Deputy Attorney General Rod Rosenstein has made a name for himself as a crypto warrior who promotes a murky idea called "responsible encryption," through which software would somehow be designed so that its security worked 100% of the time when criminals and foreign governments were trying to break it, but fail 100% of the time when the US government was trying to break it.
He's fleshed out that idea somewhat in an interview with Politico Pro, in which he called crypto that the US government couldn't break "unreasonable," while simultaneously endorsing "strong encryption, because the stronger the encryption, the more secure data is against criminals who are trying to commit fraud."
Encryption experts are in virtual universal consensus that math can't distinguish between good guys and bad guys, so any math designed to stop bad guys from unraveling it will also stop good guys. Rosenstein called this position "absolutist."
This debate has been underway since the Clinton era, when the "Clipper chip" had been proposed as a way of squaring this circle: all phones would be fitted with a chip that would assist in encryption, and that chip would yield all its secrets to anyone who knew a special password that only the government would be allowed to know and would never, ever leak.
As implausible as this idea was in the 1990s, it's even less plausible today. That's because computers can run any code, not just code that the US government approves, and code hosted outside the reach of US regulators can be readily downloaded and installed on computers inside the US — while US adversaries in other countries are unlikely to abide by the US law that says that they must not install code that would help them resist surveillance by their enemies in the US government.
This proposal has never been far from the lips of authoritarian policymakers in the "free world." It was proposed by David Cameron in 2015, then by his successor Theresa May last June, then again that month by the Australian Attorney-General.
These other policymakers face impossible battles to ban crypto in their territories, something you can detect if you pay close attention to their rhetoric (in July, the Australian Prime Minister insisted that he would force the laws of mathematics to obey the laws of Australia!).
But US lawmakers have, if anything, an even more impossible battle. That's because of the 1992 Bernstein decision, which established that code is a form of expressive speech, protected by the First Amendment. That means that any attempt to ban working crypto in the USA would require all the implausible steps that any other country would need (mandating "app store" style computing for all devices so that only authorized code could run on them; establishing a national firewall to block sites that distributed working crypto; prohibiting visitors to the country from bringing computing devices, including phones, with them, etc), but also overturning a legal precedent at the appellate division of the Ninth Circuit.
"I favor strong encryption, because the stronger the encryption, the more secure data is against criminals who are trying to commit fraud," he explained. "And I'm in favor of that, because that means less business for us prosecuting cases of people who have stolen data and hacked into computer networks and done all sorts of damage. So I'm in favor of strong encryption."
"This is, obviously, a related issue, but it's distinct, which is, what about cases where people are using electronic media to commit crimes? Having access to those devices is going to be critical to have evidence that we can present in court to prove the crime. I understand why some people merge the issues. I understand that they're related. But I think logically, we have to look at these differently. People want to secure their houses, but they still need to get in and out. Same issue here."
He later added that the claim that the "absolutist position" that strong encryption should be by definition, unbreakable, is "unreasonable."
"And I think it's necessary to weigh law enforcement equities in appropriate cases against the interest in security," he said.
DOJ: Strong encryption that we don't have access to is "unreasonable"
[Cyrus Farivar/Ars Technica]
(Image: Facepalm, Brandon Grasley, CC-BY)