DOJ Back To Pushing For Legislation Targeting Encryption

from the CLIPPER-CHIP-2K18 dept

The New York Times is reporting that the War on Encryption continues, with a renewed push for legislation the Justice Department couldn’t talk Obama into.

Federal law enforcement officials are renewing a push for a legal mandate that tech companies build tools into smartphones and other devices that would allow access to encrypted data in criminal investigations.

F.B.I. and Justice Department officials have been quietly meeting with security researchers who have been working on approaches to provide such “extraordinary access” to encrypted devices, according to people familiar with the talks.

[…]

Against that backdrop, law enforcement officials have revived talks inside the executive branch over whether to ask Congress to enact legislation mandating the access mechanisms.

FBI Director Chris Wray still has yet to hand over his list of agreeable security experts to Sen. Ron Wyden. Wray continues to assert there’s a way to solve the “going dark” problem that won’t involve make device encryption less secure, but every suggestion he offers involves making device encryption less secure. There are a few techies looking for solutions, and that small group may be who Wray believes can talk legislators into prepping a mandated access bill.

A National Academy of Sciences committee completed an 18-month study of the encryption debate, publishing a report last month. While it largely described challenges to solving the problem, one section cited presentations by several technologists who are developing potential approaches.

They included Ray Ozzie, a former chief software architect at Microsoft; Stefan Savage, a computer science professor at the University of California, San Diego; and Ernie Brickell, a former chief security officer at Intel.

The solutions presented by this group are more of the same: key escrow, weakened encryption, or technological assistance mandates. None of these work out particularly well for customers, as each options provides additional attack vectors for criminals, not just law enforcement. So, even if Wray hopes to rely on more sympathetic tech experts, he’s still going to run into the same facts: you cannot provide access to law enforcement without increasing the chance of access by criminals and state-sponsored hackers.

It appears the DOJ isn’t interested in letting the perfect be the enemy of the good. And why should it? It won’t be affected by mandated access and/or weakened encryption. Those affected most will be members of the general public, and they simply don’t matter when the FBI’s agitating for destroying the encryption the public relies on to keep their devices and communications secure.

[O]ne Justice Department official familiar with the deliberations contended that it might not be necessary to come up with a foolproof system, arguing that a solution that would work for ordinary, less-savvy criminals was still worth pursuing.

Take a long look at that statement. This is the DOJ saying it’s willing to sacrifice the security of millions of Americans to make sure it can round up the nation’s least intelligent criminals. This isn’t a balance anyone outside of the FBI’s inner circle will be happy with. Wray and others routinely claim encryption is preventing them from solving serious crimes and hunting down dangerous criminals, but when all is said and done, it will apparently be satisfied locking up the most inept suspects.

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “DOJ Back To Pushing For Legislation Targeting Encryption”

Subscribe: RSS Leave a comment
35 Comments
Anonymous Coward says:

They used to be able to solve crimes without all the encrypted data they now want access to because it was never recorded before the smart device era. So what is stopping them using the means they used to use to solve crimes, might it be a problem of the police alienating the communities they police. They certainly seem hell bent on alienating everybody in the world by removing all vestiges of privacy.

Anonymous Anonymous Coward (profile) says:

Re: Re:

FBI: But, but, but if those encrypted digital devices didn’t exist we wouldn’t know that any laws were broken…

Intelligent Lawmaker: If you don’t know what is on the devices, how can you know that some law was broken?

FBI: Why else would they use them?

Intelligent Lawmaker: Well, you use them.

FBI: Well, that’s why we call our employees ‘special’ agents.

That One Guy (profile) says:

Well he's at least HONESTLY a blatant threat to the public

[O]ne Justice Department official familiar with the deliberations contended that it might not be necessary to come up with a foolproof system, arguing that a solution that would work for ordinary, less-savvy criminals was still worth pursuing.

‘We’re willing to undermine the protections that hundreds of millions depend on if it means it will be easier to go after the inept criminals who are so stupid that they would have been caught anyway.’

You’d be hard pressed to find a better demonstration that those pushing for broken encryption are willing to throw millions of people to criminals of all stripes than this little admission. They’re willing to betray the public on a national scale if it means they have to do slightly less work.

This obsession with giving criminals the biggest gift ever has been a dangerously stupid obsession for some from the get-go, but it’s statements like this that show just how low they are willing to sink, how little they care for anyone but themselves.

Peter (profile) says:

What is the point- commercial tools are available and affordable

In case the DOJ’s investigative skills aren’t all they are cracked up to be, here is a little help:

Media report that GrayKey offers a box that will crack an unlimited number of iphones for $30,000. If they’d rather pay on a case-by-case basis: “police usually spend about $1,500 on each device unlocked by Cellebrite.”
http://www.zdnet.com/article/graykey-box-promises-to-unlock-iphones-for-police/

Anonymous Coward says:

no law enforcement agency or government is going to stop doing whatever it has to to get their ability to break into encrypted devices into law. as long as the public can be held accountable for everything and anything and none of those involved in the various agencies and governments can have their devices inspected, or be held accountable for the crap they pull, without charges being brought against whoever manages to invade those devices, they will be happy. basically, they want to know everything about everyone else but no one is allowed to know what they are up to! if that doesn’t make anyone suspicious, it should! just look at the erosion of the various parts of the constitution since the very first case went to court involving the entertainment industries and ‘copyright infringement’! then look at how USA law enforcement has taken to arresting people and holding them at airports and border crossings, inspecting phones, tablets and laptops, all without warrants, even when the should have had! privacy and freedom is being annihilated and not because of terrorism, because of the fears of governments, politicians, the rich and famous, all scared we will find out what they’re up to, contrary to our best interests, while demanding, not just expecting to know every single thing about us!!

Anonymous Coward says:

I think you've misinterpreted the statement.

[O]ne Justice Department official familiar with the deliberations contended that it might not be necessary to come up with a foolproof system, arguing that a solution that would work for ordinary, less-savvy criminals was still worth pursuing.

They’re not looking for a system that only catches the dumbest of criminals. They’re looking for a system that can’t be broken by the dumbest of criminals.

JoeCool (profile) says:

Re: I think you've misinterpreted the statement.

Either interpretation is still horrific to the general public. With your interpretation, instead of no one getting into your phone, only semi-smart criminals will be able to get into your phone… unless the dumb ones sell your phone to a slighter smarter criminal. So in the end, you’re still hosed.

Anonymous Coward says:

Re: Re: I think you've misinterpreted the statement.

Indeed. The real meaning of

[O]ne Justice Department official familiar with the deliberations contended that it might not be necessary to come up with a foolproof system, arguing that a solution that would work for ordinary, less-savvy criminals was still worth pursuing.

is so the justice department can say that the broken encryption isn’t broken since that criminal mouth breather over there "can’t break into the device using the approved encryption, therefore the approved encryption is ‘secure enough’ for any law abiding individual."

Anonymous Coward says:

Poster Child

U.S. Department of Justice – Office of the Inspector General:“A Special Inquiry Regarding the Accuracy of FBI Statements Concerning its Capabilities to Exploit an iPhone Seized During the San Bernardino Terror Attack Investigation” (March 2018)

After the outside vendor successfully demonstrated its technique to the FBI in late March, EAD Hess learned of an alleged disagreement between the CEAU and ROU Chiefs over the use of this technique to exploit the Farook iPhone – the ROU Chief wanted to use capabilities available to national security programs, and the CEAU Chief did not. She became concerned that the CEAU Chief did not seem to want to find a technical solution, and that perhaps he knew of a solution but remained silent in order to pursue his own agenda of obtaining a favorable court ruling against Apple. According to EAD Hess, the problem with the Farook iPhone encryption was the “poster child” case for the Going Dark challenge.

NeghVar (profile) says:

minimal impact

Even if there is a ruling forcing encryption to have a government backdoor, there is always open-source.
Vericrypt and CipherShed are such examples. If the government slips in some kind of backdoor, the community of programmers will notice and remove or not compile that variation. And if the government comes after them, move to Belize like RedFox did

Uriel-238 (profile) says:

Re: Postcards (and software) from Belize

So anyone who is savvy about this is going to either install a foreign-made or open source unhobbled crypto system on their phone right after purchase, or just look for foreign versions of the phone. For business devices, it will become an expected expense.

And everyone else, hackers will arrange, will have Goatse as their homepage background while their phone burns cycles and power as a botnet zombie DDOSing the establishment.

Which means everyone will eventually swap their crypto out on first purchase, the way we used to buy an anti-virus package for our new computer.

How marvelously cyberpunk!

Anonymous Coward says:

The DOJ IS affected....

It appears the DOJ isn’t interested in letting the perfect be the enemy of the good. And why should it? It won’t be affected by mandated access and/or weakened encryption.

I can think of a number of ways the DOJ will be affected by mandated insecurity.

First off, good luck for them to try and buy consumer hardware that doesn’t have this implemented. This means that anyone who gains control of the access control system will have full access to DOJ equipment as well.

Second off, once this goes down, expect to see the caseload for the DOJ skyrocket as criminals take advantage of the holes the DOJ punched in security. And those criminals will likely mostly be outside the US, which means after spending countless man hours to hunt them down, the DOJ will be powerless to prosecute.

Although I guess you could argue that this is the FBI’s problem, not the DOJ’s problem.

That One Guy (profile) says:

Re: That's a feature, not a bug

Second off, once this goes down, expect to see the caseload for the DOJ skyrocket as criminals take advantage of the holes the DOJ punched in security. And those criminals will likely mostly be outside the US, which means after spending countless man hours to hunt them down, the DOJ will be powerless to prosecute.

‘Would you look at that, there’s been an absolute explosion in crime for some mysterious reason, and our current laws are keeping those evil criminals safe from our reach. Clearly our budget needs to be drastically increased, and the law rewritten, or new laws added, that will give us power and authority we need to catch those dastardly fiends.’

Uriel-238 (profile) says:

Re: It's good to want things.

The thing is businesses depend on information security to exist, even your local hipster bike cafe. If they mandated hobbled crypto, they’d essentially either make it impossible to do business in the US, or force businesses to find loopholes by which they can retain impenetrable information locks.

This is one of the things that happens with stupid laws: they don’t take. So many people will decide to just break the law that it becomes impossible to enforce.

Anonymous Coward says:

Same Old Song

“This is the DOJ saying it’s willing to sacrifice the security of millions of Americans to make sure it can round up the nation’s least intelligent criminals.”

The DoJ has never given a shit about the welfare, security or otherwise, of citizens. The DoJ’s goal is to maximize the numbers of successful arrests and prosecutions.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...