Great, now there's 'responsible encryption'

What could possibly go wrong?

Journalist

Updated Fri, Oct 27, 2017, 3:00 PM·6 min read

Trump's Department of Justice is trying to get a do-over with its campaign to get backdoors onto iPhones and into secure messaging services. The policy rebrand even has its own made-up buzzword. They're calling it "responsible encryption."

After Deputy Attorney General Rod J. Rosenstein introduced the term in his speech to the U.S. Naval Academy, most everyone who read the transcript was doing spit-takes at their computer monitors. From hackers and infosec professionals to attorneys and tech journalists, "responsible encryption" sounded like a marketing plan to sell unsweetened sugar to diabetics.

Government officials -- not just in the U.S. but around the world -- have always been cranky that they can't access communications that use end-to-end encryption, whether that's Signal or the kind of encryption that protects an iPhone. The authorities are vexed, they say, because encryption without a backdoor impedes law-enforcement investigations, such as when terrorist acts occur.

However, backdooring encryption is not the same as wiretapping. There's no way for law enforcement to be specific about its "lawful surveillance." Because of the way you'd have to break the end-to-end encryption, bulk data collection would be the only type of access possible. If the authorities were viewed as an attacker on a network, this could be called giving them "persistent access."

Maybe that's why Sens. Ron Wyden and Rand Paul just introduced a bill prohibiting the attorney general and director of national intelligence from asking for technical assistance (from companies) to crack phones unless it's in very limited circumstances. Infosec chatter believes this bill suggests Wyden is worried the feds will use the FISA process -- requests for surveillance warrants -- to force companies to make technical changes (as in, adding backdoors).

They're not the only ones in Washington who think "responsible encryption" and its torch-bearers are suspect. "Look, it's real simple. Encryption is good for our national security; it's good for our economy. We should be strengthening encryption, not weakening it. And it's technically impossible to have strong encryption with any kind of backdoor," said Rep. Will Hurd (R-Texas), when asked about Rosenstein's proposal for responsible encryption at The Atlantic's Cyber Frontier event in Washington, D.C.

Computer hacker stealing information with laptop

Still, the problem with backdooring encrypted platforms is that they are no longer secure or private. And as we see every week in the news about everything cyber, if there's a backdoor, the "bad guys" will find it and use it long before the so-called good guys know what's happened. It also really, really doesn't help that, right now, Trump's "cyber czar" can't even be bothered to show up to work.

Not to mention the little problem of surveillance and investigatory overreach we see regularly from government agencies (historically a la the NSA) and recently thanks to the Trump administration.

When we had arguments about encryption with our government agencies during the Obama administration, it was FBI Director James Comey versus the world, and despite the issue being fairly straightforward about security, the blame was put on privacy advocates.

The tone for that pro-backdoor influence campaign was set in 2015 when CIA Director John Brennan gave a press conference saying multidepartment information-gathering operations -- who need their encryption backdoors -- were "hampered" by concerns about privacy. He blamed public "hand-wringing" over its surveillance programs as an obstacle to catching the bad guys.

The DOJ's rebranding, by way of DAG Rosenstein this month, is like a Silicon Valley startup's pivot that hopes doublespeak will help it win the war. By saying that there's such a thing as "responsible encryption," we're led to believe that there's such a thing as "irresponsible encryption."

It's like if Facebook said it practiced "responsible privacy" (or "responsible democracy," for that matter). Think of it like Backwards Day. Here, encryption that is responsible is broken, and irresponsible companies and developers and apps are the ones who are running correctly implemented secure encryption.

Rosenstein said:

Responsible encryption is achievable. Responsible encryption can involve effective, secure encryption that allows access only with judicial authorization.

It looks like Rosenstein was just warming us up for what came next. This week press reported that FBI Director Christopher Wray said "the FBI hasn't been able to retrieve data from more than half of the mobile devices it tried to access in less than a year." The AP wrote:

In the first 11 months of the fiscal year, federal agents were unable to access the content of more than 6,900 mobile devices.

