official asks for a built-in backdoor, but doesn't have the intellectual honesty to describe it as such, nor the integrity to take ownership of the collateral damage. Neither the White House nor Congress seem interested in encryption bans or mandated backdoors. The officials talking about the "going dark" problem keep hinting tech companies should just weaken security for the greater good -- with the "greater good" apparently benefiting only government agencies.

This way, when everything goes to hell, officials can wash their hands of the collateral blood because there's no mandate or legislation tech companies can point to as demanding they acquiesce to the government's desires. Officials like Joyce and Rosenstein want all of the access, but none of the responsibility. And every single person offering these arguments think the smart guys should do all the work and carry 100% of the culpability. Beyond being stupid, these arguments are disingenuous and dangerous. And no one making them seems to show the slightest bit of self-awareness.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cybersecurity, doj, responsible encryption, rob joyce, rod rosenstein


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 16 Oct 2017 @ 11:00am

    According to Rosenstein, this is the first time in American history law enforcement officers haven't been able to collect all the evidence they seek with warrants.

    When did the permanent recording of all conversation, and keeping permanent copies of all letters and notes go out of fashion?

    It has never been possible for the police to have guaranteed collection of evidence via a warrant.

    link to this | view in chronology ]

  • identicon
    Tin-Foil-Hat, 16 Oct 2017 @ 11:45am

    Wrong on all points

    There have always been obstacles and systems that prevented law enforcement obtaining information. For example, DNA analysis is a relatively recent technology for identifying and excluding suspects. Criminals are being brought to justice in cases decades old because of it. But what about the criminal that won't reveal the location of the drugs, money or body? Sticks, carrots and warrants are useless without cooperation. Although technology has provided an indispensable tool to crime fighters, like all technology it sometimes creates an obstacle. Does the constitution allow the government or its agents to use any means to their end? Does it allow preemptive access to the insides of our persons, homes and papers, lest one of us commit a crime in the future? What they are asking for not only provides access to current information but potentially years of cumulative information. These issues need to be addressed. The stakes are higher for the millions of law abiding citizens who are being asked to trade their privacy just in case one of them commits or is even suspected of committing a crime.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Oct 2017 @ 12:00pm

      Re: Wrong on all points

      "For example, DNA analysis is a relatively recent technology for identifying and excluding suspects. Criminals are being brought to justice in cases decades old because of it."

      DNA analysis is good for excluding, not so good at including. I think you had it correct with your first sentence, the second one not so much.

      link to this | view in chronology ]

      • identicon
        Tin-Foil-Hat, 16 Oct 2017 @ 12:21pm

        Re: Re: Wrong on all points

        "DNA analysis is good for excluding, not so good at including. I think you had it correct with your first sentence, the second one not so much."


        I think some crime victims would disagree. Just because it happens less often doesn't make it insignificant. 20 years ago the actor that played Random Task in one of the Austin Powers movie brutally raped a woman. He was arrested for a relatively minor crime and when they took his DNA it matched the evidence in the crime.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 16 Oct 2017 @ 1:42pm

          Re: Re: Re: Wrong on all points

          But that is what I'm saying ... the "match" is still being debated whereas the "no match" is not.

          link to this | view in chronology ]

  • identicon
    Machin Shin, 16 Oct 2017 @ 11:53am

    "Rob Joyce, the White House cybersecurity coordinator"

    The fact he is stupid enough to make these comments means he is not even remotely qualified to hold that position.

    Really is sad how often this kind of thing happens. Why are morons with no security experience keep getting high level "cybersecurity" jobs?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Oct 2017 @ 12:05pm

      Rob Joyce [was Re: ]

      Why are morons with no security experience keep getting high level "cybersecurity" jobs?

      Five key players for Trump on cybersecurity”, by Morgan Chalfant, The Hill, May 6, 2017

      Rob Joyce

      President Trump has put Rob Joyce, the former leader of an elite hacking group at the National Security Agency, in charge of overseeing the federal government’s cybersecurity policy efforts at the White House.

      With his background in hacking as the former chief of the NSA’s Tailored Access Operations (TAO) . . .

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 16 Oct 2017 @ 12:09pm

        Re: Rob Joyce [was Re: ]

        to be honest, those credentials are hardly worth anything.

        It's like me running around saying I have 40 years experience in cyber security...

        I have seen more than enough dullards in positions of power to know that experience is a CON MANS GAME!

