My Question To Deputy Attorney General Rod Rosenstein On Encryption Backdoors

from the golden-key-and-databreach dept

Never mind all the other reasons Deputy Attorney General Rod Rosenstein's name has been in the news lately... this post is about his comments at the State of the Net conference in DC on Monday. In particular: his comments on encryption backdoors.

As he and so many other government officials have before, he continued to press for encryption backdoors, as if it were possible to have a backdoor and a functioning encryption system. He allowed that the government would not itself need to have the backdoor key; it could simply be a company holding onto it, he said, as if this qualification would lay all concerns to rest.

But it does not, and so near the end of his talk I asked the question, "What is a company to do if it suffers a data breach and the only thing compromised is the encryption key it was holding onto?"

There were several concerns reflected in this question. One relates to what the poor company is to do. It's bad enough when they experience a data breach and user information is compromised. Not only does a data breach undermine a company's relationship with its users, but, recognizing how serious this problem is, authorities are increasingly developing policy instructing companies on how they are to respond to such a situation, and it can expose the company to significant legal liability if it does not comport with these requirements.

But if an encryption key is taken it is so much more than basic user information, financial details, or even the pool of potentially rich and varied data related to the user's interactions with the company that is at risk. Rather, it is every single bit of information the user has ever depended on the encryption system to secure that stands to be compromised. What is the appropriate response of a company whose data breach has now stripped its users of all the protection they depended on for all this data? How can it even begin to try to mitigate the resulting harm? Just what would government officials, who required the company to keep this backdoor key, now propose it do? Particularly if the government is going to force companies to be in this position of holding onto these keys, these answers are something they are going to need to know if they are going to be able to afford to be in the encryption business at all.

Which leads to the other idea I was hoping the question would capture: that encryption policy and cybersecurity policy are not two distinct subjects. They interrelate. So when government officials worry about what bad actors do, as Rosenstein's comments reflected, it can't lead to the reflexive demand that encryption be weakened simply because, as they reason, bad actors use encryption. Not when the same officials are also worried about bad actors breaching systems, because this sort of weakened encryption so significantly raises the cost of these breaches (as well as potentially makes them easier).

Unfortunately Rosenstein had no good answer. There was lots of equivocation punctuated with the assertion that experts had assured him that it was feasible to create backdoors and keep them safe. Time ran out before anyone could ask the follow-up question of exactly who were these mysterious experts giving him this assurance, especially in light of so many other experts agreeing that such a solution is not possible, but perhaps this answer is something Senator Wyden can find out...

Filed Under: cybersecurity, encryption backdoors, going dark, responsible encryption, rod rosenstein

CIA Director John Brennan Says Non-US Encryption Is 'Theoretical'

from the central-ignorance-agency? dept

You would think that someone in charge of the Central Intelligence Agency would have some knowledge about what he's discussing while at a Senate Hearing on intelligence. Perhaps not so much. CIA Director John Brennan completely incorrectly said last week that non-US encryption was "theoretical" despite there actually being hundreds of such products on the market.

This happened during an open Senate Intelligence Committee hearing, where Senator Ron Wyden got to ask Brennan a couple of questions. The first was about whether anyone at the CIA was being held accountable for failures during the CIA torture program, and the second was on the future of Section 702 of the FISA Amendments Act. Specifically, he asked whether or not the CIA could live without being able to do "backdoor searches" on 702 data -- basically asking what would happen if the CIA had to get a warrant to search that data. Director Brennan more or less dodged both questions, promising to get back to Wyden later and/or "in a different setting" (i.e., a classified one). However, as part of the preamble before asking questions, Wyden briefly touched on the issue of requiring US companies to backdoor encryption -- the plan put forth by Senators Burr and Feinstein (Feinstein is sitting right next to Wyden while discussing this) -- saying that it won't work and is dangerous. He points out that putting restrictions on US companies won't much matter, because those who wish to do us harm will just use non-US encryption. Despite no question being asked on that topic, Brennan decided to weigh in anyway. You can see the exchange here: Here's what Brennan says:

I respectfully disagree with your opening comments. First of all, US companies dominate the international market as for... as encryption technologies that are available through these various apps. And I think we will continue to dominate them. So although you're right that there's the theoretical ability of foreign companies to be able to have those encryption capabilities that'll be available to others, I do believe that this country and this private sector is integral to addressing these issues. And I encourage this committee to continue to work on it.

