DOJ Vows to Continue Using Courts to Compel Tech Companies to Defeat Encryption

iSpyRemember that thing where the FBI and the U.S. Department of Justice said (repeatedly) that the effort to force Apple to create a backdoor into iOS was only about "one phone?" The DOJ put that fairy tale to bed Tuesday, telling Ars Technica that it would continue to (try to) use the court system to coerce cooperation from tech companies to access encrypted information.

"It remains a priority for the government to ensure that law enforcement can obtain crucial digital information to protect national security and public safety, either with cooperation from relevant parties, or through the court system when cooperation fails," Melanie Newman, a Justice Department spokesman, told the publication. "We will continue to pursue all available options for this mission, including seeking the cooperation of manufacturers and relying upon the creativity of both the public and private sectors."

All of which means that the DOJ, at least, remains committed to weakening our defense against malicious actors around the world, including hackers, criminals, terrorists, and foreign agents. The Justice Department's line all along is that it must have legal access to encrypted communications—ignoring the technical reality that it cannot have that access without said access being available to others—and the aborted fight to force Apple to create code doesn't represent an end to the broader fight.

I noted yesterday that the FBI was likely to attempt to gain a successful precedent against a softer opponent than Apple, a company with essentially unlimited resources, before coming after Apple again. This is a concept others are considering, as well, including The App Association. Morgan Reed, executive director, said:

While the DOJ consistently claimed its motion was directed at one company and one phone, the fine print reveals it believes it can coerce any company to disable its security to provide government access. This applies to any company that makes products with software. App makers and IOT device makers can be forced to undermine the security that customers demand. These companies don't possess Apple’s legal resources and are targets for a government agency desperate for precedent that allows for universal access to connected devices.

What's so insanely stupid about this situation is that we've had this fight before (the so-called Crypto Wars of the 1990s), and the lessons from that fight were accepted even by U.S. intelligence services. As former NSA and CIA Director General James Hayden said, on balance, the benefits of a strong and secure America outweigh the difficulties encryption imposes on law enforcement.

But here we are again with our nation's own Justice Department vowing to use the court system to make us less secure. The flip side of that coin is that the FBI and the DOJ have yet to secure a successful precedent, making it anything other than a slam dunk they can do so absent bad legislation.

The victory the FBI won against Apple didn't complete the long appeals process, making it far harder for the government to cite it as any kind of precedent. It's also counterbalanced by a competing ruling in an unrelated case that ruled the government can't compel Apple's help with the laws available.

But The App Association's concern is salient; a smaller company will be a much software target. I never personally never had any doubt that the FBI and DOJ were more interested in establishing a precedent with Apple than they were in the contents of Syed Farook's iPhone. Today's statement from the DOJ does nothing to ameliorate that belief.