Justice Department To Be More Aggressive In Seeking Encrypted Data From Tech Companies

An anonymous reader quotes a report from The Wall Street Journal (Warning: source may be paywalled; alternative source): The Justice Department signaled Tuesday it intends to take a more aggressive posture in seeking access to encrypted information from technology companies, setting the stage for another round of clashes in the tug of war between privacy and public safety. Deputy Attorney General Rod Rosenstein issued the warning in a speech in Annapolis, Md., saying that negotiating with technology companies hasn't worked. "Warrant-proof encryption is not just a law enforcement problem," Mr. Rosenstein said at a conference at the U.S. Naval Academy. "The public bears the cost. When our investigations of violent criminal organizations come to a halt because we cannot access a phone, even with a court order, lives may be lost." Mr. Rosenstein didn't say what precise steps the Justice Department or Trump administration would take. Measures could include seeking court orders to compel companies to cooperate or a push for legislation. A Justice Department official said no specific plans were in the works and Mr. Rosenstein's speech was intended to spur public awareness and discussion of the issue because companies "have no incentive to address this on their own."

Nothing but the Abuses

"Violent criminal organizations" are the last thing on their minds when making these arguments. They want to go after dissent, after whistleblowers. They want to stalk their exes, commit industrial espionage and blackmail. They want to track the best moments to rape and murder, or to be able to plant evidence without alibis making their so-called discoveries as obviously fake as they can be.

These powers would not and will never be used to make citizens or the country safer in any way, even if it could be used in this fashion. If there were any chance they could, they would never pursue them.

Re:Nothing but the Abuses

Too bad we can't format and reinstall the federal government.

Re:Nothing but the Abuses

[spire3661]

We can, but the erase function is bloody expensive.

Re:Nothing but the Abuses

[Wrath0fb0b]

Man, you are totally degrading our argument against these measures with this ridiculous line of reasoning. Of course these measures are useful against violent criminal organizations and actual people that wish to do harm. It's really trivial to find examples of this (like the dead San Bernardino shooter) and, with the way you've constructed your argument, you lose when an example like that comes out.

What those of us that are serious concede is that there are plenty of times in which such a measure is legitimately useful, but nevertheless, the risk for abuse is far too great and that we understand that as a tradeoff we should forego the legitimate uses to protect against the abuse. This is no different than any other conception of civil liberties -- after all, we know for a fact that our system acquits guilty people for a variety of procedural and other reasons, and that some fraction of those people go on to violate more people's rights. But we accept that as the cost of defendants' protections. Similarly, we accept the concept of parole knowing that some (maybe low) fraction of parolees will commit crimes that violate people's rights. We don't insist that parole can't happen unless that fraction is identically zero.

So quit it with the conspiratorial nonsense of imagining that this is some kind of plot. It's not, and you're making us look like loonies.

What it is is that there are zealots for whatever cause that don't give a shit about our rights and believe that it's better to trample them in order to get the drugs/terrorist/mafia/whatever-bad-guy. And you know what, in a big way that's a lot fucking worse that someone actually wants to enact tyranny. These are guys that are delusional and think they are fighting the good fight.

Oddly enough, besides making us look like loonies, your arguments give them cover by asserting that it must be bad motivations that lead to tyranny. It's exactly the opposite -- it's the zealous pursuit of good motives that pave the way to hell.

Finally, and before I rant further, I want to quote the Supreme Court talking about the purpose of the Fourth Amendment:

The point of the Fourth Amendment which often is not grasped by zealous officers is not that it denies law enforcement the support of the usual inferences which reasonable men draw from evidence. Its protection consists in requiring that those inferences be drawn by a neutral and detached magistrate, instead of being judged by the officer engaged in the often competitive enterprise of ferreting out crime.

Any assumption that evidence sufficient to support a magistrate"s disinterested determination to issue a search warrant will justify the officers in making a search without a warrant would reduce the Amendment to a nullity, and leave the people"s homes secure only in the discretion of police officers. Crime, even in the privacy of one's own quarters, is, of course, of grave concern to society, and the law allows such crime to be reached on proper showing. The right of officers to thrust themselves into a home is also a grave concern, not only to the individual, but to a society which chooses to dwell in reasonable security and freedom from surveillance. When the right of privacy must reasonably yield to the right of search is, as a rule, to be decided by a judicial officer, not by a policeman or government enforcement agent.