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 16 Oct 2017 @ 12:14pm

          Re: Re: Rob Joyce [was Re: ]

          Agreed. When someone says "I have X years of experience", my first question is
          "Do you have 1 year of experience repeated X times? Or do you actually have X different years of experience?"
          And all too often the true answer is "One year repeated X times"

          link to this | view in chronology ]

          • icon
            JoeCool (profile), 16 Oct 2017 @ 12:45pm

            Re: Re: Re: Rob Joyce [was Re: ]

            Or he's one of those government employees who sat at a computer and surfed for porn 7.9 hours out of 8 over the last decade or two. Just because you HAVE a job for a decade or two is no indication that you actually DID the job, or were any good at it.

            link to this | view in chronology ]

      • identicon
        Anonymous Coward, 16 Oct 2017 @ 12:40pm

        Re: Rob Joyce [was Re: ]

        … the former chief of the NSA’s Tailored Access Operations (TAO)…

        Rob Joyce”, CNBC, (undated – url contains “2017/08/22” )

         . . . Joyce served at the NSA for more than 25 years, holding various leadership positions within both NSA missions: the Information Assurance and Signals Intelligence Directorates. Prior to becoming the Chief of TAO, Rob served as the Deputy Director of the Information Assurance Directorate at NSA . . .

        Joyce began his career as an engineer . . . Master's in electrical engineering from Johns Hopkins University. . . .

        link to this | view in chronology ]

        • icon
          JoeCool (profile), 16 Oct 2017 @ 12:47pm

          Re: Re: Rob Joyce [was Re: ]

          Joyce began his career as an engineer . . . Master's in electrical engineering from Johns Hopkins University. . . .

          Ah, so he WILLFULLY IGNORANT in order to push an agenda. Those people make me more sick than the ones who are just plain ignorant.

          link to this | view in chronology ]

        • identicon
          Anonymous Coward, 16 Oct 2017 @ 1:04pm

          Re: Re: Rob Joyce [was Re: ]

          Rob Joyce”, CNBC, (undated – url contains “2017/08/22” )

          Incidentally, and fwiw, carefully compare the phrasing of that CNBC-hosted bio with a less-recent bio sketch for the Usenix Association's Enigma 2016 conference. It appears likely to me that CNBC did not entirely originate the wording used.

          link to this | view in chronology ]

      • identicon
        Machin Shin, 16 Oct 2017 @ 1:08pm

        Re: Rob Joyce [was Re: ]

        "Rob Joyce, the former leader of an elite hacking group at the National Security Agency"

        Ok, so maybe I was wrong and this guy does have some experience. That makes this even worse honestly, because that means he knows and is just telling bold face lies.

        Also, the NSA, really? They have proven they are rabid attack dogs who give zero shits about collateral damage.

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Oct 2017 @ 12:09pm

      Re:

      The question remains, are all these people really that stupid, or do they in fact know what they are asking for and don't care because they want access to all the things?

      I would think it would not be outside the realm of possibility that they want to force the civilian population to use a backdoored version of encryption so law enforcement and the NSA can look at whatever they want to. Meanwhile the NSA and any other government agency quietly uses a version of encryption that isn't backdoored to protect their stuff and tools.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Oct 2017 @ 12:10pm

    There's 3rd party open source Encryption that the government has ZERO control over that's not made in the U.S. No law could even stop it from being used.

    So really, 99% of the population who are just normal American's get the weak encryption that everyone will end up with keys for it one way or another and the Criminals who want real Protection just just download a open source, no backdoor version and the U.S. Government can't do anything to stop that.


    Since when is the Government snooping into my conversations to someone recording away, but only will hear what I'm saying with one of their open ended bogus warrants when they need to? Because that's really what he's saying.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Oct 2017 @ 1:20pm

      Re:

      They will ask for "Responsible Programming", meaning only government approved code.... How I wish I could consider that sentence a joke.

      link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 16 Oct 2017 @ 12:15pm

    The point is moot.

    The behavior of the current administration, the DoJ and its respective agencies have demonstrated that they not only don't hunt down evil people (rather they pick at low hanging fruit), but also they're not trustworthy themselves, and often make rackets from their own authority.

    Even if we could make a secure backdoor, there is no-one on Earth trustworthy to keep it.

    The recent Equifax hack illustrates this. Those trusted with the data they already have aren't trustworthy.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Oct 2017 @ 1:37pm

      Re: The point is moot.

      At this point, there are still many of Obama's faithful still in our bureaucracies. Those who were attracted to government service by Obama and Bill before him to promote their own philosophy. There are rules against indiscriminately firing civil-service workers. Keep that in mind while talking about the current government.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 16 Oct 2017 @ 3:52pm

        Re: Re: The point is moot.

        "Obama's faithful"

        wtf does this mean?



        "Keep that in mind while talking about the current government."

