Latest DOJ WTFness: Encryption Is Like A Locked House That Won't Let Its Owners Back Inside

from the spare-the-Rod,-spoil-the-horse-carcass dept

Deputy Attorney General Rod Rosenstein continues his push for law enforcement-friendly broken encryption. The ultimate goal is the same but the arguments just keep getting worse. Trying to pitch worthless encryption (i.e., encryption easily compromised in response to government demands) as "responsible" encryption is only the beginning of Rosenstein's logical fallacies.

After a month-plus of bad analogies and false equivalents, Rosenstein has managed to top himself. The path to Rosenstein's slaughtering of a metaphor runs through such highlights as the DAG claiming device encryption is solely motivated by profits and that this is the first time in history law enforcement hasn't had access to all forms of evidence. It's an intellectually dishonest campaign against encryption, propelled by the incredibly incorrect belief that the Fourth Amendment was written to provide the government with access, rather than to protect citizens from their government.

In a long article by Cyrus Farivar discussing a recent interview given by Rosenstein, the Deputy Attorney General drops this abomination of an analogy:

"I favor strong encryption, because the stronger the encryption, the more secure data is against criminals who are trying to commit fraud," he explained. "And I'm in favor of that, because that means less business for us prosecuting cases of people who have stolen data and hacked into computer networks and done all sorts of damage. So I'm in favor of strong encryption."

"This is, obviously, a related issue, but it's distinct, which is, what about cases where people are using electronic media to commit crimes? Having access to those devices is going to be critical to have evidence that we can present in court to prove the crime. I understand why some people merge the issues. I understand that they're related. But I think logically, we have to look at these differently. People want to secure their houses, but they still need to get in and out. Same issue here."

It is nowhere near the "same issue." I sincerely hope DAG Rosenstein regrets every word of this statement.

Let's streamline the analogy: People want to protect the data on their phones. People still want to be able to access this data on their phones. In no case ever has encryption prevented people from accessing the data on their phones. Forgotten passcodes might, but that's like losing house keys. You might need outside assistance to get back in.

Rosenstein's analogy skips a step. It has to. There's no way this analogy can ever work couched in Rosenstein's anti-encryption statements. People lock their houses when they leave and unlock them with their keys when they get back. Rosenstein's analogy is completely baffling, given the context of his remarks. How does strong security prevent people from "entering" their devices? It doesn't and Rosenstein knows this. It only prevents people other than the device owner from doing so.

What he's actually talking about is government access, but he can't find a credible argument for weakening the strong encryption he just claimed he believed in. And he doesn't have the intellectual honesty to say what he really means. The "they" in "but they still need to get in and out" is meant to encompass law enforcement agencies. In the context of Rosenstein's anti-encryption argument, that's the only interpretation that makes any sort of sense. Otherwise, it's a non sequitur -- one that claims strong security is somehow capable of preventing home owners from coming and going as they please.

A boneheaded analogy like this is the only rhetorical option left. That's because what Rosenstein wants -- easily-compromised "strong" encryption (i.e., "responsible encryption") -- simply cannot exist. Impossible demands can only be justified by implausible arguments. Given the swift and steady deterioration of Rosenstein's rhetoric, it's probably time to put his "Dead Horses and the Men Who Beat Them" show on ice.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 14 Nov 2017 @ 11:05am

    Surely even the slightly tech-savvy can understand how this analogy doesn't work. If encryption worked like this, no one would or even could use it.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Nov 2017 @ 11:26am

      Re:

      "Surely [...] can understand..."

      ha haa haaaahh aahahaaahaaaahhaaa

      There are two problems here.

      lack of understanding on behalf of the voters.
      lack of integrity on behalf of the voted.

      It would be nice for officials to understand things, the problem is that we do not require them to.

      reply to this | link to this | view in chronology ]

    • icon
      Dave Howe (profile), 17 Nov 2017 @ 12:44am

      No no, this is setting the scene

      for RESPONSIBLE house locks - which are really secure against criminals, but the FBI can get in easily without needing the key.

