White House Cyber Security Boss Also Wants Encryption Backdoors He Refuses To Call Backdoors
from the torturing-words dept
Deputy Attorney General Rod Rosenstein recently pitched a new form of backdoor for encryption: "responsible encryption." The DAG said encryption was very, very important to the security of the nation and its citizens, but not so important it should ever prevent warrants from being executed.
According to Rosenstein, this is the first time in American history law enforcement officers haven't been able to collect all the evidence they seek with warrants. And that's all the fault of tech companies and their perverse interest in profits. Rosenstein thinks the smart people building flying cars or whatever should be able to make secure backdoors, but even if they can't, maybe they could just leave the encryption off their end of the end-to-end so cops can have a look-see.
This is the furtherance of former FBI director James Comey's "going dark" dogma. It's being practiced by more government agencies than just the DOJ. Calls for backdoors echo across Europe, with every government official making them claiming they're not talking about backdoors. These officials all want the same thing: a hole in encryption. All that's really happening is the development of new euphemisms.
Rob Joyce, the White House cybersecurity coordinator, is the latest to suggest the creation of encryption backdoors -- and the latest to claim the backdoor he describes is not a backdoor. During a Q&A at Cyber Summit 2017, Joyce said this:
[Encryption is] "definitely good for America, it's good for business, it's good for individuals," Joyce said. "So it's really important that we have strong encryption and that's available."
Every pitch against secure encryption begins exactly like this: a government official professing their undying appreciation for security. And like every other pitch, the undying appreciation is swiftly smothered by follow-up statements specifying which kinds of security they like.
"The other side of that is there are some evil people in this world, and the rule of law needs to proceed, and so what we're asking for is for companies to consider how they can support legal needs for information. Things that come from a judicial order, how can they be responsive to that, and if companies consider from the outset of building a platform or building a capability how they're going to respond to those inevitable asks from a judge's order, we'll be in a better place."
In other words, Joyce loves the security encrypted devices provide. But he'd love them more if they weren't quite so encrypted. Perhaps if the manufacturers held the keys… The same goes for encrypted communications. Wonderful stuff. Unless the government has a warrant. Then it should be allowed to use its golden key or backdoor or whatever to gain access.
Once again, a government official asks for a built-in backdoor, but doesn't have the intellectual honesty to describe it as such, nor the integrity to take ownership of the collateral damage. Neither the White House nor Congress seem interested in encryption bans or mandated backdoors. The officials talking about the "going dark" problem keep hinting tech companies should just weaken security for the greater good -- with the "greater good" apparently benefiting only government agencies.
This way, when everything goes to hell, officials can wash their hands of the collateral blood because there's no mandate or legislation tech companies can point to as demanding they acquiesce to the government's desires. Officials like Joyce and Rosenstein want all of the access, but none of the responsibility. And every single person offering these arguments think the smart guys should do all the work and carry 100% of the culpability. Beyond being stupid, these arguments are disingenuous and dangerous. And no one making them seems to show the slightest bit of self-awareness.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cybersecurity, doj, responsible encryption, rob joyce, rod rosenstein
Reader Comments
Subscribe: RSS
View by: Time | Thread
When did the permanent recording of all conversation, and keeping permanent copies of all letters and notes go out of fashion?
It has never been possible for the police to have guaranteed collection of evidence via a warrant.
[ link to this | view in chronology ]
Wrong on all points
[ link to this | view in chronology ]
Re: Wrong on all points
DNA analysis is good for excluding, not so good at including. I think you had it correct with your first sentence, the second one not so much.
[ link to this | view in chronology ]
Re: Re: Wrong on all points
I think some crime victims would disagree. Just because it happens less often doesn't make it insignificant. 20 years ago the actor that played Random Task in one of the Austin Powers movie brutally raped a woman. He was arrested for a relatively minor crime and when they took his DNA it matched the evidence in the crime.
[ link to this | view in chronology ]
Re: Re: Re: Wrong on all points
[ link to this | view in chronology ]
The fact he is stupid enough to make these comments means he is not even remotely qualified to hold that position.
