Deputy Attorney General Rosen: Companies Like Facebook Are Making Everyone Less Safe By Offering Encryption

from the 'for-the-children'-beats-out-'because-terrorism' dept

The federal government's anti-encryption push is starting to turn into a really weird movement. Yanking pages from the FOSTA playbook, Attorney General William Barr threw an anti-encryption party featuring him, FBI Director Chris Wray, Deputy AG Jeffrey Rosen, and some overseas critics of secure communications.

It was full of loaded language, beginning with the conference's name:

Lawless Spaces: Warrant-Proof Encryption and Its Impact On Child Exploitation Cases

This is how the DOJ and FBI are going to play this game: the specter of exploited children vs. secure communications for millions of Facebook users. Facebook is definitely the target. This conference -- which featured zero tech experts or encryption advocates -- was preceded by the announcement of a data-sharing agreement between the US and UK government that namechecked Facebook's Messenger and WhatsApp.

It was also preceded by Attorney General William Barr's letter to Facebook, asking it to drop its plans to add end-to-end encryption to Messenger. The letter, signed by the participants in this one-sided conference, said the addition of encryption -- without some form of "lawful access" -- would result in massive amounts of undetectable child exploitation.

Now that William Barr has said his piece, the floor has been opened up to DOJ Deputy Attorney General Jeffrey Rosen. Rosen's pitch isn't all that different from the one Barr laid out in his open letter to Facebook. But Rosen does add a bit more color to his in the form of questionable analogies.

Outside the digital world, none of us would accept the proposition that grown-ups should be permitted to mingle in closed rooms with children they don’t know in order to groom them for sexual exploitation. Neither would we ever accept the idea that a person should be allowed to keep a hoard of child sexual abuse material from the scrutiny of the justice system when all of society’s traditional procedures for protecting the person’s privacy, like the Fourth Amendment’s warrant requirement, have been satisfied. But in the digital world, that is increasingly the situation in which we find ourselves.

First off, no one finds the propositions Rosen offers acceptable -- not the digital variety nor the real-world version. However, both versions still happen, with or without "lawful access." It's not that the DOJ and FBI shouldn't go after child exploiters. It's that pretending that undermining encryption will cause "lawless spaces" to cease to exist isn't an honest approach.

To be fair, Rosen isn't saying exactly that. But what he's pitching is encryption backdoors that will result in millions of insecure communications for millions of people. The potential for harm is immeasurable. But we -- and our service providers -- should apparently be willing to take that risk so law enforcement has easier access to these communications. That's the trade-off being demanded, even if Rosen, Barr, etc. aren't intellectually honest enough to use those exact words.

The intellectual dishonesty continues with Rosen's refusal to call backdoors "backdoors."

I am not for a moment suggesting that we should “weaken” encryption. As we confront the problem of “warrant-proof” encryption, nobody is calling for secret “back doors” to communications systems, even though that is often how the issue is misreported. As FBI Director Wray said this morning, law enforcement seeks a front door — that is, access through a transparent and publicly acknowledged system, and only once we have secured the authorization of a court. And we don’t want the keys to that door. The companies that develop these platforms should keep the keys, maintaining their users’ trust by providing access to content only when a judge has ordered it.

If you put an entrance anywhere, the building is compromised. A hole in a wall, floor, roof, wherever, is still a hole. It doesn't matter who holds the keys. The keys exist and can be copied or misplaced. Law enforcement may need a warrant, but criminals and state actors only need access to the key. Dressing it up as an escrow system doesn't magically make this problem go away.

Rosen is calling for more than backdoors. Using another emotional argument, Rosen appears to saying the government should be allowed to eavesdrop on encrypted communications.

Every day, companies like AT&T, Verizon, and Sprint provide law enforcement with targeted lawful access to the content of phone communications in ways that promote public safety — but only after the government has complied with the rigorous requirements of the law, and a judge has authorized access. Why should internet technology companies operate under different rules? For a young girl who is being trafficked for sex, it makes no difference whether her tormenters are communicating via traditional voice calls over a cell phone, or via an encrypted internet app. But it makes a huge difference to the investigators trying to find her, as they can gather the first category of electronic evidence, but not the second. From a policy point of view, it doesn’t make any sense.

The example Rosen uses is wiretaps. The FBI would definitely like to be the unseen party to any number of conversations, especially now that most of them don't take place over the phone. With this, Rosen is asking for more than unencrypted access to data at rest. He's asking for a "non-backdoor" that allows investigators to intercept communications. This increases the complexity of the government's demands and the insecurity of the targeted app's users.

Rosen says 70% of 16 million child sexual abuse reports Facebook made last year originated from its Messenger service. Once end-to-end encryption is applied, these messages will no longer be visible to Facebook, in addition to being less accessible to law enforcement. He compares the millions of Facebook reports to the very limited number produced by Apple, which has provided end-to-end encryption for a few years now. Apple has forwarded a little over 200 tips over the last three years. As Rosen conjectures, it can't simply be because no child abusers use iPhones.

