(No Ratings Yet)

Loading...

• Facebook
• Twitter
• LinkedIn
• Mail

October 12, 2017 7

US Deputy Attorney General Rod Rosenstein issues ignorant call for “responsible” encryption

in Everything Encryption

The deputy attorney general is framing this argument all wrong.

On Tuesday, in the course of a larger speech at Annapolis, Maryland, deputy Attorney General Rod Rosenstein – speaking on behalf of the US government – The deputy attorney general is framing this argument all wrong The other day, in the course of a larger speech, deputy Attorney General Rod Rosenstein – speaking on behalf of the US government – called for “responsible” encryption. Or, put another way, breakable encryption.

This is how Rosenstein explains it: When encryption is designed with no means of lawful access, it allows terrorists, drug dealers, child molesters, fraudsters, and other criminals to hide incriminating evidence. This is an incredibly myopic perspective and one that isn’t even consistent with other positions taken by the DOJ and the current administration. Let’s start with why it’s myopic The entire point of encryption is to be unbreakable. Encryption was not created with oversight in mind. The entire point is to scramble a message in a way that only allows an intended recipient, with a corresponding key, to decrypt it. That’s basic.

The concept of “responsible” encryption fails simply for being oxymoronic in the context it’s being used. But beyond that, if somebody possesses the means to crack industry-standard encryption then everyone will eventually have the means. It’s either incredibly arrogant or amusingly naïve to think that weakening encryption wouldn’t result in someone else figuring out how to crack it, too. And assuming that logic IS correct and nobody else does possess the means to crack publicly-available encryption—do you really expect us to keep it safe? Right now, on a near-weekly basis, the NSA’s entire digital espionage playbook is being laid out for the world to see. Other government agencies have also been targeted recently. There’s no guarantee the government could even keep the key safe.

And that brings us to another question. What encryption does the government intend to use? Does this spell the intention to create classes of encryption in which civilian encryption pales compared to military or government encryption? Is that even feasible? Have you even thought it this far through? Encryption is a tool. It’s neither good nor bad on its own. It’s simply a way to obfuscate information. The conduct of the person using the encryption should have no bearing on its greater legality. Isn’t that the logic behind our current gun laws? And that’s a nice segue into the second part of this discussion: this stance isn’t even consistent with some of the DOJ and the Trump administration’s current positions. When someone uses a semi-automatic with a bump stock to kill nearly 60 people and injure over 500 we don’t blame the guns. We don’t make this kind of argument.

I’m not commenting on gun control – we’re an SSL company, let’s not get any more political than we already are – it’s just the lack of consistency. It’s never that guns allow criminals to perpetrate acts of violence that we can’t stop so we need to weaken them for public safety. Granted, people make that argument after these tragedies but that logic never prevails. So why is encryption any different? The vast majority of encryption users are law-abiding citizens. Why should their rights be trampled because of the actions of a select few? Outlawing encryption because it makes it difficult to spy on the communication is like outlawing whispering because you can’t hear what people are talking about. Still, Rosenstein joins a growing chorus of politicians that don’t really understand encryption but still want to regulate it. We, as private citizens, can’t allow that to happen.

Rosenstein says we don’t have a right to absolute privacy. That’s an ironic position for a Republican that favors a smaller government to take and one I vehemently disagree with. Statements like Rosenstein’s are exactly why we need encryption. You DO have a right to privacy. Don’t let anyone tell you otherwise.”>called for “responsible” encryption. Or, put another way, breakable encryption.

This is how Rosenstein explains it:

When encryption is designed with no means of lawful access, it allows terrorists, drug dealers, child molesters, fraudsters, and other criminals to hide incriminating evidence.

This is an incredibly myopic perspective and one that isn’t even consistent with other positions taken by the DOJ and the current administration.

Let’s start with why it’s myopic

The entire point of encryption is to be unbreakable. Encryption was not created with oversight in mind. It’s meant to scramble a message in a way that only allows an intended recipient, with a corresponding key, to decrypt it. That’s basic.

The concept of “responsible” encryption fails simply for being oxymoronic in the context it’s being used. But beyond that, if somebody possesses the means to crack industry-standard encryption then everyone will eventually have the means. It’s either incredibly arrogant or amusingly naïve to think that weakening encryption wouldn’t result in someone else figuring out how to crack it, too.

And assuming that logic IS correct and nobody else does possess the means to crack publicly-available encryption—do you really expect us to trust you to keep it safe? Right now, on a near-weekly basis, the NSA’s entire digital espionage playbook is being laid out for the world to see. Other government agencies have also been targeted recently. The US Government is being breached on a near-daily basis.

There’s no guarantee the government could even keep the key safe.

And that brings us to another question. What encryption does the government intend to use? Does this spell the intention to create classes of encryption in which civilian encryption pales compared to military or government encryption? Is that even feasible? Have you even thought it this far through?

Encryption is a tool. It’s neither good nor bad on its own. It’s simply a way to obfuscate information. The conduct of the person using the encryption should have no bearing on its greater legality.

Isn’t that the logic behind our current gun laws?

And that’s a nice segue into the second part of this discussion: this stance isn’t even consistent with some of the DOJ and the Trump administration’s current positions.

When someone uses a semi-automatic rifle with a bump stock to kill nearly 60 people and injure over 500 in Las Vegas we don’t blame the guns. We don’t make this kind of argument. I’m not commenting on gun control – we’re an SSL company, let’s not get any more political than we already are – it’s just the lack of consistency that bothers me.

It’s never that the guns allow criminals to perpetrate acts of violence that we can’t stop so we need to weaken them for public safety.

Granted, people make that argument after these tragedies but that logic never prevails. Never.

So why is encryption any different? The vast majority of encryption users are law-abiding citizens. Why should their rights be trampled because of the actions of a select few?

Outlawing encryption because it makes it difficult to spy on communication is like outlawing whispering because you can’t hear what people are talking about.

Still, Rosenstein joins a growing chorus of politicians that don’t really understand encryption but still want to regulate it. We, as private citizens, can’t allow that to happen. Rosenstein says we don’t have a right to absolute privacy. That’s an ironic position for a Republican that favors a smaller government to take and one I vehemently disagree with.

Statements like Rosenstein’s are exactly why we need encryption. You DO have a right to privacy. Don’t let anyone tell you otherwise.

• #Encryption