      I am sure those smart people in the lock industry could do that if they nerded harder, they are just being stubborn.

      reply to this | link to this | view in chronology ]

  • identicon
    J.R., 14 Nov 2017 @ 11:13am

    Explanation

    Simple, his point of view is:

    "What's mine is mine and what's yours is mine too. Therefore I'm entitled to your key and to use it for any old reason."

    QED, etc. :\

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Nov 2017 @ 11:15am

    Does anyone take this seriously?

    Are the audiences of these talks and articles really so stupid to buy into this stuff? Or does everyone just roll their eyes and go yeah, yeah, blah, blah, blah.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Nov 2017 @ 2:41pm

      Re: Does anyone take this seriously?

      Or does everyone just roll their eyes and go yeah, yeah, blah, blah, blah.

      Millions of Americans, and others around the world, listen seriously to the words of the President of the United States. They do listen. Very seriously.

       

      Sad.

       

       

      Anyhow, in comparison to the President, and in comparison to the Attorney General, Jefferson Beauregard Sessions III — in comparison, their subordinate at DoJ, Deputy Attorney General Rod Rosenstein, is just not quite exactly as serious.

      reply to this | link to this | view in chronology ]

  • identicon
    Baron von Robber, 14 Nov 2017 @ 11:17am

    I wish my house was like good encryption! Unless, I hit my head and forgot how to enter in it. Good thing encryption is cheaper than a house.

    reply to this | link to this | view in chronology ]

  • identicon
    Sean S, 14 Nov 2017 @ 11:25am

    Heisenberg's encryption principle

    He seems to have stumbled on Heisenberg's encryption principle in which the better the encryption the data, the less access to law enforcement and criminals, and vice versa. The data can't exist in both an unencrypted and secure state at the same time.

    reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 14 Nov 2017 @ 11:26am

    ... no, that is still not rain.

    A boneheaded analogy like this is the only rhetorical option left.

    It's not 'boneheaded', it's dishonest. Deliberately misleading and dishonest.

    In one paragraph he proclaims that strong encryption is important and that he is in favor of it, yet the very next paragraph he throws out an example wherein he portrays strong encryption as a bad thing because it keeps certain people out, an example that only works if(as noted in the article) the 'they' in his statement are a different party than the 'homeowner' in his example.

    It's very clear that he does not actually believe in 'strong encryption' in any real sense of the term, and the least he could do is be honest about it. Admit flat out that he's okay with weakening encryption, that it's a price he's willing to have the public pay in order to ensure unprecedented access to information that working encryption could prevent. It would still be a dangerously stupid idea for someone in his position to be pushing, but at least it would be an honestly presented dangerously stupid idea.

    reply to this | link to this | view in chronology ]

  • identicon
    Personanongrata, 14 Nov 2017 @ 11:36am

    How Much Rod can You Handle?

    Deputy Attorney General Rod Rosenstein continues his push for law enforcement-friendly broken encryption.

    Would someone please explain to Rod Rosenstein the first law of holes is to stop digging.

    reply to this | link to this | view in chronology ]

  • identicon
    David, 14 Nov 2017 @ 11:48am

    Man, one has to explain the simplest things to you:

    But I think logically, we have to look at these differently. People want to secure their houses, but they still need to get in and out. Same issue here."

    That's a perfect analogy. Because it spells out the new world order. If you buy a smartphone, you think it is yours. But if you look at the small print, you cannot help but feeling that the manufacturer thinks it's still theirs.

    But you still need to have your personal data registered to get it because, make no mistake, the government considers it theirs. Or maybe they consider you its property, and as a slave your possessions are actually theirs.

    I mean, take a look at civil asset forfeiture. That makes only sense once you are considered a government slave, otherwise your property could not just be taken without due process.

    reply to this | link to this | view in chronology ]

  • icon
    Roger Strong (profile), 14 Nov 2017 @ 11:53am

    YOU WOULDN'T DOWNLOAD A CAR

    You wouldn't reliably secure your house.

    So you shouldn't reliably secure your data.

    reply to this | link to this | view in chronology ]

  • identicon
    Indee One, 14 Nov 2017 @ 11:57am

    And you have Feinstein who wants to revive the anti-encryption bill..

    reply to this | link to this | view in chronology ]

  • icon
    Ryunosuke (profile), 14 Nov 2017 @ 12:25pm

    The path to Rosenstein's slaughtering of a metaphor runs through such highlights as the DAG claiming device encryption is solely motivated by profits...

