Just two days after the FBI said it could not get into the Sutherland Springs shooter’s seized iPhone, Politico Pro published a lengthy interview with a top Department of Justice official who has become the “government’s unexpected encryption warrior.”
According to the interview, which was summarized and published in transcript form on Thursday for subscribers of the website, Deputy Attorney General Rod Rosenstein indicated that the showdown between the DOJ and Silicon Valley is quietly intensifying.
“We have an ongoing dialogue with a lot of tech companies in a variety of different areas,” he told Politico Pro. “There’s some areas where they are cooperative with us. But on this particular issue of encryption, the tech companies are moving in the opposite direction. They’re moving in favor of more and more warrant-proof encryption.”
While the battle against encryption has been going on within federal law enforcement circles since at least the early 1990s, Rosenstein has been the most outspoken DOJ official on this issue in recent months.
The DOJ’s number two has given multiple public speeches in which he has called for “responsible encryption.” The interview with Politico Pro represents the clearest articulation of the DOJ’s position on this issue, and it suggests that a redux of the 2016 FBI v. Apple showdown is inevitable in the near future.
“I want our prosecutors to know that, if there’s a case where they believe they have an appropriate need for information and there is a legal avenue to get it, they should not be reluctant to pursue it,” Rosenstein said. “I wouldn’t say we’re searching for a case. I’’d say we’re receptive, if a case arises, that we would litigate.”
What Rosenstein didn’t note, however, is that the DOJ and its related agencies, including the FBI, are not taking encryption lying down.
The FBI maintains an office, known as the National Domestic Communications Assistance Center (NDCAC), which actively provides technical assistance to local law enforcement in high profile cases.
In its most recently published minutes from May 2017, the NDCAC said that one of its goals is to make such commercial tools, like Cellebrite’s services, “more widely available” to state and local law enforcement. Earlier this year, the NDCAC provided money to Miami authorities to pay Cellebrite to successfully get into a seized iPhone in a local sextortion case.
In the interview, Rosenstein also said he “favors strong encryption.”
“I favor strong encryption, because the stronger the encryption, the more secure data is against criminals who are trying to commit fraud,” he explained. “And I’m in favor of that, because that means less business for us prosecuting cases of people who have stolen data and hacked into computer networks and done all sorts of damage. So I’m in favor of strong encryption.”
“This is, obviously, a related issue, but it’s distinct, which is, what about cases where people are using electronic media to commit crimes? Having access to those devices is going to be critical to have evidence that we can present in court to prove the crime. I understand why some people merge the issues. I understand that they’re related. But I think logically, we have to look at these differently. People want to secure their houses, but they still need to get in and out. Same issue here.”
He later added that the claim that the “absolutist position” that strong encryption should be by definition, unbreakable, is “unreasonable.”
“And I think it’s necessary to weigh law enforcement equities in appropriate cases against the interest in security,” he said.
Poison the well
The DOJ’s position runs counter to the consensus of information security experts, who say that it is impossible to build the strongest encryption system possible that would also allow the government access under certain conditions.
“Of course, criminals and terrorists have used, are using, and will use encryption to hide their planning from the authorities, just as they will use many aspects of society’s capabilities and infrastructure: cars, restaurants, telecommunications,” Bruce Schneier, a well-known cryptographer, wrote last year.
“In general, we recognize that such things can be used by both honest and dishonest people. Society thrives nonetheless because the honest so outnumber the dishonest. Compare this with the tactic of secretly poisoning all the food at a restaurant. Yes, we might get lucky and poison a terrorist before he strikes, but we’ll harm all the innocent customers in the process. Weakening encryption for everyone is harmful in exactly the same way.”
Rosenstein closed his interview by noting that he understands re-engineering encryption to accommodate government may make it weaker.
“And I think that’s a legitimate issue that we can debate—how much risk are we willing to take in return for the reward?” he said.
“My point is simply that I think somebody needs to consider what’s on the other side of the balance. There is a cost to having impregnable security, and we’ve talked about some of the aspects of that. The cost is that criminals are going to be able to get away with stuff, and that’s going to prevent us in law enforcement from holding them accountable.”