Beyond being a bit jumbled, the idea that the issue is "theoretical" is flat out wrong. A recent paper by the Open Technology Institute looked at the 9 top encryption products recommended as "safe" to use by ISIS and pointed out that only one would be impacted by US regulation. And then there was the second study, done by the Berkman Center and led by Bruce Schneier, that was a worldwide study of encryption products and noted that there are 865 encryption products worldwide from 55 different countries -- and 546 of those products are non-US. It's true that the US has the most, but there's a pretty wide variety of other options. And the foreign products cover all different kinds of encryption. They found: "47 file encryption products, 68 e-mail encryption products, 104 message encryption products, 35 voice encryption products, and found 61 virtual private networking products." To argue that this is somehow "theoretical" is beyond ridiculous. Even if it were true (and it doesn't appear to be) that those planning to do us harm currently use US products, it's pretty obvious that they would quickly move to foreign-based products if it became clear that the US products were required to provide a backdoor to law enforcement. Again, the only end result would be to make those who use the encryption for lawful purposes less safe.

Filed Under: cia, encryption, encryption backdoors, going dark, john brennan, non-us encryption, ron wyden

Manhattan DA's Office Serves Up Craptastic White Paper Asking For A Ban On Encryption

from the and-just-a-couple-of-backdoors,-maybe-FOR-SAFETY! dept

Manhattan DA Cyrus Vance may not know what the fuck he's talking about when he discusses encryption, the internet and other tech-related issues. But that's certainly not going to keep him from talking about them.

A just-published "white paper" from the Manhattan DA's office (h/t Matthew Green) offers up all sorts of stupidity in its attempt to justify anti-encryption legislation.

It starts with lofty ideals…

This Report is intended to:

1) Summarize the smartphone encryption debate for those unfamiliar with the issue;
2) Explain the importance of evidence stored on smartphones to public safety;
3) Dispel certain misconceptions that many privacy advocates hold about law enforcement’s position related to encryption, including the myth that we support a “backdoor” or government-held “key;”
4) Encourage an open discussion with technology companies, privacy advocates, and lawmakers; and
5) Propose a solution that protects privacy and safety.

… before throwing most of these out completely, starting with the "open discussion" with the affected stakeholders.

Vance's office doesn't want to burden the nation's tech companies with "golden keys" or "good guy-only" backdoors. The paper admits such a "solution" would be complicated and expensive. (But not impossible, notably.)

His solution? Something that doesn't burden tech companies, but simply leaves their customers unprotected. No backdoors will be needed because there will be nowhere to install one.

The federal legislation would provide in substance that any smartphone manufactured, leased, or sold in the U.S. must be able to be unlocked, or its data accessed, by the operating system designer. Compliance with such a statute would not require new technology or costly adjustments. It would require, simply, that designers and makers of operating systems not design or build them to be impregnable to lawful governmental searches.

That's the big idea: a ban on encryption, presented disingenously as "Not A Ban." For all the paper's supposed "discussion" of the issues and contemplation of concerns expressed by companies and their customers, this is the DA's office's brilliant cure-all: federal legislation that would prevent companies from deploying encryption -- at least not without holding onto a set of keys for government use.

Offered in support of these arguments are the horrendous laws being contemplated/passed in other countries like the UK and France. If they can do it, we can do it! Vance's office argues any resulting harm to human rights civil liberties will be minimal. Undiscussed is the resulting harm to innocent users whose phones' contents are no longer encrypted.

The paper also discusses various workarounds that have been suggested, like accessing the unencrypted contents of cloud storage services connected to users' phones. The DA's office says that just isn't good enough. For one thing, not every user utilizes the cloud services offered by Google and Apple. The office's argument against seeking other routes to communications and data is astoundingly terrible.

[S]martphone users are not required to set up a cloud account or back up to the cloud, and therefore, many device users will not have data stored in the cloud. Even minimally sophisticated wrongdoers who use their devices to perpetrate crimes and who have cloud accounts will likely take the relatively simple steps necessary to avoid backing up those devices, or data of interest, to the cloud. In most instances, only one or two selections must be made in the device’s settings to turn off the back-up function or to remove certain types of content from the back up.

There's a huge problem with this paragraph. It makes the assertion that criminals are more likely to avoid utilizing cloud backup services while simultaneously noting that this process is entirely optional and will not be used by most people. Using this logic, an average user may also be a "minimally sophisticated wrongdoer," at least as far as law enforcement can tell from what it finds stored in the cloud.

The underlying point is that lots of data and communications still reside within the phone itself and law enforcement will not be able to access this without Apple or Google leaving a door open for it.