Really is sad how often this kind of thing happens. Why are morons with no security experience keep getting high level "cybersecurity" jobs?
[ link to this | view in chronology ]
Rob Joyce [was Re: ]
“Five key players for Trump on cybersecurity”, by Morgan Chalfant, The Hill, May 6, 2017
[ link to this | view in chronology ]
Re: Rob Joyce [was Re: ]
It's like me running around saying I have 40 years experience in cyber security...
I have seen more than enough dullards in positions of power to know that experience is a CON MANS GAME!
[ link to this | view in chronology ]
Re: Re: Rob Joyce [was Re: ]
"Do you have 1 year of experience repeated X times? Or do you actually have X different years of experience?"
And all too often the true answer is "One year repeated X times"
[ link to this | view in chronology ]
Re: Re: Re: Rob Joyce [was Re: ]
[ link to this | view in chronology ]
Re: Rob Joyce [was Re: ]
“Rob Joyce”, CNBC, (undated – url contains “2017/08/22” )
[ link to this | view in chronology ]
Re: Re: Rob Joyce [was Re: ]
Ah, so he WILLFULLY IGNORANT in order to push an agenda. Those people make me more sick than the ones who are just plain ignorant.
[ link to this | view in chronology ]
Re: Re: Rob Joyce [was Re: ]
Incidentally, and fwiw, carefully compare the phrasing of that CNBC-hosted bio with a less-recent bio sketch for the Usenix Association's Enigma 2016 conference. It appears likely to me that CNBC did not entirely originate the wording used.
[ link to this | view in chronology ]
Re: Rob Joyce [was Re: ]
Ok, so maybe I was wrong and this guy does have some experience. That makes this even worse honestly, because that means he knows and is just telling bold face lies.
Also, the NSA, really? They have proven they are rabid attack dogs who give zero shits about collateral damage.
[ link to this | view in chronology ]
Re:
I would think it would not be outside the realm of possibility that they want to force the civilian population to use a backdoored version of encryption so law enforcement and the NSA can look at whatever they want to. Meanwhile the NSA and any other government agency quietly uses a version of encryption that isn't backdoored to protect their stuff and tools.
[ link to this | view in chronology ]
So really, 99% of the population who are just normal American's get the weak encryption that everyone will end up with keys for it one way or another and the Criminals who want real Protection just just download a open source, no backdoor version and the U.S. Government can't do anything to stop that.
Since when is the Government snooping into my conversations to someone recording away, but only will hear what I'm saying with one of their open ended bogus warrants when they need to? Because that's really what he's saying.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
The point is moot.
The behavior of the current administration, the DoJ and its respective agencies have demonstrated that they not only don't hunt down evil people (rather they pick at low hanging fruit), but also they're not trustworthy themselves, and often make rackets from their own authority.
Even if we could make a secure backdoor, there is no-one on Earth trustworthy to keep it.
The recent Equifax hack illustrates this. Those trusted with the data they already have aren't trustworthy.
[ link to this | view in chronology ]
Re: The point is moot.
[ link to this | view in chronology ]
Re: Re: The point is moot.
wtf does this mean?
"Keep that in mind while talking about the current government."
How is this any different than past administrations? Why not not just simply spit it out, come on ... you can tell us what you really think.
[ link to this | view in chronology ]
Re: Re: Re: The point is moot.
Which we all know is code for Law Abiding Constitution Obeying Civil Servant.
[ link to this | view in chronology ]
Re: Re: The point is moot.
You say that as if people were not attracted to government service by Reagan or one of the Bushes for the same reason.
[ link to this | view in chronology ]
"obama's faithful"
In our last election, we got the drone strikes candidate, and then we got the even more drone strikes candidate. We voted the latter in.
The only reason Trump isn't using the intelligence sector to route out dissidents is he doesn't know how. But should he ever learn, it is totally within his character to do so and round them up into work camps.
This isn't about Obama's state versus Trump's state (or Obama's state vs. Bush's state). Obama has been discharged. No agent works for him, though some may still seek to carry out old missions rather than the new ones.
