BOSTON—Top U.S. law enforcement and policy makers touched the third-rail issue of encryption Wednesday with several high-ranking officials lamenting their inability to crack open phones, laptops and communications protected with strong encryption.
U.S. Deputy Attorney General Rod Rosenstein made the strongest argument that “warrant-proof” encryption hobbles law enforcement’s ability to protect the public and solve crimes. He argued instant messaging services such as WhatsApp, iMessage and Signal “encrypt their messages by default, thereby blocking the police from reading those messages, even if an impartial judge authorizes their interception.”
“Increasingly, technology frustrates the traditional law enforcement efforts to collect evidence that’s needed to protect public safety and solve crimes,” Rosenstein told attendees of The Cambridge Cyber Summit. No where is that more apparent, Rosenstein said, than with criminals that have “gone dark” and use the cloak of anonymity to access illicit markets that “facilitate all matter of crime, from narcotics trafficking, to illegal firearm sales, to identity theft, child exploitation, and computer hacking.”
He said, “the advent of warrant-proof encryption is a serious problem” and “it threatens to destabilize the balance between privacy and security that has existed for two centuries.” At the same time, Rosenstein also stressed encryption can be a valuable tool “essential to the growth and flourishing of the digital economy.”
A year and a half ago, Apple fought the FBI over data privacy and law enforcement’s attempt to force the company to unlock an iPhone used by a terrorist. That sparked a loud privacy debate that may have quieted over the past several months, but is far from decided.
Proponents of strong encryption maintain data protection is a basic necessity ensuring privacy and the safety of digital communications, data, devices and networks. Backdoors or weak encryption open the door for hackers or repressive governments to compromise individual safety and privacy.
“We are certainly not asking for a backdoor. What’s really important for America is strong encryption. It’s good for business, it’s good for individuals,” Rob Joyce, special assistant to the president and cyber security coordinator for the White House, told attendees.
“The flip side of that is there are some really evil people in this world and in the end the rule of law needs to proceed. So, what we are asking for is for companies to consider how they can support legal needs for information – things that come from a judicial order. How can they be responsive to that?”
Tech firms need to consider from the outset—when building a platform or building a capability—how they are going to respond to those inevitable asks from a judge’s order, Joyce said.
“There are other companies that I would consider more responsible corporate citizens that are considering from the start they will need to be responsive to an order,” Joyce said. “We are hoping other companies will consider our (legal) needs and not take a hands-off approach, but consider us in their architecture.”
Joyce said he didn’t expect companies to lay bare every secret behind an encryption application, but just “enough to be responsive to what law enforcement and intel folks need.”
Between the two, Rosenstein was the more vocal critic of the use of end-to-end encryption in network communications, laptops and mobile phones. “Our society has never had a system where evidence of criminal wrongdoing was totally impervious to detection, even when officers obtained a court-authorized warrant. But that’s the world that is being created,” he said.
“People should understand the consequences of warrant-proof security. We should have a candid public debate about the pros and cons of allowing companies to create lock boxes that cannot be opened by police and judges,” Rosenstein said.