Re:Nothing but the Abuses

The things the other Anonymous Coward listed are all things that law enforcement have been caught doing red-handed, with powers such as the technically-illegal wiretapping. Looking up one's current or previous significant others has been shown to be a common problem. Planting evidence -
  usually drugs - has been caught numerous times on camera. Whistleblower protections (including protection of their identities) have been razed. Justine Ruszczyk was killed by an LEO with complaints of sexual abuse against him when she phoned to signal a rape. Civil Assets Forfeiture quickly became armed burglary.

    All of these newfound powers such as stingray units have done little if anything to solve any crimes, and yet have been consistently abused for things entirely unrelated to their official functions.

Re:Nothing but the Abuses

[Wrath0fb0b]

I agree. These are all abuses that have happened. But that doesn't mean that the policies were put in place for the purpose of abuses rather than by zealous people after other ends.

I think civil forfeiture is awful, but even I have to concede it has been a very useful tool at defunding drug conspiracies (not that I even believe in the War on Drugs in the first place). And I can understand how a zealous drug warrior would see that tool and not give a shit about people standing in the way. I still believe that the potential for abuse greatly outweighs the benefit, but it's madness to say that it was invented for the purpose of abusing it.

So I have to argue against the zealot not because I think he is in a conspiracy to abuse our rights, but because he's after his own windmill and will burn us to the ground to get at it. If you still don't get that, I don't think I can help you.

Re:Nothing but the Abuses

[eaglesrule]

Case in point: the so called "USA Liberty Act"

The Orwellian names they give these things are such a shiboleth. Anyone want to bet that the final version of the bill will be more of a threat to liberty than to actually preserve it?

Re:Nothing but the Abuses

[JohnFen]

Agreed, but I'd add a second caveat to that: the law enforcement agency does not get to keep any portion of the forfeited property or proceeds.

Two-way street

I wonder if they recognize the hypocrisy in this statement when numerous administrations also encrypt or destroy email archives prior to leaving office.

In order to make an omelet...

[drunken_boxer777]

...you have to break a few eggs. A few lives lost every year due to "terrists" are a small price to pay for freedom.

I am willing to risk the ridiculously small chance that my family and I will die in a terrorist incident in order to preserve our freedoms, despite continued government attempts to erode them (Patriot Act, etc.). I'd like to think that anyone sufficiently educated in mathematics and history would logically come to a similar conclusion.

Re:In order to make an omelet...

[MitchDev]

The governments ARE the terrorists with their blatant disregard for the constitution and human rights

Re:In order to make an omelet...

[bluefoxlucid]

They'd much rather the 4th Amendment and the 5th go away, of course. Yes, encryption is a legitimate hurdle for law enforcement--and no, you can't ban it, because it's always out there, and the bad guys will just get smarter.

They talk about terrorist organizations like they're a bunch of idiots living in some backwater shithole without running power, yet they're using WhatsApp encryption and so are bullet-proof and so encryption must go. When WA goes, the terrorists will get a technology group together to identify practices for using strong encryption technology which exists and build their own network.

Frigging Al Qaeda has its own phone support desk; they're an organization and they've got a respectable capacity for actually operating themselves. The only problem is their organizational goal is asinine and we need to tear them down--too bad long-lived terrorist organizations get to be long-lived by being good at what they do.

You pull the plug on encryption, you're only pulling it out of the hands of the common man; the terrorists, the crime networks, the people you can't find and can't identify, they all keep the nasty little tools that keep you from finding them. They also get to hack things and see people's stuff, and use that to expand the reach of their organizations--identity theft or even just profiling someone and hitting all their buttons to change their ideals and recruit them as a new terrorist.

Do you want to give the terrorists more power?

Lives "may" be lost...

[LS1+Brains]

This is the same pile of bovine excrement used in any attempt to destroy, um I mean "regulate" freedoms. They "may" have a slim shred of justification if there was concrete and irrefutable evidence of the imminent commission of a homicide, but we all know better.

BS

[MitchDev]

""Warrant-proof encryption is not just a law enforcement problem,"" It's actually a natural right for all human beings, so stop trying to violate it.

Public safety is not opposite to privacy

Secure encryption increases public safety. If the government can't break into everybodies data criminals can't either.

He who sacrifices...

[pr0t0]

When our investigations of violent criminal organizations come to a halt because we cannot access a phone, even with a court order, lives may be lost.