Rosen isn't wrong. Encryption will result in far fewer reports, if Facebook can't scan messages for child porn. But he's completely wrong in his portrayal of the trade-offs being made.

Some companies have completely favored the privacy of their users over the safety of their users.

This isn't about privacy, even though there is definitely a net privacy gain. It's about security, something even the government realizes is essential for electronic communications. But the government wants less security for everyone, in exchange for an unknown quantity of law enforcement "wins." Rosen actually says users are "safer" when their communications providers scan communications for illicit content -- an argument few outside the FBI and DOJ would make. Rosen is spinning this from the viewpoint of law enforcement riding to the rescue of victimized children. But it won't just be the FBI making use of backdoors or intercepted communications. It will also be governments who treat criticism and dissent as crimes, which definitely makes things less safe for millions of people around the world.

Rosen closes with this last bit of intellectual dishonesty:

If we are to move to a world where even judge-approved search warrants become useless to the protection of exploited children, and to public safety more broadly, our country needs an open discussion of the costs some such technology platforms will be imposing on all of us. If our efforts to make the virtual world more secure leave us more vulnerable in the physical world, that decision should be an informed one.

But Rosen and the agencies he's speaking for don't want an "informed" decision. They've spent years blowing off experts who say what they want will result in less security and safety for users, as well as pointing out the impossibility of creating a "secure" backdoor. You only need to look at the speaker list for this event to see the DOJ and FBI aren't interested in being informed. When the only people being asked for opinions are those who think undermining encryption is a necessity, you're going to come to the conclusion that undermining encryption is a necessity.

Filed Under: doj, encryption, going dark, jeffrey rosen, security
Companies: facebook


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 7 Oct 2019 @ 6:36am

    The Entire NSA is violating the law why should we trust more?

    The constitution gives us lots of rights and promises that the government can't or won't do certain things. The NSA has been violating those since its very beginning and has no obtained enough dirty secrets to start blackmailing the government. Prove me wrong or start over with a new government.

    reply to this | link to this | view in chronology ]

    • icon
      DannyB (profile), 7 Oct 2019 @ 6:47am

      Re: The Entire NSA is violating the law why should we trust more

      --- BEGIN ROT13 ENCRYPTED MESSAGE ---

      Jura cevinpl naq rapelcgvba ner bhgynjrq, bayl bhgynjf jvyy unir cevinpl naq rapelcgvba.

      --- END ROT13 ENCRYPTED MESSAGE ---

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 7 Oct 2019 @ 7:25am

        Re: Re: The Entire NSA is violating the law why should we trust

        --- BEGIN ROT13 ENCRYPTED MESSAGE ---
        Jura cevinpl naq rapelcgvba ner bhgynjrq, bayl bhgynjf jvyy unir cevinpl naq rapelcgvba.
        --- END ROT13 ENCRYPTED MESSAGE ---

        For better security you should really use DOUBLE ROT13.

        Sincerely,
        DOJ

        reply to this | link to this | view in chronology ]

        • identicon
          Pixelation, 7 Oct 2019 @ 8:05am

          Re: Re: Re: The Entire NSA is violating the law why should we tr

          --- BEGIN ROT13 ENCRYPTED MESSAGE ---
          --Backdoor--
          Dear Mr. Rosen, careful what you wish for. Trump is reading what you are texting

          --- END ROT13 ENCRYPTED MESSAGE ---

          reply to this | link to this | view in chronology ]

    • icon
      nasch (profile), 8 Oct 2019 @ 6:41am

      Re: The Entire NSA is violating the law why should we trust more

      Prove me wrong

      Not that you're wrong, but that isn't how burden of proof works.

      reply to this | link to this | view in chronology ]

  • icon
    DannyB (profile), 7 Oct 2019 @ 6:37am

    Privacy is part of Safety

    The earliest forms of ciphers were to keep messages private . . . for safety of the sender and receiver of the messages. Alex and Bob want to exchange messages privately, keeping Eve from reading them.

    From those earliest primitive ciphers, there are various advances in how to encrypt messages to keep them private, and thus safe, between the sender and receiver. As Eve gets more clever and cunning, Alex and Bob must improve their cipher technology to remain safe.

    Everything about cipher technology is now published openly in textbooks. Would the US stop someone from exiting or entering the country with a widely published academic technical textbook under their arm? Let's burn the books!

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Hero, 7 Oct 2019 @ 8:28am

      Re: Privacy is part of Safety

      It's spelled "Alice".

      reply to this | link to this | view in chronology ]

      • icon
        DannyB (profile), 7 Oct 2019 @ 9:27am

        Re: Re: Privacy is part of Safety

        Then why is Trent, the trusted third party, such as for example a certificate authority, a male name?

        :-) Don't take it too seriously.

        reply to this | link to this | view in chronology ]

      • icon
        DannyB (profile), 7 Oct 2019 @ 2:17pm

        Re: Re: Privacy is part of Safety

        Alex and Bob. The original, generic characters. Generally, Alice and Bob want to exchange a message or cryptographic key.