    I will grant him this one BUT... only in as much as that after Snowden, the world took a hard look at how strong our encryption actually is, and who is accessing it, and for what reasons.

    This is what happens when you put backdoors in stuff.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Nov 2017 @ 12:32pm

    They should have a trial run of responsible encryption on everyone's devices that support it. After a year of trial, if there wasn't a problem then have a serious look at it. It may finally shut them up and maybe dump the very idea once they have been thoroughly hacked.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Nov 2017 @ 12:48pm

      Re: Yes DOJ, Lead By Example

      The DOJ should publicly and open source transparently implement agency-wide "responsible encryption" as a proof of concept.

      Then after a couple of years they will have the ideal example. (For the non-existence of cyber-unicorns)

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Nov 2017 @ 12:47pm

    People want to secure their houses, but they still need to get in and out. Same issue here.

    It's not that boneheaded an analogy. The lock is the encryption in this case. Now imagine we redesign door locks to accept a master key that "only LEO has a copy of". LEOs join the force, LEOs leave the force. The wrong people retain or gain access to those master keys and suddenly every house in America has to have the locks changed.

    It's a pretty apt analogy imo.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Nov 2017 @ 1:04pm

    Goose and Gander

    Mr. Rosenstein this responsible encryption thing sounds great. How long before it is implemented throughout your agency?

    reply to this | link to this | view in chronology ]

  • icon
    Toom1275 (profile), 14 Nov 2017 @ 1:06pm

    Amazon Key allows people to unlock their doors remotely.

    I imagine that'll be the FBI's next target - so they can have literal backdoor access to people's homes too.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Nov 2017 @ 2:26pm

      Re:

      That IoT is so badly insecure and people *still* keep buying internet-enabled shit for their homes proves not nearly enough people give a damn about security. This is why we will probably lose strong encryption, too.

      reply to this | link to this | view in chronology ]

      • identicon
        Talmyr, 15 Nov 2017 @ 4:50am

        Re: Re:

        No, that's a totally different argument. Although it's one that every civilised country in the West (not the Wild West) has gone for. Surprisingly, it works. But encryption keys don't generally kill people when used...

        reply to this | link to this | view in chronology ]

        • identicon
          Talmyr, 15 Nov 2017 @ 4:52am

          Re: Re: Re:

          Argh, replied to the wrong comment. Check the comment below once it gets out of the 'Anti-Blue/Whatever/MyNameHere' void.

          reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Nov 2017 @ 1:24pm

    What the fuck? That's like the government saying "we should ban all weapons because that's why we have law enforcement".

    LOLS

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Nov 2017 @ 1:32pm

    "... this is the first time in history law enforcement hasn't had access to all forms of evidence." LOL, please tell me why cases in the 1950s weren't tried on DNA evidence. Was it, perhaps, there was no access to that evidence for law enforcement? SMH, These doofs...

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Nov 2017 @ 3:42pm

      Re:

      They also don't have access if I shred documents!!! If I whisper in a person's ear, etc.

      Considering most Encryption software is written outside of the U.S., they have very little to ZERO control over most Encryption software made. Those smart enough will use it.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 14 Nov 2017 @ 3:48pm

        Re: Re:

        Has looking for info on a phone AFTER THE FACT stop anyone from being murdered? Not that I know of. The people are already DEAD. The Murderers are also almost already DEAD after doing their thing. Most are smart enough to wipe and or destroy any hardware that might have had something on it.


        Unless the governments are spying on everyone's phone in real time, completely bypassing encryption, giving access to that phone, might stop a terrorist or murderer. No one in their right mind would want to grand a government that kind of power.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Nov 2017 @ 2:16pm

    reenscproynpstiibolne

    Strong security could definitely prevent a STRAWMAN from entering somewhere/thing.