Lives may be lost, but liberty will be preserved.

Let's put the cards on the table, shall we? This has little or nothing to do with saving lives, and everything about garnering power through the acquisition of data...lots and lots of data. While those who seek this power wouldn't word it quite this way, it's about a nation subjugating its citizenry.

Next step, aerosolized chemical agents to keep people calm and docile. You want Reavers? Cause that's how you get Reavers.

There is no clash between privacy & public saf

....the stage for another round of clashes in the tug of war between privacy and public safety.

No, there is a clash between privacy and dragnet operations by lazy and corrupt law enforcement.

They collect all this data for our "security" and yet, some cranky old guy gets 23 guns and shoots up Las Vegas under their noses. Or two punk ass kids blow up a Boston marathon.

If you have to rely on personal data in order to get the person under investigation to basically incriminate themselves, then there is something horribly lacking in their investigation. You would have to be one brilliant criminal mastermind to have the only evidence against you be on your electronic device - actually an idiot savant - brilliant enough not to have any way of proving your crimes but stupid enough to keep a record on your personal device.

Plea to emotion

[cryptizard]

It bothers me how his argument is almost entirely a plea to emotion. It might as well be, "think about the children." Even if he is correct, that some violent criminals are getting away with crimes because we can't prosecute due to strong encryption, how many of those incidents are we willing to pay for more secure devices? It pains me to say it, but if we had to trade 10 murders for a few billion dollars of economic damage due to preventable cyber crime, I think there are very few people who would choose the second option. We know human lives have a price in this country or else we would have universal health care by now...

Another aggravating point in his speech is that he says, "we [the DoJ] are in the business of preventing crime and saving lives." That is not true. He is in the business of prosecuting crime and getting convictions. There are actually very few incentives for him to reduce crime. If removing encryption let him convict more criminals, and then had the side-effect of increasing cyber crime, leading to more criminal convictions, that is a win/win for him.

And so it begins...

[evolutionary]

China, Russia, the UK and now the USA. Our constitution, even the pretence of it, as the US is increasingly not a government for the people or even by the people, but over the people regardless of what it believes. At least Russia and China are straightforward about it. We claim to be difference yet we push ourselves further and further towards the very people we openly condemn. Japan and France are starting to look pretty good right now. Canada is okay, for the moment, but given it's proximity and trying to retain it's "buddy, buddy" status with the USA, it may well go the same route or at least route data to the USA ever so quietly violating not only privacy, but it's own sovereignty. So when is the public going to say "enough". Even Snowden's sacrifice (and others before him) to show us what is going on so we can act, seems to have barely made people aware, and then they go back to "business as usual", save for the few exceptional people, who will be targets for questions the direction of the "status quo". Curse the Bush family for starting it, and curse those after them who kept expanding it. (And that includes Obama I'm sorry to say).

Law Enforcement Backdoors

[Jason+Levine]

It sounds like they want encryption with a backdoor for law enforcement to get into with a warrant. Even putting aside the abuse of power that would happen (e.g. government getting a rubber stamped warrant to look at someone's phone because they don't like his political views), this is worrying. There is no such thing as "a backdoor only for law enforcement." If you make a backdoor, hackers and other governments WILL find it and WILL exploit it. Unlike a normal vulnerability, which can be patched when found, if this backdoor gets out it won't be able to be patched. The government agencies will demand that it remains open for them even while other entities abuse it.

"Law enforcement only" backdoors will just make security much weaker for everyone while not really improving much in the way of security on the law enforcement side.

Re:Law Enforcement Backdoors

If they mandate encryption be weakened in this way, everyone will simply use over-the-top encryption after the mandate-afflicted layer. (Yes, I mean "afflicted".)

Re:Law Enforcement Backdoors

[argumentsockpuppet]

I think you didn't read the link: The Golden Key Fallacy, because what you argue first is exactly the fallacy I pointed out there. You go on to make the same argument I made immediately below that link: It Wouldn't Accomplish the Goal, namely that encryption exists independently of whatever rules or laws might be made. It looks like you're ignoring the issues I was trying to raise for discussion.

So, first off, it is possible to keep a key secure. Apple has such a key and they've apparently kept it secure (paranoid speculation aside.) To make it absolutely clear, Apple has the ability to make breaking encryption trivial any time they decide to, whether by creating the software update that would do it themselves or by providing that key to someone in law enforcement. You can call that a backdoor or not, but the result is the same: Anytime Apple decides to, they can break your encryption or allow law enforcement to do the same. The only thing that keeps that from happening is Apple's desire to market privacy. (The same goes for Google, Samsung, HTC, LG, etc.)

