Latest DOJ WTFness: Encryption Is Like A Locked House That Won't Let Its Owners Back Inside
from the spare-the-Rod,-spoil-the-horse-carcass dept
Deputy Attorney General Rod Rosenstein continues his push for law enforcement-friendly broken encryption. The ultimate goal is the same but the arguments just keep getting worse. Trying to pitch worthless encryption (i.e., encryption easily compromised in response to government demands) as “responsible” encryption is only the beginning of Rosenstein’s logical fallacies.
After a month-plus of bad analogies and false equivalents, Rosenstein has managed to top himself. The path to Rosenstein’s slaughtering of a metaphor runs through such highlights as the DAG claiming device encryption is solely motivated by profits and that this is the first time in history law enforcement hasn’t had access to all forms of evidence. It’s an intellectually dishonest campaign against encryption, propelled by the incredibly incorrect belief that the Fourth Amendment was written to provide the government with access, rather than to protect citizens from their government.
In a long article by Cyrus Farivar discussing a recent interview given by Rosenstein, the Deputy Attorney General drops this abomination of an analogy:
“I favor strong encryption, because the stronger the encryption, the more secure data is against criminals who are trying to commit fraud,” he explained. “And I’m in favor of that, because that means less business for us prosecuting cases of people who have stolen data and hacked into computer networks and done all sorts of damage. So I’m in favor of strong encryption.”
“This is, obviously, a related issue, but it’s distinct, which is, what about cases where people are using electronic media to commit crimes? Having access to those devices is going to be critical to have evidence that we can present in court to prove the crime. I understand why some people merge the issues. I understand that they’re related. But I think logically, we have to look at these differently. People want to secure their houses, but they still need to get in and out. Same issue here.”
It is nowhere near the “same issue.” I sincerely hope DAG Rosenstein regrets every word of this statement.
Let’s streamline the analogy: People want to protect the data on their phones. People still want to be able to access this data on their phones. In no case ever has encryption prevented people from accessing the data on their phones. Forgotten passcodes might, but that’s like losing house keys. You might need outside assistance to get back in.
Rosenstein’s analogy skips a step. It has to. There’s no way this analogy can ever work couched in Rosenstein’s anti-encryption statements. People lock their houses when they leave and unlock them with their keys when they get back. Rosenstein’s analogy is completely baffling, given the context of his remarks. How does strong security prevent people from “entering” their devices? It doesn’t and Rosenstein knows this. It only prevents people other than the device owner from doing so.
What he’s actually talking about is government access, but he can’t find a credible argument for weakening the strong encryption he just claimed he believed in. And he doesn’t have the intellectual honesty to say what he really means. The “they” in “but they still need to get in and out” is meant to encompass law enforcement agencies. In the context of Rosenstein’s anti-encryption argument, that’s the only interpretation that makes any sort of sense. Otherwise, it’s a non sequitur — one that claims strong security is somehow capable of preventing home owners from coming and going as they please.
A boneheaded analogy like this is the only rhetorical option left. That’s because what Rosenstein wants — easily-compromised “strong” encryption (i.e., “responsible encryption”) — simply cannot exist. Impossible demands can only be justified by implausible arguments. Given the swift and steady deterioration of Rosenstein’s rhetoric, it’s probably time to put his “Dead Horses and the Men Who Beat Them” show on ice.
Filed Under: bad analogies, doj, encryption, going dark, responsible encryption, rod rosenstein
Comments on “Latest DOJ WTFness: Encryption Is Like A Locked House That Won't Let Its Owners Back Inside”
Surely even the slightly tech-savvy can understand how this analogy doesn’t work. If encryption worked like this, no one would or even could use it.
Re: Re:
“Surely […] can understand…”
ha haa haaaahh aahahaaahaaaahhaaa
There are two problems here.
lack of understanding on behalf of the voters.
lack of integrity on behalf of the voted.
It would be nice for officials to understand things, the problem is that we do not require them to.
Re: No no, this is setting the scene
for RESPONSIBLE house locks – which are really secure against criminals, but the FBI can get in easily without needing the key.
I am sure those smart people in the lock industry could do that if they nerded harder, they are just being stubborn.
Explanation
Simple, his point of view is:
“What’s mine is mine and what’s yours is mine too. Therefore I’m entitled to your key and to use it for any old reason.”
QED, etc. :
Does anyone take this seriously?
Are the audiences of these talks and articles really so stupid to buy into this stuff? Or does everyone just roll their eyes and go yeah, yeah, blah, blah, blah.
Re: Does anyone take this seriously?