"To put it mildly, this is a huge, huge problem," Wray said. "It impacts investigations across the board -- narcotics, human trafficking, counterterrorism, counterintelligence, gangs, organized crime, child exploitation."

Wow, press noted, 7,000 devices seems like a lot. It's too bad the FBI director failed to include some fascinating facts. For instance, that requests from law enforcement to crack open encrypted phones actually doubled in the last half of last year.

When the "responsible encryption" groundwork was laid by Rosenstein, infosec Twitter erupted in its usual mix of laughter and disgust. Some called it dangerous, if not just reckless. Tech press called "responsible encryption" a myth. Naturally the EFF had some things to say, most hilariously that "Deputy Attorney General Rosenstein's "Responsible Encryption" Demand is Bad and He Should Feel Bad."

Rod Rosenstein was one of Trump's handpicked appointees. As the deputy attorney general, he's in a crucial position at the head of the investigation into alleged connections between the Trump administration and Russia. He was also the guy whose three-page memo was reportedly pivotal to Trump's decision to fire former FBI Director James Comey -- Rosenstein wrote that Comey must be removed if the agency hoped to "regain public and congressional trust."

Trump, as we know, is not a fan of encryption, whatever he seems to actually understand about it. When the FBI-Apple-iPhone encryption issue was brought to his attention, Trump insisted the company should be forced to comply with the FBI or be punished with a boycott. "I think it's disgraceful that Apple is not helping on that. I think security first, and I feel -- I always felt security first. Apple should absolutely -- we should force them to do it," he said.

Like "going dark" -- another buzzword pair used in the government's agenda to break encryption -- I'll bet "responsible encryption" will be taken seriously (it shouldn't be) and find its way into an executive order. Because if ever we lived in a time when Backwards Day was every day, that time is now.

Image: Getty Images/iStockphoto (Hooded hacker); Andrew Harrer/Bloomberg via Getty Images (Rosenstein)