        How is this any different than past administrations? Why not not just simply spit it out, come on ... you can tell us what you really think.

        link to this | view in chronology ]

        • identicon
          Alexander, 16 Oct 2017 @ 7:53pm

          Re: Re: Re: The point is moot.

          I would guess that is code for Deep State.
          Which we all know is code for Law Abiding Constitution Obeying Civil Servant.

          link to this | view in chronology ]

      • icon
        Stephen T. Stone (profile), 16 Oct 2017 @ 5:10pm

        Re: Re: The point is moot.

        Those who were attracted to government service by Obama and Bill before him to promote their own philosophy.

        You say that as if people were not attracted to government service by Reagan or one of the Bushes for the same reason.

        link to this | view in chronology ]

      • icon
        Uriel-238 (profile), 17 Oct 2017 @ 11:39am

        "obama's faithful"

        In our last election, we got the drone strikes candidate, and then we got the even more drone strikes candidate. We voted the latter in.

        The only reason Trump isn't using the intelligence sector to route out dissidents is he doesn't know how. But should he ever learn, it is totally within his character to do so and round them up into work camps.

        This isn't about Obama's state versus Trump's state (or Obama's state vs. Bush's state). Obama has been discharged. No agent works for him, though some may still seek to carry out old missions rather than the new ones.

        Though Trump has certainly been moving to shift the loyalty of agencies to him personally, starting with ICE and CBP, rather than to the United States. It's terribly similar to the Schutzstaffel, Hitler's personal army, in contrast to the general Wehrmacht. And they're constructing work camps.

        Every president since Nixon (if not before) has strived to consolidate power, unconcerned about what happens when the other guys (whichever other guys) get it, or what happens when agents of the state start regarding the public as the enemy.

        We're in a police state now. It's been trending that way at least since the 60s. During the Bush and Obama eras lines were crossed that showed that the people are no longer governed by consent but by force.

        link to this | view in chronology ]

  • icon
    DannyB (profile), 16 Oct 2017 @ 12:25pm

    What is the problem here?

    If those silicone valley geeks can create perpetual motion machines and faster than light spacecraft, then why can't they make responsible encryption that is perfectly secure until a warrant is issued?
    /s

    link to this | view in chronology ]

    • icon
      Stephen T. Stone (profile), 16 Oct 2017 @ 12:45pm

      Re: What is the problem here?

      silicone valley

      …they want porn stars to fix this?

      link to this | view in chronology ]

      • identicon
        Tin-Foil-Hat, 16 Oct 2017 @ 4:59pm

        Re: Re: What is the problem here?

        The pornography industry develops and uses some of the most advanced technology available.

        link to this | view in chronology ]

        • icon
          Stephen T. Stone (profile), 16 Oct 2017 @ 5:07pm

          Re: Re: Re: What is the problem here?

          It would give new meaning to the phrase “nerd harder”, at least.

          link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Oct 2017 @ 1:07pm

    They are just taking a clue from the 1990s anti-tobacco people. Frustrated by years of not finding the silver bullet to stop cigarette smoking, Bill Clintons administration released them from the shackles science placed on them and they went wild creating terms and pseudo-science for their campaigns. They created terms like 2nd hand smoke and PM2.5 particles. PM2.5 particles to us regular Joes is humidity or water vapor. Water acts as a diluent for many naturally occurring, but nasty sounding things.

    Obama's EPA, CDC, and FDA picked up on how successful using misleading terms and pseudo-science was and attacked the very safe e-cigarette. Even WHO was getting into using PM2.5 particles. Like CO2, they are found everywhere and makes regulating people possible until the sun stops shining.

    Having some of our bureaucracies with over 25 years of lying to the public under their belt, I am not surprised the intelligence community is trying to use the same method. And to think, it all started with smoking.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Oct 2017 @ 1:43pm

      Re:

      lol

      link to this | view in chronology ]

    • identicon
      Lawrence D’Oliveiro, 16 Oct 2017 @ 1:45pm

      Re: Bill Clintons administration released them from the shackles science placed on them

      Didn’t Trump promise to fix all that?

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Oct 2017 @ 3:56pm

      Re:

      "it all started with smoking."

      So, according to you - the government never lied to the public before the whole tobacco thing.

      Wow - some people.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 16 Oct 2017 @ 6:46pm

        Re: Re:

        No. The intentional misinformation started with the Clinton anti-smoking crusades. We all know smoking is bad. But most people do not realize it is the smoke that kills, not the tobacco. There are decades long Swedish Snus studies that show their product users suffer no more maladies than the general population.

        The EPA at this time produced a 2nd hand smoking report that was tossed so far out of court, it still hasn't landed. The EPA was saved from liability by arguing on appeal, they were only the publisher of the report and not responsible for the '3rd party' bad science.