Millions of Americans, and others around the world, listen seriously to the words of the President of the United States. They do listen. Very seriously.
Sad.
Anyhow, in comparison to the President, and in comparison to the Attorney General, Jefferson Beauregard Sessions III — in comparison, their subordinate at DoJ, Deputy Attorney General Rod Rosenstein, is just not quite exactly as serious.
I wish my house was like good encryption! Unless, I hit my head and forgot how to enter in it. Good thing encryption is cheaper than a house.
Heisenberg's encryption principle
He seems to have stumbled on Heisenberg’s encryption principle in which the better the encryption the data, the less access to law enforcement and criminals, and vice versa. The data can’t exist in both an unencrypted and secure state at the same time.
Re: Heisenberg's encryption principle
You screwed up.
... no, that is still not rain.
A boneheaded analogy like this is the only rhetorical option left.
It’s not ‘boneheaded’, it’s dishonest. Deliberately misleading and dishonest.
In one paragraph he proclaims that strong encryption is important and that he is in favor of it, yet the very next paragraph he throws out an example wherein he portrays strong encryption as a bad thing because it keeps certain people out, an example that only works if(as noted in the article) the ‘they’ in his statement are a different party than the ‘homeowner’ in his example.
It’s very clear that he does not actually believe in ‘strong encryption’ in any real sense of the term, and the least he could do is be honest about it. Admit flat out that he’s okay with weakening encryption, that it’s a price he’s willing to have the public pay in order to ensure unprecedented access to information that working encryption could prevent. It would still be a dangerously stupid idea for someone in his position to be pushing, but at least it would be an honestly presented dangerously stupid idea.
How Much Rod can You Handle?
Deputy Attorney General Rod Rosenstein continues his push for law enforcement-friendly broken encryption.
Would someone please explain to Rod Rosenstein the first law of holes is to stop digging.
Man, one has to explain the simplest things to you:
That’s a perfect analogy. Because it spells out the new world order. If you buy a smartphone, you think it is yours. But if you look at the small print, you cannot help but feeling that the manufacturer thinks it’s still theirs.
But you still need to have your personal data registered to get it because, make no mistake, the government considers it theirs. Or maybe they consider you its property, and as a slave your possessions are actually theirs.
I mean, take a look at civil asset forfeiture. That makes only sense once you are considered a government slave, otherwise your property could not just be taken without due process.
YOU WOULDN'T DOWNLOAD A CAR
You wouldn’t reliably secure your house.
So you shouldn’t reliably secure your data.
And you have Feinstein who wants to revive the anti-encryption bill..
Re: Don't forget Burrr
Feinstein and Burr are on the same page when it comes to undermining our electronic security. Stupidity is bipartisan.
Re: Re:
I’ve not once voted for that criminal. Once you get these Democrats in office, they never leave. They can do no wrong while they’re doing criminal things in front of everyone’s face.
Re: Re: Re:
Here’s some info on her corruption.
https://www.indybay.org/uploads/2015/12/10/feinstein_corruption_1.2.pdf
I will grant him this one BUT… only in as much as that after Snowden, the world took a hard look at how strong our encryption actually is, and who is accessing it, and for what reasons.
This is what happens when you put backdoors in stuff.
They should have a trial run of responsible encryption on everyone’s devices that support it. After a year of trial, if there wasn’t a problem then have a serious look at it. It may finally shut them up and maybe dump the very idea once they have been thoroughly hacked.
Re: Yes DOJ, Lead By Example
The DOJ should publicly and open source transparently implement agency-wide “responsible encryption” as a proof of concept.
Then after a couple of years they will have the ideal example. (For the non-existence of cyber-unicorns)
It’s not that boneheaded an analogy. The lock is the encryption in this case. Now imagine we redesign door locks to accept a master key that "only LEO has a copy of". LEOs join the force, LEOs leave the force. The wrong people retain or gain access to those master keys and suddenly every house in America has to have the locks changed.
It’s a pretty apt analogy imo.
Re: Response to: Anonymous Coward on Nov 14th, 2017 @ 12:47pm
Just like the TSA luggage locks and keys.
Goose and Gander
Mr. Rosenstein this responsible encryption thing sounds great. How long before it is implemented throughout your agency?
Amazon Key allows people to unlock their doors remotely.
I imagine that’ll be the FBI’s next target – so they can have literal backdoor access to people’s homes too.
Re: Re:
That IoT is so badly insecure and people still keep buying internet-enabled shit for their homes proves not nearly enough people give a damn about security. This is why we will probably lose strong encryption, too.