The office does further damage to its own arguments for banning encryption by highlighting a string of successful prosecutions utilizing evidence recovered from cell phones. It uses this list to highlight the amount of "probative evidence" obtained from cell phones while simultaneously (and inadvertently) pointing out that law enforcement really hasn't been stymied by encryption, despite Vance's FUD-filled imaginations to the contrary.

And, finally, let's take a look at one more bogus analogy made by Vance's office, in which he tries to equate phones with houses.

The Fourth Amendment dictates that search warrants may be issued only when a judge finds probable cause to believe that a crime has been committed and that evidence or proceeds of the crime might be found on the device to be searched. The warrant requirement has been described by the Supreme Court as “[t]he bulwark of Fourth Amendment protection,” and there is no reason to believe that it cannot continue to serve in that role, whether the object that is to be searched is an iPhone or a home.

In fact, what makes full-disk encryption schemes remarkable is that they provide greater protection to one’s phone than one has in one’s home, which, of course, has always been afforded the highest level of privacy protection by courts. Apple and Google should not be able to alter this constitutional balance unilaterally. Every home can be entered with a search warrant. The same should be true of devices.

A more honest analogy would compare phones to computers, which is basically what they are. While a warrant may give cops access to someone's computer -- allowing them to seize it -- it does not guarantee they'll be able to access its contents. Vance wants to compare opening a phone to opening a door, but it's not a true comparison. If people could make their houses as impregnable as their phones and computers, some very likely would -- and not just the theoretical "minimally sophisticated criminals." A house that cops can't get into is a house criminals can't get into. But there's no way to encrypt a door or window.

The paper tries to portray this as somehow making phones more private than houses in terms of the Fourth Amendment. But encrypted phones have nothing to do with a heightened expectation of privacy. Encryption makes phones more secure than houses, not more private than houses. The Fourth Amendment considerations aren't being shifted. It's only the level of instant access that's being changed. Vance's office -- being part of the law enforcement community -- should welcome efforts that make citizens more secure. Instead, all it's doing is bitching loudly and disingenously about all the power it imagines encryption will strip away from it.

Filed Under: backdoors, cyrus vance, encryption, encryption backdoors, going dark, ny

White House Takes The Cowardly Option: Refuses To Say No To Encryption Backdoors, Will Quietly Ask Companies

from the ridiculous dept

Last month, we wrote about a document leaked to the Washington Post that showed the three "options" that the White House was considering for responding to the debate about backdooring encryption. The document made it clear that the White House knew that there was zero chance that any legislation mandating encryption backdoors would pass. But the question then was what to do about it: take a strong stand on the importance of freedom and privacy, and make it clear that the US would not mandate backdoors... or take the sleazy way out and say "no new legislation for now." As we said at the time, option 1 was the only real option. You take a stand. You talk about the importance of encryption in protecting the public.

However, it appears that the White House has taken the cowardly approach. Yesterday, the leading voice in favor of mandating encryption backdoors, FBI Director James Comey, announced that the administration would not push for legislation to mandate backdoors... for now. But it will still push for backdoors quietly behind doors with companies.

After months of deliberation, the Obama administration has made a long-awaited decision on the thorny issue of how to deal with encrypted communications: It will not — for now — call for legislation requiring companies to decode messages for law enforcement.

Rather, the administration will continue trying to persuade companies that have moved to encrypt their customers’ data to create a way for the government to still peer into people’s data when needed for criminal or terrorism investigations.

“The administration has decided not to seek a legislative remedy now, but it makes sense to continue the conversations with industry,” FBI Director James B. Comey said at a Senate hearing Thursday of the Homeland Security and Governmental Affairs Committee.

This is a totally bullshit response. Of course the administration isn't asking for legislation: because everyone knows (1) it couldn't pass and (2) it would be a really, really stupid thing to ask for. In that leaked document last month, the administration noted that with this option public interest groups "would likely see this outcome as a solid win." They're wrong. This option is bullshit. It's one notch up from literally "the least they could do." It doesn't help anyone. It provides cover to countries that do want to undermine the tech industry and mandate backdoors. It leaves open the ways to pressure tech companies to secretly include backdoors that undermine everyone's safety. And, worst of all, it takes away any and all "high ground" positions for the administration to point out that it doesn't want to undermine the safety and security of the American public.

In short, the administration didn't take the strong stand when the strong stand was the only feasible path. There are enough people within the administration who know this is the stupid choice, and yet they still took it. A very weak move from an administration that should know better (and does know better), just to please some technologically-clueless law enforcement folks.

Filed Under: cybersecurity, encryption, encryption backdoors, going dark, james comey, obama administration, white house