The advent of “warrant-proof” encryption allows criminals and terrorists to hide incriminating evidence, a Department of Justice official said this week, while urging technology companies to work in collaboration with the government.
Deputy Attorney General Rod Rosenstein told an audience this week at the United States Naval Academy that warrant-proof encryption (designed with no means of lawful access) allows criminals and terrorists to hide incriminating evidence. The government refers to this problem as “Going Dark—the threat to public safety that occurs when service providers, device manufacturers, and application developers deprive law enforcement and national security investigators of crucial investigative tools,” he said.
“Our society has never had a system where evidence of criminal wrongdoing was totally impervious to detection, especially when officers obtain a court-authorized warrant—but that is the world that technology companies are creating,” Rosenstein said.
A high-profile example of this occurred in February 2016, following a terrorist attack at an office Christmas party in San Bernardino, California. The FBI wanted to find out if the iPhone used in the attack contained evidence of plans for other attacks or information about other terrorists. Even though Apple had the technical capability to help the government obtain the encrypted data, Apple refused and further appealed when the government obtained a court order requiring Apple to assist. Ultimately, the government accessed the data on the iPhone without the help of Apple.
Critics argue that the evidence concealed by encryption can be offset by new sources of information—such as location data or data derived from internet-connected devices. “We may be awash in data, but it is not always the kind of evidence that our rule of law tradition establishes as sufficient to establish guilt beyond any reasonable doubt,” Rosenstein argued.
There is a workaround solution to this problem: “Responsible encryption can involve effective, secure encryption that allows access only with judicial authorization,” Rosenstein said. Such a proposal would not require every company to implement the same type of solution; nor would it require the use of a chip or algorithm, he said.
“When a court issues a search warrant or wiretap order to collect evidence of crime, the provider should be able to help,” Rosenstein said. “The approach taken in the recent past—negotiating with technology companies and hoping that they eventually will assist law enforcement out of a sense of civic duty—is unlikely to work.”
Technology giants operate in a highly competitive environment and will always try to attract customers by promising stronger encryption. Legal protections are needed. “Technology companies almost certainly will not develop responsible encryption if left to their own devices,” Rosenstein said. “Competition will fuel a mindset that leads them to produce products that are more and more impregnable. That will give criminals and terrorists more opportunities to cause harm with impunity.”