Rosenstein’s “Responsible Encryption” a Fallacy, Experts Say

BY Ryan Conley

PASSWORD  ***** Thoughtful male person looking to the digital phone screen,Silhouette top computer and hand
PASSWORD ***** Thoughtful male person looking to the digital phone screen,Silhouette top computer and hand

LISTEN

U.S. Deputy Attorney General Rod Rosenstein recently reignited the debate around digital encryption and its ability to thwart investigations into increasingly many crimes.

In remarks delivered at the United States Naval Academy in Annapolis, Maryland, Rosenstein took Silicon Valley to task, characterizing tech companies as standing in the way of public safety.

“Company leaders may be willing to meet, but often they respond by criticizing the government and promising stronger encryption,” Rosenstein said. “Of course they do. They are in the business of selling products and making money. ... We are in the business of preventing crime and saving lives.”

The longstanding tension between law enforcement and technology giants nearly came to a head last year when the Justice Department sought to force Apple Inc to unlock an iPhone that belonged to the perpetrators of a mass shooting in San Bernardino, California. That legal battle was called off when the FBI said that a third party had successfully broken into the phone.

The larger issue remains unresolved, however, with both the strength of consumer-level encryption and the prevalence of its use increasing steadily. Currently, no specific legal challenges or legislative proposals regarding encrypted communications are on the table. But every high-profile crime or mass shooting brings with it the possibility of a perpetrator leaving behind an uncrackable device which authorities desperately want to access.

Rosenstein’s remarks lacked any specific technical proposals, instead proposing that tech companies design and implement their own solutions to allowing authorities to access encrypted communications with judicial approval, which he called “responsible encryption.”

“Such a proposal would not require every company to implement the same type of solution,” Rosenstein said. “The government need not require the use of a particular chip or algorithm, or require any particular key management technique or escrow.”

One commonly theorized program would require every creator of encryption software to provide the U.S. government with a master decryption key. Deep skepticism of such a system among security experts seems universal.

Greg Scott, cyber security professional and novelist, told Bigger Law Firm that central management of encryption keys was inherently insecure.

“Imagine a repository containing the billions, maybe trillions of encryption keys we use every day in 21st century society,” Scott said. “Now imagine keeping all those keys safe from cyber-attack, keeping in mind the U.S. government’s track record. Do we really want to trust the government with the encryption keys that keep modern society functioning?”

Scott also criticized Rosenstein’s notion that tech companies might create novel and secure ways of assisting criminal investigations if only they would try. “Encryption depends on keys and algorithms. There are two ways to grant government access to encrypted communication. Either give government access to the keys or weaken the algorithms. Both have so many opportunities for abuse, and so many easy workarounds, that the cure is worse than the disease.”

Jennifer DeTrani, general counsel at Wickr, a secure messaging startup, agrees. She told Bigger Law Firm that decryption master keys would inevitably end up in the hands of “malicious hackers including state and non-state actors,” and also emphasized the economic benefits of protected communication.

Rosenstein “hit the nail on the head when he said that encryption is ‘essential to the growth and flourishing of the digital economy,’” said DeTrani. “Individuals and companies are entitled to end-to-end encryption to protect business and personal communications and transactions.”

Rosenstein’s comments may signal an intent to push Congress to mandate mechanisms to bypass encryption, but the certainty of legal challenges to such a law ensure this debate will not end soon.

Ryan Conley

Ryan Conley is a staff contributor to Bigger Law Firm Magazine and a legal content strategist for U.S. based law firms.

MORE STORIES

Writing press releases for law firms

How Law Firms Can Effectively Use Press Releases

Press releases allow law firms to share their successes, announce new hires or promotions, and position themselves as thought leaders in their respective practice areas. In this article, I will share best practices for writing a great title, writing a great summary, and telling your story in a meaningful way, as well as provide scenarios…

Fluff Content AI Articles for Law Firms

Google’s John Mueller Warns Fluff Content Can Harm Your Law Firm’s Whole Site

By heeding John Mueller’s warning and focusing on producing valuable, informative content for your audience, you can avoid the pitfalls of fluff content and improve your website’s overall search engine performance.

Lawyer Making a Video

Lights, Camera, Action: How Lawyers Can Create Compelling Videos

One of the most effective ways to reach potential clients is through video content. According to HubSpot, 91% of businesses use video as a marketing tool, and for good reason: video content can increase website traffic, engagement, and conversions. In this article, we’ll discuss how lawyers can create a video that explains an area of…