4 December 2018

When does ‘responsible encryption’ equal surveillance?

By: Justin Lynch

Deputy Attorney General Rod Rosenstein answers a question after announcing that the office of special counsel Robert Mueller announced a grand jury has charged 13 Russian nationals and several Russian entities, Friday, Feb. 16, 2018, in Washington. The defendants with an elaborate plot to interfere in the 2016 U.S. presidential election.

The Trump administration and the Department of Justice’s want to modernize surveillance and computer crime laws as a way to boost cybersecurity, but researchers and privacy experts are skeptical of the federal government’s motives and warn that digital security may be an excuse to install backdoors in encrypted phones.

Speaking at Georgetown University Nov. 29, Deputy Attorney General Rod Rosenstein urged private firms to undertake “responsible encryption” in devices. He defined that level of protection as “effective, secure encryption that resists criminal intrusion but allows lawful access with judicial authorization.”


Some Justice Department officials and lawmakers have proposed allowing authorities to have access over encrypted data, but technology manufacturers, namely Apple, have refused to participate.

“There is nothing virtuous about refusing to help develop responsible encryption” or contributing to a system “where people are free to victimize others without fear of getting caught or punished,” Rosenstein said.

In its recently unveiled cybersecurity strategy, the White House pledged to work with Congress to “modernize electronic surveillance and computer crime laws,” in order to deter criminal networks and impose consequences on cyber actors.

But privacy advocates and surveillance experts argue that the Justice Department and the Trump administration’s statements are efforts to undermine encryption in the name of cybersecurity.

"For the government, cybersecurity is a potentially useful stalking horse for surveillance,” said Sarah St. Vincent, a researcher at Human Rights Watch. She added that the National Security Agency does not need congressional approval to expand surveillance capabilities under Executive Order 12333, a law which regulates intelligence from the Reagan era.

The Trump administration’s cybersecurity strategy to modernize electronic surveillance and computer crime laws could be an attempt to mandate back doors to encrypted devices, said Sharon Bradford Franklin, director of surveillance and cybersecurity policy at the New America Foundation. “This would be ill-advised and dangerous to cybersecurity.”

Experts have warned that mandating backdoors would make devices less secure, because foreign governments could also take advantage of the security gaps.

Details are thin about the Trump administration’s plans to follow through on the modernization of electronic surveillance laws in the strategy. Neither the White House nor the National Security Agency responded to requests for more details. Four members of the House and Senate intelligence oversight committees told Fifth Domain Sept. 27. that there were not aware of the Trump administration’s specific proposals in this area.

No comments: