In recent months, Deputy Attorney General Rod Rosenstein has emerged as the government’s top crusader against strong encryption.
“We have an ongoing dialogue with a lot of tech companies in a variety of different areas,” he recently told Politico Pro. “There [are] some areas where they are cooperative with us. But on this particular issue of encryption, the tech companies are moving in the opposite direction. They’re moving in favor of more and more warrant-proof encryption.”
While the battle against encryption has been going on within federal law enforcement circles (dubbed “going dark”) since at least the early 1990s, Rosenstein has now called for “responsible encryption.”
But as Riana Pfefferkorn, a legal fellow at the Stanford Center for Internet and Society, told a recent assembled crowd at Ars Technica Live, it’s not clear entirely how that responsibility should be laid out.
“I think what Rosenstein is getting at is that he believes that companies in their deployment of encryption should be responsible to law enforcement above all and public safety rather than being responsible to their users or the broader security ecosystem,” she said.
She indicated that it may be the case, in light of recent failures to prevent Russian meddling in the 2016 presidential election, that the Department of Justice may sense “blood in the water” as a way to aggressively push Congress to take action against companies like Apple and Google.
But, she noted, the Trump-era DOJ isn’t very much different, at least when it comes to crypto policy, as the Obama-era DOJ was.
“Overall, there has not necessarily been a shift in the way that law enforcement present their case to the public,” she said.
As Ars wrote about in 2015, the DOJ’s arguments against encryption haven’t changed much since the early 1990s, when the Clipper Chip was introduced.
In July 2015, an all-star team of cryptographers and computers scientists reached largely the same conclusion that they did years earlier.
“The complexity of today’s Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard-to-detect security flaws,” they wrote in a research paper. “Beyond these and other technical vulnerabilities, the prospect of globally deployed exceptional access systems raises difficult problems about how such an environment would be governed and how to ensure that such systems would respect human rights and the rule of law.”
But as Pfefferkorn noted, it’s been a truism of law enforcement that each time it seeks a new authority, its labels that authority as merely a modernization of its existing powers and not something new.
However, the consensus of information security experts says that it is impossible to build the strongest encryption system possible that would also allow the government access under certain conditions.
In other words, modern, easy-to-use, on-by-default, strong encryption is a game changer.
So, if the government gets what it wants, then an infosec axiom will be realized.
“If strong crypto is outlawed, only outlaws will have strong crypto,” she said.
For more from Pfefferkorn, check out the full interview above in either video or audio form. And don’t forget to come to the next Ars Technica Live at Eli’s Mile High Club in Oakland, California, on February 21, 2018. You can also follow Ars Technica Live on Facebook.
The Ars Technica Live podcast can always be accessed in these fine places:
iTunes:
https://itunes.apple.com/us/podcast/the-ars-technicast/id522504024?mt=2
RSS:
http://arstechnica.libsyn.com/rss
Stitcher
http://www.stitcher.com/podcast/ars-technicast/the-ars-technicast
Libsyn:
http://directory.libsyn.com/shows/view/id/arstechnica
Soundcloud:
https://soundcloud.com/arstechnica/sets/ars-technica-live
Listing image by Chris Schodt / Ars Technica