        The intelligence agencies arguing for back-doors appear to be using this type of misinformation campaigning.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Oct 2017 @ 1:45pm

    So you think smoking does not cause cancer - got it.

    link to this | view in chronology ]

    • identicon
      mcinsand, 16 Oct 2017 @ 2:05pm

      I think you missed the point

      Non-smoker here. I don't smoke, I don't want to smoke, but I also don't like a lack of honesty. Tobacco companies telling the truth is one issue, but that doesn't justify lying on the other side. There was one major anti-tobacco group some years ago with TV commercials that were offensively dishonest, and the group ironically had some form of 'tru' or 'truth' in their name. As an example, urea is often added to a lot of materials as a humectant, and tobacco is one example. The compound also naturally occurs in urine, as well as a *lot* of other places. One of these 'PSA' spots equated urea in tobacco to having urine on tobacco.

      The originator of this thread did hit on a legitimate point in that lying does not help a cause in the long run.

      link to this | view in chronology ]

      • icon
        Stephen T. Stone (profile), 16 Oct 2017 @ 3:32pm

        Re: I think you missed the point

        Wait. Doesn't the tobacco/cigarette industry actually pay for some of those anti-smoking ads? It would certainly explain why they are so ineffective.

        link to this | view in chronology ]

      • identicon
        Anonymous Coward, 16 Oct 2017 @ 6:19pm

        Re: I think you missed the point

        You understood my point. We can't have a legitimate debate when the terms are changed and false evidence is presented. The 1980s and earlier days of simply showing a person smoking a joint and then killing someone are over in public health videos. And this deceitful way of communicating has now reached the intelligence community again. We all know operation Mockingbird was just Russian propaganda. Yea, right. The games are almost cyclic in nature.

        The CDC ran a study of how effective their new style misinformation and negative anti e-cigarette demonizing campaign was. It showed it was very effective at reaching 24 year olds and younger. That campaign managed to illicit a response from both Public Health England and the Royal College of Physicians asking that it be stopped. People who would most benefit from e-cigarettes were thinking they were as bad as tobacco cigarettes.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Oct 2017 @ 2:08pm

    "The other side of that is there are some evil people in this world"

    It's funny how they pretend that they are not evil.

    link to this | view in chronology ]

  • identicon
    Personanongrata, 16 Oct 2017 @ 2:11pm

    If You Swear an Oath to Protect/Defend the Consititution Have the Decency to Honor Your Oath

    "The other side of that is there are some evil people in this world, and the rule of law needs to proceed, and so what we're asking for is for companies to consider how they can support legal needs for information. Things that come from a judicial order, how can they be responsive to that, and if companies consider from the outset of building a platform or building a capability how they're going to respond to those inevitable asks from a judge's order, we'll be in a better place."

    Dear Rob Joyce super genius (aka White House cybersecurity coordinator) there are no such creatures as unicorns that poop golden eggs or for that matter secure encryption algorithms with backdoors baked-in for US government snoops (ie criminals) to exploit.

    Does siphoning every last bit/byte sent 24/7/365 globally (American citizens data too) in a massive fishing expedition and then storing the data indefinitely for potential future reference considered legal needs for information?

    Dear Rob Joyce get yourself a copy of the US Bill of Rights and study. You and your tax-feeding ilk can start with this:

    Amendment IV: The right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures shall not be violated, and no warrants shall issue but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched and the persons or things to be seized.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Oct 2017 @ 6:36pm

      Re: If You Swear an Oath to Protect/Defend the Consititution Have the Decency to Honor Your Oath

      Hmmmmm. I do hope he reads your quote. I read that he wants to be able to be responsive to a court order. That seems to fit the constitutional intent "unreasonable searches and seizures shall not be violated, and no warrants shall issue"

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Oct 2017 @ 6:36pm

      Re: If You Swear an Oath to Protect/Defend the Consititution Have the Decency to Honor Your Oath

      Hmmmmm. I do hope he reads your quote. I read that he wants to be able to be responsive to a court order. That seems to fit the constitutional intent "unreasonable searches and seizures shall not be violated, and no warrants shall issue"

      link to this | view in chronology ]

  • identicon
    Alexander, 16 Oct 2017 @ 3:40pm

    Doubleplus Good

    The Minister for Teh Cybers says that the Gubmnt mandated Portal of Safety in encryption is not a "backdoor".

    link to this | view in chronology ]

  • identicon
    Stosh, 17 Oct 2017 @ 12:19pm

    I'll believe the nimrods are serious about "backdoors" being harmless when they agree to do all their personal online banking and credit card transactions in the clear.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.