        Carlos or Charlie. A generic third participant.

        Carol. A third participant, usually of malicious intent.[11]

        Cindy. A password cracker, often encountered in situations with stored passwords.

        Dan, Dave or David. A generic fourth participant.

        Eve. An eavesdropper, who is usually a passive attacker. While they can listen in on messages between Alice and Bob, they cannot modify them. In quantum cryptography, Eve may also represent the environment[clarification needed].

        Faythe. A trusted advisor, courier or intermediary. Faythe is used infrequently, and is associated with Faith and Faithfulness. Faythe may be a repository of key service or courier of shared secrets.[citation needed]

        Grace. A government representative. For example, Grace may try to force Alice or Bob to implement backdoors in their protocols. May also deliberately weaken standards.[citation needed]

        Heidi. A mischievous designer for cryptographic standards, but rarely used.[12]

        Judy. A judge who may be called upon to resolve a potential dispute between participants.

        Melony. A malicious attacker. Associated with Trudy, an intruder. Unlike the passive Eve, Melony is an active attacker (often used in monkey-in-the-middle attacks), who can modify messages, substitute messages, or replay old messages. The difficulty of securing a system against Melony is much greater than against Eve.

        Oscar. An opponent, similar to Mallory, but not necessarily malicious.

        Pat. A prover, who interacts with the system to show that the intended transaction has actually taken place. Pat is often found in zero-knowledge proofs. Similar to Victor.

        Rupert. A repudiator who appears for interactions that desire Non-repudiation.

        Sybil. A pseudonymous attacker, who usually uses a large number of identities. For example, Sybil may attempt to subvert a reputation system. See Sybil attack.

        Trent. A trusted arbitrator, who acts as a neutral third party.

        Trudy. An intruder.

        Victor. A verifier, similar to Peggy or Pat.

        reply to this | link to this | view in chronology ]

  • icon
    Scary Devil Monastery (profile), 7 Oct 2019 @ 6:48am

    "This is how the DOJ and FBI are going to play this game: the specter of exploited children vs. secure communications for millions of Facebook users."

    Ah, that repulsive old trick of trying to screw every member of a community and make it look righteous by claiming it's "for the children".

    You'd think the law enforcement arms of government should consider themselves above the cheap rhetoric of a third-rate divorce lawyer or copyright troll litigator. Apparently that just isn't the case.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Oct 2019 @ 6:49am

      Re:

      Of course it's for the children, Exhibit A: NSA's LOVEINT!

      reply to this | link to this | view in chronology ]

    • identicon
      GOP, 7 Oct 2019 @ 7:02am

      Re:

      False Dichotomy, amazingly, works on some people.

      reply to this | link to this | view in chronology ]

      • icon
        Scary Devil Monastery (profile), 9 Oct 2019 @ 1:40am

        Re: Re:

        "False Dichotomy, amazingly, works on some people."

        It's honestly become so bad that today if I hear about a proposal meant to stop or mitigate child abuse I automatically assume it's an attempt to push through malicious legislation meant to further the cause of bigots, control freaks with dictatorial aspirations, and/or copyright cultists.

        I say anyone in public service found to invoke emotive aerguments as part of deceptive practice needs to be publicly flogged, blacklisted from future government service, and have the bullet point "LIAR" added to their public record.

        reply to this | link to this | view in chronology ]

    • identicon
      David, 7 Oct 2019 @ 10:55am

      Re:

      Sure it's for the children, like climate change is for the children. And like every slippery slope that one can't get up again easily.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Oct 2019 @ 6:05pm

      Re:

      You'd think the law enforcement arms of government should consider themselves above the cheap rhetoric of a third-rate divorce lawyer or copyright troll litigator.

      Some of them would have come up considerably just to meet that level.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Oct 2019 @ 6:58am

    Are these the same people who complained about being spied upon?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Oct 2019 @ 7:05am

    16 million reports? That seems.... bad.
    US population is about 329 million. So 16 Million reports would be one report for about every 20 people.

    If there are no false positive and duplicates that means probably greater than 1 in every 20 adults is an offender (greater because the population count is note entirely adults, and also it's likely not all cases are reported).

    My gut reaction is: "Get better statistics".

    reply to this | link to this | view in chronology ]

    • icon
      Anonymous Anonymous Coward (profile), 7 Oct 2019 @ 7:14am

      Re:

      Or, interpret the statistics you have based on reality rather than in support of your position. The article does not say that those 16 million reports were about US based users, so 1 in 20 is probably wrong on that alone. Then I would think there is a high probability that there are repeat offenders, who offend often rather than a greater number of offenders.