Engadget
Newsletter service Ghost will support the fediverse protocol ActivityPub
Newsletter platform Ghost is the latest service to pledge support for ActivityPub, the open source protocol powering the fediverse.
8h ago
Engadget
Russian court sentences Meta spokesperson in absentia to six years in prison
A Russian court has sentenced a Meta spokesperson in absentia to six years in prison. It claims that Andy Stone was "publicly defending terrorism."
11h ago
Engadget
Mozilla urges WhatsApp to combat misinformation ahead of global elections
Social media companies like Meta, YouTube and TikTok, have promised to protect the integrity of those elections, at least as far as discourse and factual claims being made on their platforms are concerned. Missing from the conversation, however, is closed messaging app WhatsApp, which now rivals public social media platforms in both scope and reach.
11h ago
Engadget
Even the indie game El Paso, Elsewhere is getting turned into a movie
The hit indie game El Paso, Elsewhere is getting turned into a movie, with Academy Award nominee LaKeith Stanfield attached to both star and produce. Di Bonaventura Pictures and Colin Stark will also produce.
12h ago
Engadget
Star Wars Jedi: Survivor is coming to Game Pass Ultimate and EA Play on April 25
Star Wars Jedi: Survivor is coming to Game Pass Ultimate, PC Game Pass and EA Play on April 25.
13h ago
Engadget
The EU opens an investigation into TikTok Lite, citing addiction concerns
The EU has opened a second investigation into TikTok, regarding the addictive nature of TikTok Lite. The governing body could force a ban on the app while the investigation continues.
13h ago
Engadget
Meta opens Quest OS to third parties, including ASUS and Lenovo
In a huge move for the mixed reality industry, Meta announced today that it's opening the Quest's operating system to third-party companies, allowing them to build headsets of their own.
15h ago
Engadget
Tales of the Shire trailer shows what life as a regular Hobbit looks like
Weta Workshop and Private Division have released the first trailer for Tales of The Shire. You play as a Hobbit in this Lord of the Rings cozy life sim.
15h ago
Engadget
What we watched: Bluey’s joyful finales
Bluey closed out its third season with two episodes of joyful highs and weepy lows.
15h ago
Engadget
Some Amazon and Max cartoons may have been partially animated in North Korea
North Korean animators may have helped create popular cartoons for Amazon Prime Video, Max and other streaming services. Researchers allegedly discovered files on a North Korean internet server that included animations, written instructions and comments regarding the shows.
15h ago
Engadget
Anker's Soundcore Space A40 wireless earbuds are back down to $49 right now
The Anker Soundcore Space A40 is our favorite budget pair of true wireless earbuds, and it's now on sale for a low of $49 on Amazon.
16h ago
Engadget
Grindr sued for allegedly sharing users' HIV status and other info with ad companies
Grindr is facing a class action-style lawsuit after allegedly sharing sensitive user data such as HIV statuses with advertising companies.
17h ago
Engadget
The best college graduation gifts
Graduating college is a huge accomplishment — celebrate the new grad in your life (and help make their transition into adulthood easier) with these tech gifts.
a year ago
Engadget
Embracer Group is splitting up its messy gaming empire into three different companies
Embracer Group has announced plans to split into three separate, publicly listed entities, following an epic losing streak.
19h ago
Engadget
The Morning After: House votes in favor of bill that could ban TikTok
The biggest news stories this morning: The best Mario Kart racer, according to science, Apple’s next innovation: The calculator? Engadget Podcast: PlayStation 5 Pro rumors and a look back at the Playdate.
20h ago
Engadget
Proton Mail’s paid users will now get alerts if their info has been posted on the dark web
Proton Mail has introduced Dark Web Monitoring, which will keep them informed of breaches or leaks they may have been affected by. The feature is only available to paying users at this time.
21h ago
Engadget
The best E Ink tablets for 2024
Here's a list of the best E ink tablets you can buy right now, as chosen by Engadget editors.
5 months ago
Engadget
Tinder is making it easier to share date details with family and friends
Tinder is looking to make it easier for users to share details of their dates with loved ones. They can share a link to a page with details about the person they're meeting, along with the time and place of the rendezvous.
1d ago
Engadget
Tesla makes its controversial Full Self-Driving software cheaper by $4,000
Tesla shared on X this weekend that it's reduced the price of its Full Self-Driving software in the US and Canada. It now costs $8,000 in the US (or $11,000 for buyers in Canada) to add Full Self-Driving Capability.
2d ago
Engadget
Biden signs bill to reauthorize FISA warrantless surveillance program for two more years
President Biden this weekend signed into law a bill that reauthorizes Section 702 of the Foreign Intelligence Surveillance Act (FISA), a controversial spying program. It'll now be good for another two years.
2d ago

Great, now there's 'responsible encryption'

What could possibly go wrong?

Latest Stories

Newsletter service Ghost will support the fediverse protocol ActivityPub

Russian court sentences Meta spokesperson in absentia to six years in prison

Mozilla urges WhatsApp to combat misinformation ahead of global elections

Even the indie game El Paso, Elsewhere is getting turned into a movie

Star Wars Jedi: Survivor is coming to Game Pass Ultimate and EA Play on April 25

The EU opens an investigation into TikTok Lite, citing addiction concerns

Meta opens Quest OS to third parties, including ASUS and Lenovo

Tales of the Shire trailer shows what life as a regular Hobbit looks like

What we watched: Bluey’s joyful finales

Some Amazon and Max cartoons may have been partially animated in North Korea

Anker's Soundcore Space A40 wireless earbuds are back down to $49 right now

Grindr sued for allegedly sharing users' HIV status and other info with ad companies

The best college graduation gifts

Embracer Group is splitting up its messy gaming empire into three different companies

The Morning After: House votes in favor of bill that could ban TikTok

Proton Mail’s paid users will now get alerts if their info has been posted on the dark web

The best E Ink tablets for 2024

Tinder is making it easier to share date details with family and friends

Tesla makes its controversial Full Self-Driving software cheaper by $4,000

Biden signs bill to reauthorize FISA warrantless surveillance program for two more years

About

Sections

Contribute

Buying Guides