Though Trump has certainly been moving to shift the loyalty of agencies to him personally, starting with ICE and CBP, rather than to the United States. It's terribly similar to the Schutzstaffel, Hitler's personal army, in contrast to the general Wehrmacht. And they're constructing work camps.
Every president since Nixon (if not before) has strived to consolidate power, unconcerned about what happens when the other guys (whichever other guys) get it, or what happens when agents of the state start regarding the public as the enemy.
We're in a police state now. It's been trending that way at least since the 60s. During the Bush and Obama eras lines were crossed that showed that the people are no longer governed by consent but by force.
[ link to this | view in chronology ]
What is the problem here?
/s
[ link to this | view in chronology ]
Re: What is the problem here?
…they want porn stars to fix this?
[ link to this | view in chronology ]
Re: Re: What is the problem here?
[ link to this | view in chronology ]
Re: Re: Re: What is the problem here?
It would give new meaning to the phrase “nerd harder”, at least.
[ link to this | view in chronology ]
Obama's EPA, CDC, and FDA picked up on how successful using misleading terms and pseudo-science was and attacked the very safe e-cigarette. Even WHO was getting into using PM2.5 particles. Like CO2, they are found everywhere and makes regulating people possible until the sun stops shining.
Having some of our bureaucracies with over 25 years of lying to the public under their belt, I am not surprised the intelligence community is trying to use the same method. And to think, it all started with smoking.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Bill Clintons administration released them from the shackles science placed on them
[ link to this | view in chronology ]
Re:
So, according to you - the government never lied to the public before the whole tobacco thing.
Wow - some people.
[ link to this | view in chronology ]
Re: Re:
The EPA at this time produced a 2nd hand smoking report that was tossed so far out of court, it still hasn't landed. The EPA was saved from liability by arguing on appeal, they were only the publisher of the report and not responsible for the '3rd party' bad science.
The intelligence agencies arguing for back-doors appear to be using this type of misinformation campaigning.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I think you missed the point
The originator of this thread did hit on a legitimate point in that lying does not help a cause in the long run.
[ link to this | view in chronology ]
Re: I think you missed the point
Wait. Doesn't the tobacco/cigarette industry actually pay for some of those anti-smoking ads? It would certainly explain why they are so ineffective.
[ link to this | view in chronology ]
Re: I think you missed the point
The CDC ran a study of how effective their new style misinformation and negative anti e-cigarette demonizing campaign was. It showed it was very effective at reaching 24 year olds and younger. That campaign managed to illicit a response from both Public Health England and the Royal College of Physicians asking that it be stopped. People who would most benefit from e-cigarettes were thinking they were as bad as tobacco cigarettes.
[ link to this | view in chronology ]
It's funny how they pretend that they are not evil.
[ link to this | view in chronology ]
If You Swear an Oath to Protect/Defend the Consititution Have the Decency to Honor Your Oath
"The other side of that is there are some evil people in this world, and the rule of law needs to proceed, and so what we're asking for is for companies to consider how they can support legal needs for information. Things that come from a judicial order, how can they be responsive to that, and if companies consider from the outset of building a platform or building a capability how they're going to respond to those inevitable asks from a judge's order, we'll be in a better place."
Dear Rob Joyce super genius (aka White House cybersecurity coordinator) there are no such creatures as unicorns that poop golden eggs or for that matter secure encryption algorithms with backdoors baked-in for US government snoops (ie criminals) to exploit.
Does siphoning every last bit/byte sent 24/7/365 globally (American citizens data too) in a massive fishing expedition and then storing the data indefinitely for potential future reference considered legal needs for information?
Dear Rob Joyce get yourself a copy of the US Bill of Rights and study. You and your tax-feeding ilk can start with this:
Amendment IV: The right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures shall not be violated, and no warrants shall issue but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched and the persons or things to be seized.
[ link to this | view in chronology ]
Re: If You Swear an Oath to Protect/Defend the Consititution Have the Decency to Honor Your Oath
[ link to this | view in chronology ]
Re: If You Swear an Oath to Protect/Defend the Consititution Have the Decency to Honor Your Oath
[ link to this | view in chronology ]
Doubleplus Good
[ link to this | view in chronology ]
[ link to this | view in chronology ]