      So two things. Get better statistics, AND, interpret them better.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 7 Oct 2019 @ 7:54am

        Re: Re:

        yeah I was assuming that a US agency primarily gets reports about US cases (which may have actually been a terrible assumption)

        reply to this | link to this | view in chronology ]

        • icon
          PaulT (profile), 7 Oct 2019 @ 8:50am

          Re: Re: Re:

          My guess is that Facebook are over-reporting anyway. Given the international nature of a lot of these criminal networks, the ease with which competent criminals could obfuscate location data and the tendency to be used as a scapegoat when things go wrong, I dare say that Facebook will be forwarding anything remotely suspicious.

          reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 7 Oct 2019 @ 7:21pm

        Re: Re:

        Report != unique offender

        reply to this | link to this | view in chronology ]

  • icon
    Anonymous Anonymous Coward (profile), 7 Oct 2019 @ 7:05am

    Probable Cause and the connection to Parallel Construction

    As pointed out n the article, the changes requested will not only impact the US, the only place the 4th Amendment applies (though other countries may have similar rules) those changes will cause impact...everywhere.

    In thinking about Rosen's insistence that they will only use their new power when 'judge approved' means that in order to get access to that power they need to provide probable cause. If they have probable cause then they have enough information to investigate. If they have enough information to investigate then why do they need access to digital records, either live or at rest? Go investigate. If the probable cause thingy is actually valid and not made from smoke and mirrors then they would likely be able to build a case without a warrant for communications. It just take something that seems an anathema to them, hard work.

    And, about that at rest part, if the alleged perpetrators have illegal stuff on their computers, it will likely be encrypted, and nothing Facebook, or Apple, or any other service provider do will impact that. Which leaves us to predict that OS level encryption is the next target on their list.

    Then again, the actual purpose of these demands likely have only a small part based in sex trafficking or child porn which is an artifice to achieve unprecedented access in the furtherance of power and control over the entire populace. There are too many examples of law enforcement 'creating' probable cause scenarios that have little to do with any truth to believe that the requirement for 'judge approval' has significant reality as a protection. Judges can be snowed, and have been snowed, and will be snowed again.

    Do these people really believe that the concept of parallel construction is unknown to those outside of law enforcement? I think they do realize that while parallel construction has not been found illegal (yet), it is certainly immoral, and they don't care. Listening in on what they consider 'juicy bits' will lead them to charging anyone they don't like with something, whether it has anything to do with the original 'probable cause' or not.

    This entire discussion is a parallel construction for the eventual total surveillance state, and antithetical to democracy in general. Just because it might be good for law enforcement does not mean it is good for democracy (yes I know we are a democratic republic and not a true democracy which has nothing to do with my statement).

    reply to this | link to this | view in chronology ]

  • identicon
    Sok Puppette, 7 Oct 2019 @ 7:07am

    Let's not forget...

    It's true that these back doors are very dangerous from a technical security point of view. But they are also bad ideas when they're working as intended.

    If these companies give that kind of access to "the authorities" in the US, they have no leverage to not give it to "the authorities" in $insert_hellhole_dictatorship_here. And even in places like the US, "the authorities" routinely break the rules, overstep their bounds, and create giant unjustifiable oppressive programs. It's stupidly dangerous, to children and everybody else, to concentrate that kind of power.

    They shouldn't have that power, period, even if it could be secured, which of course it can't.

    reply to this | link to this | view in chronology ]

    • icon
      Scary Devil Monastery (profile), 9 Oct 2019 @ 1:44am

      Re: Let's not forget...

      "...they have no leverage to not give it to "the authorities" in $insert_hellhole_dictatorship_here."

      They won't have to give it. A master key will be such a precious commodity the one in the position of holding it will receive a phonecall offering him the choice of handing over the master key and receive a few million in cash, or watch a video of his children being tortured and killed.

      And that's assuming it isn't just silently lifted by the same team of crackers who released the wcry ransomware.

      The master key will quietly leak almost instantly and become the property of anyone willing to pay hard cash for it. This is given.

      reply to this | link to this | view in chronology ]

      • identicon
        A Guy, 9 Oct 2019 @ 7:12am

        Re: Re: Let's not forget...

        Stuff like that is super easy to lift too. You can download the software for free off the internet.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Oct 2019 @ 7:17am

    "As FBI Director Wray said this morning, law enforcement seeks a front door — that is, access through a transparent and publicly acknowledged system."

    Deputy Attorney General Rosen,

    I'll tell you what, you show us that you can do government business in a transparent way, and we might consider this. The government has proven again and again that we cannot trust it, and it continues to avoid transparency like the plague, through the use of NSLs, and various bulk collection programs at the NSA.

    What exactly is it you don't want us to see? After all, "if you have nothing to hide, you have nothing to fear", right?