    In terms of topping the boneheadedness, this reminds of Dilbert's Topper, but this can become its own new character - DAGbert.

    reply to this | link to this | view in chronology ]

  • identicon
    Tin-Foil-Hat, 14 Nov 2017 @ 2:38pm

    Newspeak

    Anything with the words "justice","freedom" or "patriot" in it's name is likely to be the opposite. This is just another unelected body that is responsible for policy but not accountable for the consequences.

    They want to be able to effortlessly spy on our activities and punish as many people as possible for any transgression of our gazillion laws no matter how petty. Of course they'll claim it's for the fraction of a percent of cases that involve children or terrorism.

    They should be considered an enemy of the people until they're obligated to obey the same laws we are and operate as transparently as they demand we do. They should obey the spirit of the law, not look for loopholes to cast a wider net. They violate our trust and instead of earning it back they use fear tactics and propaganda to manipulate congress.

    You want easy access to millions of devices just in case? Too bad.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Nov 2017 @ 3:04pm

    I can accept the analogy

    We do need to get in and out of our houses. I'm not going to accept the architect keeping their own key to it, though.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 15 Nov 2017 @ 7:02am

      Re: I can accept the analogy

      If we're keeping the analogy, not only does the architect keep his own key, that one key opens every house the architect ever built, and he may be sharing that key with hundreds of police agencies.

      reply to this | link to this | view in chronology ]

      • icon
        That One Guy (profile), 15 Nov 2017 @ 7:47am

        Re: Re: I can accept the analogy

        ... along with an undisclosed number of 'friends'. But no worries, they're totally trustworthy and would never abuse the key, or leave it where someone who might not be quite as trustworthy might get their hands on it. Promise.

        reply to this | link to this | view in chronology ]

  • icon
    orbitalinsertion (profile), 14 Nov 2017 @ 3:20pm

    People want to secure their houses, but we still need to be able to enter with battering rams (possibly attached to APCs) and throw in flashbang grenades and storm in with heavy weapons pointed at you and your loved ones. Is that so hard to understand? Think of the children! I mean hypothetical children, not your personal, actual children.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Nov 2017 @ 3:49pm

      Re:

      Then you end up shot in your own bed, and the police later find out they went to the WRONG HOUSE!!! OPS!!! Oh well, nothing happens to them. That has happened!!!

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Nov 2017 @ 4:37pm

    Not a new idea, but maybe more succinct...

    A "strong", easily breakable encryption (aka backdoor, golden key.. etc) is impossible because it's a contradiction of definition (The only general case of provably "impossible").

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Nov 2017 @ 5:36pm

    Bad analogy indeed.

    Responsible encryption isn't giving the keys to criminals and spooks.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Nov 2017 @ 1:30am

    That sound you here is MyNameHere having an orgasm to himself. His people are in power.

    reply to this | link to this | view in chronology ]

  • icon
    Ben (profile), 15 Nov 2017 @ 5:41am

    We can use his analogy

    If DAG Rosenstein insists on the 'house' analogy, how about I fix it for him:
    "I want the government to have skeleton keys to every house in the country, no matter how secure. The government promises never to use the keys without judicial oversight and a proper warrant. And they also promise that nobody else in the world will be able to sneak into the keystore and take a key." ... like that won't happen!

    reply to this | link to this | view in chronology ]

  • identicon
    Not.You, 15 Nov 2017 @ 11:20am

    More accurate version of the analogy

    For his analogy to be correct you would have to imagine that the lock on the house was so effective that without the key, the house would literally be impossible to enter for anyone ever. What he is asking for is that when people put this type of 100% effective lock on the house, they also have to make a copy of the key and give it to the government.

    reply to this | link to this | view in chronology ]

    • icon
      crade (profile), 16 Nov 2017 @ 10:19am

      Re: More accurate version of the analogy

      His analogy is keeping people out of their own houses. It makes no difference how effective the lock is, the analogy is complete trash.

      If he were trying to say it's to keep the government out of their houses,
      A) He probably wouldn't get much support for this idea
      B) Comparing a secured physical location with encrypted information is specious

      reply to this | link to this | view in chronology ]

  • identicon
    DOlz, 15 Nov 2017 @ 2:09pm

    Is there anyone in this administration that didn’t get their English language instructions from “1984”?

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.