Right On Cue, DOJ Says Encryption ‘Surely Costs Lives’

The Spying Eye Waiting in Every Device

I called this on Tuesday, and right on cue, the Trump Department of Justice is claiming that strong encryption “surely costs lives.” The comment comes in the wake of a shooting massacre in Texas, where the FBI has the dead shooter’s smartphone, but can’t get into it. It also renews the war on encryption that began with the Obama administration in the wake of the San Bernardino terrorist attack of 2015.

“As a matter of fact, no reasonable person questions our right to access the phone,” Mr. Rosenstein told The Washington Examiner. “But the company that built it claims that it purposely designed the operating system so that the company cannot open the phone even with an order from a federal judge.”

The newspaper said that Mr. Rosenstein “lamentingly” said he hoped the FBI could “eventually” access the shooter’s smartphone.”

He added, “When you shoot dozens of innocent American citizens, we want law enforcement to investigate your communications and stored data. There are things that we need to know.”

This Is Not a Fight Between Privacy and Safety

On Monday, I called this a false dichotomy between privacy and safety. Mr. Rosenstein is correct that no one questions the FBI’s right to access this device with a valid warrant. He leaves that Apple’s encryption technology is the only way to keep the world’s bad guys out of our phones.

Backdoors made for one are available to all. As I wrote on Tuesday, this is not open to debate. There is no lack of certainty on the topic. There is no middle ground.

I wish I had been wrong with this prediction that the Texas shooting massacre would renew the attack on encryption. Unfortunately, here we are again with law enforcement looking for a solution that would leave every American substantially more vulnerable to attacks by criminals and state-sponsored malicious actors.

Mistakes Were Made

Worse, there are two absurd mistakes on the FBI’s part. The first, as reported by Reuters, the FBI didn’t ask for Apple’s help in the 48-hour window in which applying the dead shooter’s finger to Touch ID would have opened the device. The second, as reported by Buzzfeed‘s John Paczkowski, is that Apple offered its help immediately after the horrific massacre.

Had the FBI asked its own geeks or talked to Apple, the company could have told them that they had the keys to unlock the device (unless it had been rebooted since its last unlock). That puts this particular situation on the backs of the FBI, not Apple (or Google, had it been an Android device).

It should be noted, though, that even had the FBI gotten into this creep’s iPhone, it wouldn’t have ended this “debate.” Until the FBI and the DOJ listen to our own intelligence agencies on the subject of encryption, they’ll present this false dichotomy every time they get a high profile locked device.

After arguing that encryption “surely costs lives,” Mr. Rosenstein said this, “is a very high price to pay. We need to find a solution.”

Encryption Is Necessary for 21st Century Public Safety

But there is no solution. Encryption is binary. We are either protected from the bad guys—while also (unfortunately) locking out the good guys, too—or we are not.

Resist this false dichotomy. Politely push back when you see it, be it against a politician, a reporter, or an anchor. And note that this is not a partisan issue. It’s not a political issue. It’s an issue of public safety.

18 thoughts on “Right On Cue, DOJ Says Encryption ‘Surely Costs Lives’

  • While I kind of agree with your conclusions, semantically, I would point out that this is a real dichotomy. You can choose privacy and security, or law-enforcement acccess. Those are two paths: a dichotomy. To say that it is a false dichotomy suggests that you can have both and don’t need to choose.

    1. It’s a false dichotomy because choosing or allowing backdoors for law enforcement in the name of safety makes us tremendously less safe by exposing us to the bad guys.

  • Everyone here has made sensible arguments, so I want to add a different angle.

    I might be okay with with a government having access to my data if I could trust that government’s intentions or competence with the data.

    Watch the opening scene from “Brazil.” It points out one more glaring and obvious problem: Mistakes happen. Especially if humans are involved. When people say, “I have nothing to hide,” that may be true. That doesn’t mean someone can’t screw something up on the other end.

  • Guys, guys. Your arguments are logical, intelligent, and well thought out. Sessions and Trump’s DOJ engages in no such analysis. They utilize a strictly political application wherein their allies are defended (gun lobby) and their enemies (silicon valley) are blamed and attacked for the actions arguably assisted by their allies. Their playbook is accuse your opponents of the violations you are yourself committing. You can’t rationally debate such individuals.