    Additionally, the government needs to prove it can be trusted with our data. As a former clearance carrying victim of the OPM hack, I don't think you've earned that trust.

    reply to this | link to this | view in chronology ]

  • identicon
    AnonCow, 7 Oct 2019 @ 7:20am

    I don't care

    An increase or decrease in child safety is not a good enough reason to deny a nation its Rights.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Oct 2019 @ 7:26am

    like so many other highly important positions in the USA, this one is held by a cunt who has no idea what he's talking about! before the Internet, were letters and parcels treated as if anyone from any of the security services or elsewhere could access them? no, they weren't! the only difference between then and now is the speed information can get to anywhere and everywhere! that's called 'progress'!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Hero, 7 Oct 2019 @ 7:39am

    So, this is Crypto Wars 3.0?

    I see no reason to worry. Look at their track record; the US government doesn't know how to win wars.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Oct 2019 @ 7:45am

    Why not demand we use resealable envelopes for snailmail?

    One can send childporn through mail on a microSSD, so the next logical step is to go full Gestapo mode and open all snail mail.

    reply to this | link to this | view in chronology ]

    • identicon
      Annonymouse, 7 Oct 2019 @ 10:34am

      Re: Why not demand we use resealable envelopes for snailmail?

      Who says that there are not already scanning the contents of all private mail already?
      If I can already do a full penetration scan in the lab, albeit slowly, who says they are not already doing it now with higher end hardware now?

      reply to this | link to this | view in chronology ]

  • icon
    JdL (profile), 7 Oct 2019 @ 8:11am

    I feel SO comforted

    Rosen: " The companies that develop these platforms should keep the keys, maintaining their users’ trust by providing access to content only when a judge has ordered it."

    That would be a judge who is a member of the largest and most corrupt criminal organization in America, the U.S. government? My trust level is so low it can't be charted.

    The good news: we the people, which is we the good guys, are winning and will will win the encryption war, one way or another. The thugs in government simply can't stop its use, in secret through steganography if by no other means.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Oct 2019 @ 6:09pm

      Re: I feel SO comforted

      That would be a judge who is a member of the largest and most corrupt criminal organization in America, the U.S. government?

      Corruption is only bad when it happens in other countries.

      reply to this | link to this | view in chronology ]

  • identicon
    Kitsune106, 7 Oct 2019 @ 8:26am

    I just had a thought

    If there are back doors, well, front doors. Does that not get around privacy? As the third party has access to the info. And if they claim it's info traveling , would they not claim it's same as overhearing a plot? And from there, just easy to search people with the front door as it's held by third party, and the users know said key exists so no 4th ammendment rights?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Oct 2019 @ 8:33am

    A Random thought about encryption...

    ZCZC 30632 38181 66183 64246 94776 18291 66309 82522 20386 47559 84928 91542 42867 11447 71294 32439 37478 21785 29403 89959 59165 26239 82837 83271 25462 13465 48977 87226 12729 77363 68618 68267 28345 20126 63908 54978 29761 73957 42335 84735 42493 84778 52990 23744 63139 85315 66432 90118 27272 77078 3066 60394 29081 69294 99462 69955 69839 72889 33253 38568 63703 48778 91515 36197 25172 79387 97337 37767 41229 72941 17525 35267 43341 40769 23203 66735 20684 81706 26533 79793 89589 29692 79374 33321 59223 82579 18530 65454 38933 70745 51388 60284 58973 82072 82879 66393 20721 37396 77919 63876 43532 35292 99612 89581 28939 87255 47644 99357 31645 69695 26839 75847 17256 87775 36342 53141 90331 85332 50322 30948 27246 33697 78516 78339 22853 15659 38346 24746 NNNN

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 8 Oct 2019 @ 6:34am

      Re: A Random thought about encryption...

      Citizen, you are sacrificing the safety of children nationwide by posting your message in a warrant-proof format.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Oct 2019 @ 8:38am

    Neither would we ever accept the idea that a person should be allowed to keep a hoard of child sexual abuse material from the scrutiny of the justice system when all of society’s traditional procedures for protecting the person’s privacy, like the Fourth Amendment’s warrant requirement, have been satisfied.

    But we quite literally do accept this idea. People are allowed to own safes without master keys, people are allowed to encrypt their own hard drives, people are allowed to write coded letters, people are allowed to burn documents or toss them off a bridge in the middle of the night. There is literally no aspect of society in which people are not allowed to "keep a hoard of child sexual abuse material from the scrutiny of the justice system."

    reply to this | link to this | view in chronology ]

    • icon
      Ninja (profile), 7 Oct 2019 @ 11:09am

      Re:

      Actually, law enforcement job is precisely to do proper investigative work and get evidence against such people even if they take many measures to keep their communications, files and papers well hidden, locked or destroyed.

      reply to this | link to this | view in chronology ]

    • identicon
      A Guy, 7 Oct 2019 @ 11:35am

      Re:

      That's not quite true, the vast majority of child sexual abuse material is unprotected speech and they aren't really "allowed" to do those things. There are laws against production, distribution, possession and destruction of those things. People do it like they rob banks or shoot up bars. I do not know exactly what you are supposed to do with stuff you're not allowed possess or destroy but there are laws regulating that unprotected speech.

      reply to this | link to this | view in chronology ]

      • icon
        Ninja (profile), 7 Oct 2019 @ 11:52am

        Re: Re:

        What he is saying is that you cannot be compelled to produce evidence against yourself. And you can hide content on safes, illegal or not. Safes are not illegal, destroying evidence if there's no legal probe on you is not a crime per se.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 7 Oct 2019 @ 12:50pm

          Re: Re: Re:

          destroying evidence if there's no legal probe on you is not a crime per se

          I am not sure that's true but IANAL. I think it's only true as an "innocent until proven guilty" situation.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 7 Oct 2019 @ 1:00pm

            Re: Re: Re: Re:

            Do you throw your mail away once it is no longer relevant to you? That is destruction of evidence.

