Deputy AG Calls for Court-Approved Access to Encrypted Devices

Rosenstein, in speech, says 'warrant-proof' encryption threatens Americans' security

Deputy Attorney General Rod Rosenstein
Deputy Attorney General Rod Rosenstein / Getty Images
• October 11, 2017 5:00 am


Deputy Attorney General Rod Rosenstein warned Monday that strong encryption built into handheld devices is preventing law enforcement agencies from protecting Americans from criminals and terrorists.

Rosenstein said "warrant-proof" encryption used on smart phones and other devices has blocked courts from gaining access to evidence and intelligence needed to protect citizens. He called the problem "one of our greatest challenges."

"Warrant-proof encryption defeats the constitutional balance by elevating privacy above public safety," Rosenstein said in a speech to the Naval Academy in Annapolis.

"Encrypted communications that cannot be intercepted and locked devices that cannot be opened are law-free zones that permit criminals and terrorists to operate without detection by police and without accountability by judges and juries," he added.

The deputy attorney general called for "responsible encryption" that allows data to be accessed under court order.

Encryption is the electronic means of scrambling and de-scrambling data, and new and unbreakable forms of the technology are being designed into products by American companies.

The debate over private sector use of strong encryption has heated up since disgruntled National Security Agency contractor Edward Snowden disclosed NSA electronic spying methods, triggering anti-government sentiment. Many privacy and anti-secrecy advocates support strong encryption denies access to the U.S. government, despite fears of its use by criminals and terrorists.

Rosenstein said the problem of government "going dark" electronically was highlighted by the 2015 terrorist shooting in San Bernardino, Calif., by Syed Rizwan Farook and Tashfeen Malik. The Islamic radical couple that killed 14 people and wounded 22 others.

An iPhone used by Farook was locked and prevented the FBI from finding out if other attacks were planned. The FBI obtained the consent of the phone's legal owner, the San Bernardino county government, and obtained a search warrant.

But built-in Apple encryption blocked access and Apple turned down the government's request to voluntarily decrypt the phone data.

Apple also opposed a court order requiring the company to cooperate despite having the technical capability to do so. A private security firm later was able to obtain the encrypted data for the FBI.

Rosenstein said the problem persists.

"Today, thousands of seized devices sit in storage, impervious to search warrants," Rosenstein said. "Over the past year, the FBI was unable to access about 7,500 mobile devices submitted to its Computer Analysis and Response Team, even though there was legal authority to do so."

In another incident, terrorists targeting an event in Garland, Texas, two years ago had exchanged 109 instant messages with an overseas terrorist, Rosenstein said.

"He used an app employing end-to-end encryption, so that law enforcement could not decode the messages," he said. "Billions of instant messages are sent and received each day using mainstream apps employing default end-to-end encryption. The app creators do something that the law does not allow telephone carriers to do: they exempt themselves from complying with court orders."

Rosenstein said he advocates "responsible encryption" that would allow secure and effective data scrambling but also would allow access to coded information with judicial authorization.

The government wants the legal ability to obtain evidence of crimes and terrorism from encryption providers, he said.

"Encrypted communications and devices pose the greatest threat to public safety when they are part of mass-market consumer devices and services that enable warrant-proof encryption by default," Rosenstein said.

"No solution will be perfect. If only major providers refrain from making their products safe for terrorists and criminals, some sophisticated criminals may migrate to less-used platforms. But any progress in preserving access to communications methods used by most criminals and terrorists would still be a major step forward."

Negotiating with tech companies for their assistance with the problem, however, is not likely to work, he added, noting competition among companies offering ever stronger encryption in products.

Rosenstein said company leaders have met with government officials to discuss encryption but "often they respond by criticizing the government and promising stronger encryption."

"Of course they do. They are in the business of selling products and making money," he said. "We use a different measure of success. We are in the business of preventing crime and saving lives."

Rosenstein noted that tech companies have made accommodations to foreign governments, including one firm that developed tools used to suppress online posts in certain geographic locations to assist government censorship.

Other U.S. companies gave in to foreign government demands to prevent local users abroad from using software that helps circumvent censorship restrictions, and halted support for virtual private network apps at the request of a foreign government to prevent internet users from defeating online censors.

"American technology providers sell products and services in foreign markets where the governments have questionable human rights records and enforce laws affording them access to customer data, without American due process or legal protections," Rosenstein said.

"Surely those same companies and their engineers could help American law enforcement officers enforce court orders issued by American judges, pursuant to American rule of law principles."

Rosenstein rejected the argument of privacy advocates that the government can offset evidence hidden by encryption through new sources of data.

But law enforcement needs "powerful evidence" to establish guilt beyond a reasonable doubt and communications often provide conclusive proof.

"If companies are permitted to create law-free zones for their customers, citizens should understand the consequences," he said. "The truth is that ‘going dark' threatens to disable law enforcement and enable criminals and terrorists to operate with impunity.

Angelo Codevilla, a national security expert, said recent cyber attacks by nation states such as Russia and China raise questions about whether the U.S. government can be trusted to protect Americans' security.

"The U.S government is asking for access to our doors, but is incapable of guarding those doors," said Codevilla, senior fellow at the Claremont Institute and professor emeritus at Boston University. "We Americans have come to trust encryption for the same reason we have had to fall back on our own guns for our own protection."

Kurt Opsahl, general counsel of the pro-privacy group Electronic Frontier Foundation, disagrees with Rosenstein.

"Rosenstein’s demand for ‘responsible encryption' is a call for a backdoor, with yet another attempt to rename it," he said. "The problems with backdoors have not been solved, and it’s no better an idea than it was last year—or in the 1990s."

Opsahl also said Rosenstein, in his speech, failed to recognize that courts have found code to be speech and "that the First Amendment protects the distribution of strong encryption."

Rosenstein also said cyber threats are continuing to grow. "Sometimes we face real torpedoes. And sometimes, in the cyber world, we face virtual torpedoes."

American society, he noted, has been transformed by technological advances.

Some 95 percent of all Americans own a cell phone and more than three-fourths own a smartphone. Additionally, nearly 70 percent of Americans use social media like Facebook and Twitter. Economically, in 2014, the internet produced $922 billion in commerce, nearly 6 percent of the U.S. GDP and the amount is increasing.

"Our lives are increasingly dependent on a growing digital infrastructure," Rosenstein said. "But much of that infrastructure is being targeted by criminals and foreign adversaries."

Published under: Cyber Security, Rod Rosenstein