The bigger issues are that most people don't care and most criminals don't plan that well. You and I, even most /. readers, understand what encryption is and why protecting it is important. Great. If you ask ten people on the street whether law enforcement should be able to access encrypted data with a warrant, you'll get at least nine people saying they should. The only thing preventing it from happening is that the ten percent who do understand the issue are vocal and have math on their side. If Congress decides they need to be "tough on crime" in order to get re-elected, then you can expect laws mandating phone manufacturers have a way to provide access to encrypted data. Then there is the biggest and most dangerous issue. It will work.

The first six months of government mandated decrypt capability will result in hundreds of criminals being successfully prosecuted. Every one of those will be a headline that trumpets the success of the laws. Public opinion will strongly support it. It won't catch smart criminals, but those are rare and won't make headlines when the laws fail. Government will strengthen its hold on the ability to spy on its citizens at will.

To quote my website, since most people won't read it:
 

When lawmakers consult sympathetic technology and security experts, guess what they'll hear:

* Golden keys are already in place to secure phones
* Golden keys aren't necessary to accomplish the goal

The golden key fallacy hurts our case. Stop using it. We need better arguments. Help me find them.

Re:This government needs even MORE power!

[InfiniteBlaze]

The intelligent argument is not that the government should be in charge of health care, but that the government should be the single-payer for health care. Numerous payers require numerous negotiations and often-unfair rates in the interest of profit. No one should profit off the health of another, and no one should be unhealthy due simply to the fact that they are poor. No one should be bankrupted by a health issue, especially when they have health insurance. Besides the obvious fact that healthier citizens are more productive, there are relatively unseen and often-ignored effects of concern over health, and guaranteed health coverage for all would eliminate those issues.

You want sympathy? Or even support?

[Opportunist]

Then stop abusing your power. As it is now, the likelihood of someone being damaged by you HAVING access to data is higher than if you don't.

Re:This government needs even MORE power!

[fulldecent]

Enlightenment.

California has a population of 40 million, this is larger than 200 countries. If California can negotiate a great deal by itself then I don't expect the US as a whole to do it much better.

Also, California voted 140% democrat in the last election. Literally. If California can't pass single payer healthcare then clearly the idea is too extreme for the whole country.

~~~

Be careful, when we talk about "government" there are different governments.

An incredibly bad argument

[JohnFen]

First, to hear the Justice department tell it, they must have been unable to solve crimes back before networks existed. Which is clearly BS.

Second, if their argument is to be taken seriously, then we also need to have laws preventing people from owning safes unless they give a copy of the key/combo to the government.

Re:This government needs even MORE power!

[GrumpySteen]

It's funny how you translated "more registered voters than residents" into "voted democrat".

The errors in the registration lists are largely due to people moving, dying, etc. and not contacting the state to deregister. It's a common problem and it's not just among Democrats, despite your obvious desire to paint it as such.

After Trump bitched about fraudulent voting and people being registered where they shouldn't, it came out that Steve Bannon, Tiffany Trump, Sean Spicer, Jared Kushner and Steven Mnuchin were all registered in more than one state because they hadn't deregistered themselves when they moved.

If you honestly believe that someone being registered in two states means they're voting in both states, then you should be demanding that all those Republicans be arrested for voter fraud.

Re:Discussion of the issue is a total waste

[sl3xd]

Regardless, the government will just have keyloggers built into the BIOS. The manufacturers are the weak link here.

Keyloggers are a well-known problem -- and one for which security solutions are designed to mitigate. U2F was designed to be secure with a keylogger installed (because spyware is a thing). There are completely open, easily manufactured designs of U2F keys.

GPG cards similarly have an open design, and are designed such that the keys can't be recovered from the device -- and the critical decryption is done on the GPG card.

There's also Coreboot, Libreboot, and OpenFirmware before that -- all open source BIOSes you can audit and compile yourself.

Electronics hobbyists design entire computers -- from PC board design and manufacture (at home) all the way to working Linux computers with internet access. Completely from scratch.

The reality is that the skills and tools to bypass such spying is common, widespread, and well published. Many who have the skills are thrilled when somebody shows an interest in their hobby, and eagerly assist anyone who asks.