The 2016 FBI vs Apple battle in federal court over government access to encrypted devices never settled the issue. When a contractor hired by the FBI was able to break into the iPhone of a mass shooter, the case became moot.
But there are, according to the US Department of Justice (DoJ), thousands more locked phones that it contends it has a right to access. So it probably shouldn’t be a surprise that the DoJ and Silicon Valley are likely headed for another collision in court, courtesy of Deputy US Attorney General Rod Rosenstein.
Rosenstein has been giving a lot of speeches lately, about “responsible encryption,” which he defines as the kind that can be defeated for any law enforcement agency bearing a warrant, but is otherwise bulletproof against anyone but the user.
And encryption experts have said just as frequently that this is magical thinking – that it is impossible to have encryption work effectively if there is a way to defeat it, not least because that method will fall into the hands of hackers sooner rather than later, making every device vulnerable.
The signal that the conflict is headed to federal court again came this past week, just a couple of days after the FBI announced it had not been able to break into the iPhone of Devin Patrick Kelley, the shooter in the gun massacre in Sutherland Springs, Texas.
Rosenstein, in a lengthy interview with Politico Pro, said:
I want our prosecutors to know that, if there’s a case where they believe they have an appropriate need for information and there is a legal avenue to get it, they should not be reluctant to pursue it. I wouldn’t say we’re searching for a case. I’d say we’re receptive, if a case arises, that we would litigate.
Which sounds a lot like “searching” and “receptive to” are pretty much the same thing.
And that, of course, is because Round 1 ended without settling the fundamental conflict. It was launched after a mass shooting at in San Bernardino, California, in December 2015, and the FBI was unable to unlock the iPhone of one of the shooters.
A couple of months later, a federal judge asked Apple to provide “reasonable technical assistance” to the FBI, which meant providing a way around the system that locks all the data on the phone after ten incorrect password attempts.
Apple CEO Tim Cook refused, saying it would amount to providing the FBI with a master key – if they could unlock that phone, they could do it to any other.
The showdown ended when the FBI said it had been able to access the phone with the help of a third party – reportedly the Israeli mobile forensics firm Cellebrite, although that was never confirmed by the agency. This past September, a federal court ruled that the agency did not have to make the name of the company public because it would make the company a prime target of hackers and also threaten national security.
But the conflict remains. Rosenstein has said there are more than 7,000 phones in law enforcement custody that remain locked, and told Politico Pro that tech companies are, “moving in favor of more and more warrant-proof encryption.”
But, as Ars Technica noted last week, the DoJ and other law enforcement agencies, including the FBI, are working on defeating encryption with the help of Cellebrite or firms like it. Within the FBI is a department called the National Domestic Communications Assistance Center (NDCAC), which gives technical assistance to local law enforcement agencies.
The most recently published minutes of the NDCAC, from May 2017, said one of the department’s goals is to make tools like Cellebrite’s services “more widely available” to state and local law enforcement.
That’s already being done – in a sextortion case in Miami earlier this year, the NDCAC gave money to local law enforcement to pay Cellebrite to unlock a seized iPhone.
But that kind of game could be both expensive and complicated, of course. Reportedly the FBI paid Cellebrite about $900,000 to unlock a single phone. And, as the makers of digital devices improve the security of encryption, it may take considerable time, and increased expense for companies like Cellebrite to continue breaking it.
So the debate before federal judges will likely sound a lot like the one playing out in speeches, blogs and interviews. On the law enforcement side, those like former FBI director James Comey and now Rosenstein argue that it should be possible for companies like Apple to create a “key” to defeat encryption when law enforcement has a warrant to search a device. They say those companies don’t have to give the key to government – they can protect it within their own organization.
Rosenstein has argued in his speeches that tech companies already provide access to encrypted data through things like the management of security keys and operating system updates. This past week, he compared it to door locks for a house. “People want to secure their houses, but they still need to get in and out,” he told Politico Pro. “Same issue here.”
But encryption experts, noting that there is no such thing as bulletproof security, say if such a key exists, it will soon be in the hands of everybody else as well. Which would be like everybody getting the key to your house – and every other house.
Bruce Schneier, CTO at IBM Resilient and an encryption expert, has called Rosenstein’s reasoning “absurd” a number of times. Last year, in a paper sponsored by the Berkman Center for Internet & Society, he used a different image:
Compare this with the tactic of secretly poisoning all the food at a restaurant. Yes, we might get lucky and poison a terrorist before he strikes, but we’ll harm all the innocent customers in the process. Weakening encryption for everyone is harmful in exactly the same way.
Rosenstein continues to argue that right now, the cost of strong (what he calls “irresponsible”) encryption is too great.
There is a cost to having impregnable security, and we’ve talked about some of the aspects of that. The cost is that criminals are going to be able to get away with stuff, and that’s going to prevent us in law enforcement from holding them accountable.
It is, of course, good politics to sell an encryption backdoor as a way to prevent terrorism, or to hold terrorists accountable. But good politics doesn’t necessarily make good law.
Jim
I’m sorry, but full-strength encryption with a back door is definitely possible. Just use a multi-factor authentication that varies over time as the back door. The authentication process would need to be more secure than the encryption, but that’s something that already exists.
While it wouldn’t be uncrackable, that’s because no encryption is uncrackable, not because the back door exists.