Re: Re: Re:
No, that’s a totally different argument. Although it’s one that every civilised country in the West (not the Wild West) has gone for. Surprisingly, it works. But encryption keys don’t generally kill people when used…
Re: Re: Re: Re:
Argh, replied to the wrong comment. Check the comment below once it gets out of the ‘Anti-Blue/Whatever/MyNameHere’ void.
What the fuck? That’s like the government saying “we should ban all weapons because that’s why we have law enforcement”.
LOLS
“… this is the first time in history law enforcement hasn’t had access to all forms of evidence.” LOL, please tell me why cases in the 1950s weren’t tried on DNA evidence. Was it, perhaps, there was no access to that evidence for law enforcement? SMH, These doofs…
Re: Re:
They also don’t have access if I shred documents!!! If I whisper in a person’s ear, etc.
Considering most Encryption software is written outside of the U.S., they have very little to ZERO control over most Encryption software made. Those smart enough will use it.
Re: Re: Re:
Has looking for info on a phone AFTER THE FACT stop anyone from being murdered? Not that I know of. The people are already DEAD. The Murderers are also almost already DEAD after doing their thing. Most are smart enough to wipe and or destroy any hardware that might have had something on it.
Unless the governments are spying on everyone’s phone in real time, completely bypassing encryption, giving access to that phone, might stop a terrorist or murderer. No one in their right mind would want to grand a government that kind of power.
reenscproynpstiibolne
Strong security could definitely prevent a STRAWMAN from entering somewhere/thing.
In terms of topping the boneheadedness, this reminds of Dilbert’s Topper, but this can become its own new character – DAGbert.
Newspeak
Anything with the words “justice”,”freedom” or “patriot” in it’s name is likely to be the opposite. This is just another unelected body that is responsible for policy but not accountable for the consequences.
They want to be able to effortlessly spy on our activities and punish as many people as possible for any transgression of our gazillion laws no matter how petty. Of course they’ll claim it’s for the fraction of a percent of cases that involve children or terrorism.
They should be considered an enemy of the people until they’re obligated to obey the same laws we are and operate as transparently as they demand we do. They should obey the spirit of the law, not look for loopholes to cast a wider net. They violate our trust and instead of earning it back they use fear tactics and propaganda to manipulate congress.
You want easy access to millions of devices just in case? Too bad.
I can accept the analogy
We do need to get in and out of our houses. I’m not going to accept the architect keeping their own key to it, though.
Re: I can accept the analogy
If we’re keeping the analogy, not only does the architect keep his own key, that one key opens every house the architect ever built, and he may be sharing that key with hundreds of police agencies.
Re: Re: I can accept the analogy
… along with an undisclosed number of ‘friends’. But no worries, they’re totally trustworthy and would never abuse the key, or leave it where someone who might not be quite as trustworthy might get their hands on it. Promise.
People want to secure their houses, but we still need to be able to enter with battering rams (possibly attached to APCs) and throw in flashbang grenades and storm in with heavy weapons pointed at you and your loved ones. Is that so hard to understand? Think of the children! I mean hypothetical children, not your personal, actual children.
Re: Re:
Then you end up shot in your own bed, and the police later find out they went to the WRONG HOUSE!!! OPS!!! Oh well, nothing happens to them. That has happened!!!
Not a new idea, but maybe more succinct...
A “strong”, easily breakable encryption (aka backdoor, golden key.. etc) is impossible because it’s a contradiction of definition (The only general case of provably “impossible”).
Bad analogy indeed.
Responsible encryption isn’t giving the keys to criminals and spooks.
That sound you here is MyNameHere having an orgasm to himself. His people are in power.
We can use his analogy
If DAG Rosenstein insists on the ‘house’ analogy, how about I fix it for him:
“I want the government to have skeleton keys to every house in the country, no matter how secure. The government promises never to use the keys without judicial oversight and a proper warrant. And they also promise that nobody else in the world will be able to sneak into the keystore and take a key.” … like that won’t happen!
More accurate version of the analogy
For his analogy to be correct you would have to imagine that the lock on the house was so effective that without the key, the house would literally be impossible to enter for anyone ever. What he is asking for is that when people put this type of 100% effective lock on the house, they also have to make a copy of the key and give it to the government.
Re: More accurate version of the analogy
His analogy is keeping people out of their own houses. It makes no difference how effective the lock is, the analogy is complete trash.
If he were trying to say it’s to keep the government out of their houses,
A) He probably wouldn’t get much support for this idea
B) Comparing a secured physical location with encrypted information is specious
Is there anyone in this administration that didn’t get their English language instructions from “1984”?