The FBI needs access to encrypted files in order to protect the nation against cyber crime, according to Deputy Attorney General Rod Rosenstein.
“Encryption is essential,” Rosenstein said at the Global Cybersecurity Summit on Oct.13. “It is a foundational element of data security and authentication. It is central to the growth and flourishing of the digital economy. We in law enforcement have no desire to undermine encryption. But ‘warrant-proof’ encryption poses a serious problem.”
Over the past year, the FBI was unable to access about 7,500 mobile devices submitted to its Computer Analysis and Response Team, even though it had the legal authority to access those devices.
“Warrant-proof encryption overrides our ability to balance privacy and security,” said Rosenstein. “Our society has never had a system where evidence of criminal wrongdoing was impervious to detection by officers acting with a court-authorized warrant. But that is the world that technology companies are creating.”
Rosenstein said that the encryption capabilities should be scrutinized by the public and lawmakers.
“Billions of instant messages are sent each day using mainstream apps employing default end-to-end encryption,” Rosenstein said. “The app creators do something that the law does not allow telephone carriers to do: They exempt themselves from complying with court orders.”
Rosenstein referred to examples of “responsible encryption” that he said should be the norm, including the central management of security keys and operating system updates, the scanning of e-mails for advertising purposes, the simulcast of messages to multiple destinations at once, and key recovery when a user forgets a password. These examples enable the provider to give law enforcement access to users’ data when search warrants are issued.
“What we have in mind is that the engineering goals should include the option of law enforcement access to data, when there is judicial approval based upon a showing of legitimate and particularized need,” Rosenstein said.
Rep. Will Hurd, R-Texas, spoke at the Atlantic’s Cyber Frontier event on Oct. 12, where he disagreed with Rosenstein’s assessment of encryption.
“You can call it whatever you want, but make sure you have strong encryption,” Hurd said. “Encryption is good for our national security and good for our economy.”
Technology companies are concerned about the access that the FBI requests because if the FBI can access the data, then so can the bad actors.
“Sounding the alarm about the dark side of technology is not popular,” Rosenstein said. “People who speak candidly about ‘going dark’ face attacks by advocates of absolute privacy. Some absolute privacy advocates are motivated by profit. Others demonstrate sincere concern about the benefits of privacy. However, they do not worry about preserving law enforcement capabilities. We do.”