Paul Ducklin
Errrrr, who gets to decide when the second authentication factor is used to unlock someone else’s message?
Encryption management tools (like Sophos’s own Safeguard product) already allow for key recovery in case you forget your password or storm out of the company, but [a] the company gets to choose whether to allow “two keys for every lock” and [b] the company gets to decide when and how to allow the backup keys to be used. Employees who don’t want the company to have a backup key to their private information can make an informed choice not to put personal data onto company computers.
But when you replace “company” with “government”, when you answer [a] with “always”, and when you answer [b] with “when some bureaucrat says so” (or “when the enormous, nation-wide database of backup keys gets breached”), things aren’t quite so reasonable. (In particular, you don’t get to opt out of the “two keys for every lock” choice, and you don’t get much or even any say in when or how those always-present backup keys get used.)
Jim
No, it shouldn’t be the government. Only the manufacturer should know how to get in, and then they should only use it when there’s a court order. Further, the multiple factors required to get in need to be isolated within the company, so no one organization (in the company) can ever break in illegitimately.
The biggest problem I see is that in order for it to never “get out”, it has to be modifiable.
As an example, I used to “own” an administrator-password mechanism for PCs. The password was always the same on any given day, but as soon as one of the systems required its use, all of the systems were updated with a new (and strong) password. Any back door to encryption would need to be updated periodically to prevent people who may have become privy to the method from exploiting it.
My problem with unbreakable encryption is that it helps terrorists to violate my most important security issue: my life. (Or, it helps them avoid convictions after the fact.) I would never trust the government to be the keepers of this information; they can be as bad as terrorists at times.
No, there needs to be multiple components to control access. They company should have safeguards in place to prevent any rogue internal operatives from exploiting it. The government should simply use it, and report on it’s effectiveness and safety (from their use of it).
Paul Ducklin
Well, it’s not as though any vendors have ever had data breaches, so perhaps that’s OK.
Max
“Creating a backdoor key is no problem as long as you keep the backdoor key safe”. That IS the problem. It doesn’t matter how you design the backdoor key, it can and will always be stolen. And it’s worth stealing, because with it you get access to *everything* that is encrypted in that way at once. It is very naive to think a backdoor key would not entirely defeat the purpose of encryption. Huge corporations get breached regularly, and even the NSA can’t keep their stuff save, and you are proposing to “just have safeguards in place” and everything will be fine.
Paul Ducklin
That’s the thing with giant cupboards stuffed full of supersensitive data such as decryption keys – almost none of it will ever be of any use to law enforcement, but absolutely all of it is of inestimable value *to the very people that the cupboard is supposed to protect us from*. If you are determined to give crooks and terrorists a really, really, top-notch prospect of criminalising and terrorising us all, then one of these “giant cryptocupboards” is the way to go.
For those who want an analogy in the physical world, try “Hatton Garden robbery” in your favourite search engine. I’ve seen the crooks behind that heist derided publicly on TV for being hopeless criminals (they made numerous blunders and were quickly caught)… which I’m sure is a matter of great comfort to the many victims.
Marcus Malik
Obviously, it is possible to create a backdoor. What is impossible is creating a backdoor that admits local government authorities without also admitting cybercrime syndicates, hostile foreign governments, nihilistic saboteur hackers, etc.
Kyle
Jim, that’s just not true. Look at how much information gets leaked from company’s. Who knew about the new Iphone before it was announced? or who can find a movie on the internet before its released?
and who said that multi factor authentication is secure?
one thing your correct about is that all encryption can be broken. That’s the back door law enforcement is looking for! they just don’t want to spend the money on it. Encryption should be impossible for all except those that have the resources to break it, exactly as it is now.
Jim
My idea isn’t to “crack” the encryption, but to provide a second path to legitimate decryption.
And, I think the government should pay for it. (Although, how they would police this without being allowed to look at the process is an open question.)
No arm of government would ever have unfettered access to it. The administrative or legislative arms of government should only be able to use it with a valid court order.
Spryte
In my opinion there is no justification for a “Backdoor” in any situation. We have, more than enough tools to find and collect information on the evildoers.
Products like Safeguard, Tor and others were initially made by “Good Guys/Gals” to protect legitimate information, files and communications
In our “Free Society” we have to put up with and live with some “Not So Good Guys/Gals” and even some “Really Bad (Evil) Guys/Gals”.
Since our society is “Free”, our tools are known and can be stolen and used for “No Good” or “Evil”. Something we really cannot control unless we change the society we live in.
Not something I am willing to do.
Over the years I have used encryption to protect clients. files as well as personal information and will continue to do so even though I am now retired. I know my personal info is protected (as well as I can) and when the data retention policies expire I can drive a piece of rebar through my backup drives to destroy old client files.
D K
I am willing to pay the price for personal, private encryption. The cost of this freedom can be high. I inderstand that. My concern is the erosion of our ability to keep things we want kept to ourselves private from everyone which necessarily includes the government. The government aleady has so many ‘feet in the door’ that there is almost no door left. People use many of the same arguments for having cameras posted everywhere. I has to stop somewhere. The courts are our current safeguard against government intrusion. But the courts are made up of people who make decisions based on things other than the law at times (more often understood as ‘differing interpretations’ of the law among individual judges). Even if we were to trust the courts to correctly interpret the law, the law is largely made up of whatever political winds are blowing at the time. No, if the question is who has control, I say to give it to the individual.