Deputy Attorney General Rod Rosenstein told cadets at the Naval Academy in Annapolis that “warrant proof” encryption posed a threat to law enforcement. And by impeding law enforcement’s ability to read messages sent from services like iMessage or Signal, encryption puts the public at risk. His speech to the cadets mirrored another speech from one week prior that he presented at the Cambridge Cyber Summit.
Rosenstein began his encryption schpiel by describing several threats and cyber security incidents that law enforcement had faced within the past few years. “Sometimes we face real torpedoes. And sometimes, in the cyber world, we face virtual torpedoes,” he told the room filled with Naval Academy cadets. Throughout the speech, he used references that, in since form, had a vague naval relevance.
He mentioned the 2013 attempted attack on a dam in New York. A threat actor had gained access to controls that could have allowed the attacker to remotely control the gate. An important piece of that wireless dam control hack—the dam’s sluice gate that regulated water flow—needed maintenance and had been disconnected. Also the 2016 ordeal between Apple and the FBI where the FBI attempted to force Apple to backdoor an iPhone they could not technically backdoor. Of course, the FBI just went to one of their many private sector hacking firms like Cellebrite and purchased an iPhone exploit.
The darknet also received a mention. “Consider, for instance, how the ‘dark web’ facilitates child exploitation and promotes trade in illicit goods.” (This would have been humorously obnoxious if the United States Naval Research Laboratory—where onion routing was born—consisted of fewer civilians and more Navy scientists.)
Rosenstein made his way to the problem law enforcement faces when dealing with internet crime: encryption. He said that it undermines the US Constitution. The Deputy Attorney General said that when a judge issues a warrant for a suspect’s phone, but police are unable to access it, there was no point for the warrant. In the past, he explained, phone manufacturers used to leave backdoors in their phones and other products. Now, referring to Apple, smartphone manufacturers are taking that power out of their own hands and removing their own backdoors.
He lamented law enforcement’s inability to bypass safety measures taken to protect private data from the government. The Deputy Attorney General swapped from explaining the necessity of protection from cybercriminals to the horrors of encryption. He said that it was essential to the growth of an economy but said a “candid” debate was needed to determine whether or not a company can create end-to-end encrypted services.
The answer, he says, was “responsible encryption.” Responsible encryption is “secure encryption that allows access only with judicial authorization.” Nobody would call responsible encryption a “backdoor,” he explained. The proposal, he explained, was that tech companies keep evidence pertaining to a crime available for law enforcement to access.