            "Innocent until proven guilty" is irrelevant here. Destroying documents is a protected act and a necessary function of every day life. In fact, for some businesses it is REQUIRED BY LAW that they destroy documents in certain situations.

            Now, if you have been served and are under legal investigation and been told to keep all your documents, yet destroy them anyway, then yes, that is a crime. But destroying documents or hitting the delete button is not a crime in and of itself.

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 7 Oct 2019 @ 1:58pm

              Re: Re: Re: Re: Re:

              “In fact, for some businesses it is REQUIRED BY LAW that they destroy documents in certain situations.”

              True dat. Anyone who’s involved in medical records for instance will (hopefully) have HIPPA document destruction requirements drilled into them.

              reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Oct 2019 @ 6:16pm

      Re:

      People are allowed to own safes without master keys,

      Ever seen a TSA lock? You know, the kind that the government has master keys for?

      people are allowed to encrypt their own hard drives,

      For how much longer? And within 100 miles of a border?

      reply to this | link to this | view in chronology ]

  • identicon
    theOtherDude, 7 Oct 2019 @ 8:38am

    Trumps Lacky is Right

    Without a governmental "back door" you and everyone you love WILL DIE!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Hero, 7 Oct 2019 @ 8:39am

    I'm starting to think this is just a ploy for law enforcement officers that want to look at child porn. I mean, this administration is full of pussy grabbers. Amirite?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Oct 2019 @ 8:43am

    The people carrying out child trafficking and child porn etc. already use the dark web, and so forcing Facebook etc. to provide lawful access does not tackle the problem that they claim it tackles.

    reply to this | link to this | view in chronology ]

  • icon
    radix (profile), 7 Oct 2019 @ 8:51am

    Never argue with a man whose job depends on not being convinced.

    As long as law enforcement defines their own job as "catching the bad guys," they have a vested interest in the continued supply of "bad guys." Strong (aka, effective) encryption disrupts that.

    If people can't be easily victimized, the whole law enforcement industry becomes less important.

    reply to this | link to this | view in chronology ]

  • icon
    norahc (profile), 7 Oct 2019 @ 8:52am

    Still not seeing how law enforcement backdoors would keep anyone safer, especially children.

    For the government to get their judge approved warrant, they would already have to be investigating the person. Investigations don't start before the criminal act, but after. So the harm to the children or anybody else has already been done.

    The only way the government's encryption backdoors would work to protect anyone is if they started arresting and charging people before the crime was committed.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Oct 2019 @ 9:55am

    Lawful Encryption

    Even an (awful) idea like lawful encryption were to exist that would give 'authorities' a way to view encrypted messages, there's absolutely no reason to think that someone already breaking the law is going to use 'lawful encryption'... they'll simple start using 'black market encryption'...

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Oct 2019 @ 9:57am

    There,s plenty of apps that have encryption built in ,the fbi is afraid because a service that has billion,s of users could provide an messaging app thats easy to use by the public.

    End to end encryption means even if facebook hands over data to the fbi
    it would be of no use to them.
    The messaging systems used by social media service,s now
    probably have weak encryption or else are sent like a sms message ,ie the messages might be recorded
    by facebook or other social media platforms .
    The uk government want to be provided with a third key,
    so if 2 people send a message it would also be recieved by the police
    or the uk equivalent to the NSA .
    this profile would be invisible to the 2 people who are sending message,s
    to each other ,
    like a phone call is recorded without the public knowing about it.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Oct 2019 @ 10:03am

    How about a different name ...

    Instead of backdoor... how about greek entrance?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Oct 2019 @ 11:07am

    Lawful access?

    They want lawful access. The solution is simple: Get a warrant; Force the device owner to unlock access to the messages. Can't do that? Then tough shit. Do your jobs as LE has done since forever.

    The only reason to want "lawful" (read: "open") access to all messaging is to setup dragnets with watch-words and triggers so the computer can do their jobs for them. This kind of thing isn't legal in traffic enforcement and it more than likely isn't legal here.

    I'll take liberty, thanks.

    reply to this | link to this | view in chronology ]

    • icon
      DannyB (profile), 7 Oct 2019 @ 1:47pm

      Re: Lawful access?

      "Warrant Proof" -- no such thing.

      Big Brother is merely wanting to serve the warrant upon the wrong party. Some unrelated third party in between the two parties doing the actual communicating.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Oct 2019 @ 11:41am

    Rosen says 70% of 16 million child sexual abuse reports Facebook made last year originated from its Messenger service.

    What he does not say is how many criminals were arrested, tried and convicted because of those reports, which means the number may be close to zero.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Oct 2019 @ 12:01pm

    This entire fight between Facebook and the DOJ feels simulated. Both sides would benefit from a lack of encryption.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Oct 2019 @ 12:28pm

    Analysts

    “I’m not saying we weaken security”

    You can’t even keep conspiracies under wrap for your boss man. Your a temp lol

    reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 7 Oct 2019 @ 12:29pm

    Strange Question..

    What did they do BEFORE smartphones??
    To monitor and intercept information..
    I know...
    They bypassed the law and asked the phone company to install monitors...

    reply to this | link to this | view in chronology ]

  • icon
    Wyrm (profile), 7 Oct 2019 @ 12:31pm

    Outside the digital world, none of us would accept the proposition that grown-ups should be permitted to mingle in closed rooms with children they don’t know in order to groom them for sexual exploitation.

    Yes, you do. It's called a church.

    Every day, companies like AT&T, Verizon, and Sprint provide law enforcement with targeted lawful access to the content of phone communications in ways that promote public safety — but only after the government has complied with the rigorous requirements of the law, and a judge has authorized access.

    Who is he kidding there? After all the news we got about how the warrant requirements are so low, some judges just rubber-stamp them. Sometimes, it's not even a judge, not even an attorney general, but some random assistant.
    Not to mention "secret warrants" and cases of parallel construction...
    His "rigorous requirements" have been a joke for years and are getting worse by the day. Or the direct access some communication providers offer to government agencies.

    He shouldn't be surprised that people and private companies decide to take the matter of securing privacy into their own hands when the government actively fights security and privacy.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Oct 2019 @ 12:51pm

      Re:

      For a young girl who is being trafficked for sex, it makes no difference whether her tormenters are communicating via traditional voice calls over a cell phone, or via an encrypted internet app. But it makes a huge difference to the investigators trying to find her, as they can gather the first category of electronic evidence, but not the second.

      Are there no cell site simulators?
      Are there no cell phone connection records?

      For a young girl being trafficked for sex, you're not trying to find her by listening in to cell phone traffic, you're trying to make a case against her captors.

      Or "captors". Perhaps you are trying to avoid making a false accusation after some meddlesome "see something-say something" reported suspicion. After all, it's not like the girl is staying with her (insert race here) grandparents, or with a relative in The Big City to get access to (insert big city service/opportunity here).

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 7 Oct 2019 @ 1:04pm

        Re: Re:

        If you know who is trafficking children, you can use their mobile phone, and the IP addresses they are using to locate them. If you do not know who they are, whose communication are you going to intercept?

        reply to this | link to this | view in chronology ]

        • icon
          ECA (profile), 7 Oct 2019 @ 1:29pm

          Re: Re: Re:

          And the best part of TXT communication, is that MOST isnt Scrambled/encoded/anything..
          Its not worth the time to do anything complicated. Asking FB to do the deed and allow it to be monitored is abit stupid.
          Its a Step into asking all the others to do the same thing.

          BUT,
          If you were really into this type of thing and wanted to keep it private and hidden, WHAT would a (somewhat) Smart person do?
          Make a Private Chat/msg program...THAT DOES ensoding, based on the specific phone. And each person has to share a Code to be in that system, and to decode each msg.
          OR..
          You goto a System ont he net with TONS of Chat/msg and talk all you want.. It is so Busy, and complicated that Locating the group/person is Impossible...With hidden groups, private servers, Passwords(that work)(you would need 1 system from 1 of those people to get into it) that tracing their locations and soforth is ridiculous trying to get thru the VPN rerouting..

          But, if you could get a major corp to say...OK, we will open it... Then you could demand ALL THE REST to follow suit.
          AND make laws that demand a backdoor, to monitor Everything.

          "Everything" is a big word.
          How many of us have seen games that have chat rooms? Easy to find chat rooms? There are games that if you dont know the names, you will NEVER find them. From all the FB games/chats to Major Company Games and chats.. i will bet there are at least 5-10 names we could all say about Chat programs.. not including ones you have never heard of that are REALLY private and hidden.

          Said before..
          Monitoring the net, is Hard to do...You DONT have the man power to even Sort 1 days worth of Chats, using a computer...Let alone Private chats. Chats with programs that Dont need a central server. OR even to record voice chats. It would take 90% of the USA population to cover the world....IF you even tried.

          reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Oct 2019 @ 1:15pm

    If we are to move to a world where even judge-approved search warrants become useless...

    ... then we will also move to a world where warrentless searches excused as "national security" will become harder.

    And Tim,

    ...governments who treat criticism and dissent as crimes...

