U.S. Deputy Attorney General Rod Rosenstein voiced a forceful argument on Thursday for tech device and service makers to build into their products the means for law enforcement to legally access decrypted content, but offered little that was new in the way of solutions to the problem which the Federal government has complained about for years.
Speaking at a cybersecurity event organized by Georgetown University Law Center, Rosenstein discussed law enforcement’s difficulty in many cases–and inability in some–to get access to decrypted communications content in the pursuit of criminals and terrorists.
Along the way, he called out profit motives of communications services providers and device makers.
“Companies are in the business of generating profits,” he said, adding, “I do not blame them for failing to consider law enforcement and public safety concerns.” He continued, “But when you hear corporate leaders complain about law enforcement demands, it is important to understand that what is good for a technology company in terms of bottom-lie profits is not necessarily good for America. Their interests are not always aligned with yours.”
And he hammered on service providers who he asserted don’t try hard enough to help with law enforcement requests for information.
“Economic competitiveness in global markets is not informed by general concerns about public good,” Rosenstein said. He added, “Furthermore, some communications providers chronically understaff their offices that respond to legal process from law enforcement. In some cases, the lack of personnel causes lengthy delays in producing evidence, even when production is ordered by a court.”
But in the end, he offered no more than a hope that service providers and device makers by repeating the government’s call–voiced may times in recent years–for to develop “responsible encryption” that would allow law enforcement access to decrypted communications.
“We encourage technology companies to develop ‘responsible encryption’ – effective, secure encryption that resists criminal intrusion but allows lawful access with judicial authorization,” he said.
“As an analogy, we require buildings to disable elevators in the event of a fire, but we also expect them to retain the capacity for firemen to use them in an emergency,” he said. “Whatever structures we build, whether physical or virtual, someone always should have the ability to access it in an emergency, but the key does not need to be held by a single entity, and it does not need to be held by the government.”
“There is nothing virtuous about refusing to help develop responsible encryption, or in shaming people who understand the dangers of creating any spaces–whether real-world or virtual–where people are free to victimize others without fear of getting caught or punished,” he said.
And he encouraged “security researchers, technology companies, academics, information security professionals, and others in the private sector to keep searching for constructive solutions that will enable us to harness the wonder of new advances without descending into technological anarchy.”