Matter of fact, it’s all dark

Deputy Attorney General Rod Rosenstein touched on encryption when speaking at the U.S. Naval Academy recently:

Encryption is a foundational element of data security and authentication … But the advent of “warrant-proof” encryption is a serious problem … Our society has never had a system where evidence of criminal wrongdoing was totally impervious to detection, especially when officers obtain a court-authorized warrant.

encryptionWhile the first sentence is hardly controversial, the last is problematic, to put it mildly. First, our society has always had myriad ways to hide secrets: simply not sharing them; whispering in private; and, yes, encryption—from Caesar ciphers to one-time pads. All the warrants in the world cannot force someone to share information they do not wish to share. And it’s fairly well accepted that torture, while often eliciting information, cannot reliably elicit accurate information. In other words, when tortured, people still lie. So even ignoring the legal issues surrounding “advanced interrogation”, secrets can endure.

It’s also worth noting that it’s not clear that encryption is really causing law enforcement that many problems. Sure, we all heard about the San Bernardino iPhone, but a quick look at the U.S. Courts Annual Wiretap Reports shows that the number of wiretaps is not changing much, year over year, and that the number foiled by encryption is miniscule and also quite stable.

Rosenstein went on to suggest that the solution to this “going dark”, to use his phrase, includes some sort of centrally controlled key management. This of course opens up a whole new set of problems, starting with Quis custodiet ipsos custodes?

Of course law enforcement officers don’t like encryption; they don’t like anything that makes their jobs harder. This includes ensuring probable cause, getting warrants, honoring suspects’ Miranda rights, and doing paperwork. This doesn’t make them evil; to the contrary, it shows that they are responsible—doing their best to get the job done. But “it makes the job harder” is no reason to waste time and effort trying to achieve the fundamentally impossible.

The problem is that encryption is mathematics, which is knowledge. All the laws in the world cannot stamp out knowledge: that has been proven repeatedly. So even if U.S. did make a law saying that strong encryption was illegal—which would also be somewhat ironic, given that the most commonly used strong encryption is the U.S. government-sanctioned Advanced Encryption Standard (AES)—programmers from other countries would continue to produce applications employing strong encryption.

Rosenstein concluded with:

There is no constitutional right to sell warrant-proof encryption.

Constitutional, no. Natural, yes.

 

About the Author
Phil Smith III is a distinguished technologist and Senior Architect & Product Manager, Mainframe & Enterprise, at Micro Focus, formerly HPE Software. He is the author of the popular blog series, Cryptography for Mere Mortals. Learn more about our data encryption technologies.

Leave a Reply

Your email address will not be published. Required fields are marked *