  • This person was able to legally buy guns due to the failure of our government to simply post the appropriate information in its’ databases. People died because of this negligence. I have never owned a gun and have no plans to ever buy one. But this needless death is attributable to weak gun laws. Of what use are stricter gun laws when the ones in place now are not diligently enforced.

    There is no excuse for this screw up on the part of a government charged with protecting us. So we get into debates about backdoors and gun laws while people are killed attending a church service. Where is the outrage over this failure to post? Someone should lose their job for gross negligence.

  • Wait a moment – how does ease access to the shooter’s phone post-shooting change anything of significance?

    In this case, all the evidence suggests the guy was a mentally disturbed individual, and he left quite a lot of his thought processes on Facebook.

    There might be a stronger case for access given a terrorist shooting (as in the previous time this came up), but that only holds if there’s a reasonable expectation that the phone contains links (not obtainable by other mechanisms) to terrorist handlers that can be traced to other individuals.

    The only other way I can see the argument for access working is if law enforcement is intending to proactively data mine phones looking for upcoming activity. But that’s a whole different issue.

    From the outside, it looks to me like the FBI is asking for something that doesn’t actually correlate with their stated goals.

  • Bryan:

    Let me append and addendum to my post above for clarification.

    My observation and argument is that the questions around data security, specifically the right of private citizens in free and open societies, to use encryption in commerce and recreation, and to secure their own data on a personal device to which only they have access, is a debate that cannot be resolved in the abstract, but rather in context; and that context is the definition of that free society itself, and a consensus around its limitations and allowances. These are matters of opinion and perspective, not fact. Different societies have in the past, and may in the present, resolve those matters differently.

    The technological limitations of device security and encryption are not matters of opinion, but fact. These are limitations of mathematics and physics. They are not altered by opinion.

    Given those limitations, when we raise the spectre of ‘privacy vs security’ around encrypted data on a device, what we are arguing over is ultimately about the tension between individual vs societal freedom and security – a debate that is in continual flux and change as open societies evolve and one that will always have to be revisited by any open society as new technologies or behaviours alter and threaten that balance.

  • I think we are at the stage to call this encryption argument for what it is.
    The state wouldn’t allow back doors to their data, not for one second. Yet the public are supposed to allow this. This smacks of a two tier system were the states data is more important than yours. You instantly become a second class citizen. Big brother comes closer.

  • Bryan:

    You are correct, this is a false dichotomy. While we may not be able to truly expect our elected officials or non-tech public figures to necessarily understand how encryption works, or to resist conflating data storage on server farms with data stored only on one’s personal device, it strains credulity that professionals in intelligence and law enforcement, leadership aside, would be equally confused and ill-informed.

    There are two distinct issues that are often commingled if not conflated; 1) encrypted data and the capacity to de-encrypt and 2) data stored on a secure personal device, encrypted or otherwise. That Apple offers a product that does both, stores data on a secure device and encrypts those data, not to mention employee end to end encrypted transmitted data, mingles these two issues in the same discussion.

    What I generally do not hear in these public discussions (not talking about TMO and a few other tech sites) is an open discussion about whether governments and law enforcement believe in or uphold the right of private citizens to:

    use state of the art data encryption, which tacitly means there is no back door, because if there is a backdoor to anyone, there is a backdoor for everyone and the encryption is non-existent;
    store their data only on their secure devices, which are secured with a wipe-out failsafe against unwanted intrusion.

    Political leaders, law enforcement and even intelligence agencies need to have an open discussion not simply with the tech community, but with the voting, tax-paying consumer public that support all of these to whom, ultimately in free societies, all of these are answerable.

    Neither of those two questions are the real one under debate; the definition and limitations of a free society are.

    One way to bring this to a head, and draw into the open the true question under scrutiny, would be for the tech community to offer the only solution to both problems, if the answer to both of the above questions is negative; stop encryption and disable device security.

    The ramifications of that offer (or threat) would be catastrophic across every social, economic and political sphere, and might well precipitate a more urgent, focussed, reasonable and most importantly, evidence-based discussion and ultimately consensus on the acceptable limits of a free society, because that is the real issue. Encryption and device security are but two current challenges that bring that issue to the surface.

  • Yet they do nothing on gun control that would eliminate the need to have to unlock a phone in the first place. The government is responsible for the deaths, not encryption. Encryption protects people from ID theft and more. No backdoors can exist because it would defeat the purpose of encryption. We need it and there can be no backdoors ever.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.