    Have periodically included the United States and its territories.

    reply to this | link to this | view in chronology ]

  • icon
    bhull242 (profile), 7 Oct 2019 @ 1:41pm

    I’m not sure that the DOJ understands, despite the fact that it has been explained many times to them, that any attempt to add some sort of “lawful access” to an encrypted, secure system will necessarily, by definition, require weakening that encrypted system.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Oct 2019 @ 1:58pm

      Re:

      Either he very clearly does not understand that or he does and is just hoping someone will "nerd harder" and come up with something despite every security professional on Earth telling him he's wrong.

      And nobody coming up with anything in the years since this brain-dead "war on encryption" began is sufficient evidence that it can't be done. If there's one thing science likes more than doing the right thing, it's a challenge; If this were a solvable problem it would be solved by now.

      reply to this | link to this | view in chronology ]

      • icon
        bhull242 (profile), 7 Oct 2019 @ 2:06pm

        Re: Re:

        To be clear, I meant that “Nerd Harder” wouldn’t work. It’d be like, “Make this red truck greener without reducing its redness.”

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 7 Oct 2019 @ 2:20pm

          Re: Re: Re:

          “Make this red truck greener without reducing its redness.”

          Okay, someone said "nerd harder" so I have to point this out.

          You can make a red truck greener without reducing its redness technically. You need to get its body to emit more photons in the green wavelength without reducing the number of photons emitted in the red wavelength. This means the truck body must be made brighter but it is actually possible to do.

          reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 7 Oct 2019 @ 3:38pm

      The 'ignorance' excuse was thrown out YEARS ago

      They know, it's been explained to them more than enough times for them not to know and it's not like they're blithering idiots, it's just they refuse to accept what people have told them because it's contrary to what they want, and they aren't honest enough to admit that they are willing to have the public pay the price that deliberately weakened encryption would cost.

      reply to this | link to this | view in chronology ]

      • icon
        bhull242 (profile), 7 Oct 2019 @ 5:35pm

        Re: The 'ignorance' excuse was thrown out YEARS ago

        I’m not saying it’s an excuse. Willful ignorance is no excuse, but it is still ignorance.

        reply to this | link to this | view in chronology ]

        • icon
          That One Guy (profile), 7 Oct 2019 @ 5:51pm

          Re: Re: The 'ignorance' excuse was thrown out YEARS ago

          That's the thing though, they are almost certainly not ignorant, as while they may not have known about the subject before they starting talking by this point so many people have pointed out how and why they are wrong it's almost literally impossible to believe that they are still ignorant rather than dishonest.

          reply to this | link to this | view in chronology ]

      • icon
        ECA (profile), 7 Oct 2019 @ 8:00pm

        Re: The 'ignorance' excuse was thrown out YEARS ago

        So, They are only creating an Excuse why they aint caught anyone??? Cool

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Oct 2019 @ 1:48pm

    Create a common, publicly known point of failure, but it's not weakening encryption if we also tell you to nerd harder! /facepalm

    If you really want to look into "lawless spaces", maybe don't back out of having the DoJ look at local PDs and enforcing consent decrees?

    reply to this | link to this | view in chronology ]

  • identicon
    Personanongrata, 7 Oct 2019 @ 5:14pm

    Know-Nothing Nincompoops, Data Encryption and DoJ

    Deputy Attorney General Rosen: Companies Like Facebook Are Making Everyone Less Safe By Offering Encryption

    Its is clear Deputy Attorney General Rosen and his DoJ ilk are know-nothing nincompoops posing as serious people.

    Mayhap Deputy Attorney General Rosen would like to lead by example?

    Dear Deputy Attorney General Rosen - lets conduct an experiment where we pretend to remove all forms of data encryption from your stupid phone. Then you get to take your stupid phone out into the great wide expanse of the world and see how long it takes before all the personal information stored in your stupid phone is exploited.

    Sound like fun?

    reply to this | link to this | view in chronology ]

  • identicon
    Tin-Foil-Hat, 7 Oct 2019 @ 5:37pm

    Liar

    A lawless, unaccountable government agency that routinely breaks what few laws apply to them with impunity. When they don't get what they want, they lie. They want easy access to everyone's communications. They will do everything by the book this time, they pinky swear. Hmmm. What should we do?

    reply to this | link to this | view in chronology ]

  • icon
    Skylos (profile), 8 Oct 2019 @ 5:51am

    Fireman's key box for Rosen

    Since only firemen have the key and would only use it lawfully, Rosen should show his respect for the law by having the key to his house in a fireman's key box right next to the door of his personal house. WCGW?

    reply to this | link to this | view in chronology ]

  • identicon
    Cowardly coward, 10 Oct 2019 @ 5:31am

    Last time we gave them keys....

    Example number one of why the government cannot be trusted with the keys to anything, be it your luggage or the encryption on your phone:

    https://lock-picking.wonderhowto.com/how-to/is-why-your-tsa-approved-luggage-locks-are-useles s-0164446/

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.