' Justice Department may more aggressively seek encrypted data from tech companies - Sari Horwitz

Friday

October 20th, 2017

Justice

Justice Department may more aggressively seek encrypted data from tech companies

Sari Horwitz

By Sari Horwitz The Washington Post

Published October 11, 2017

Justice Department may more aggressively seek encrypted data from tech companies

Deputy Attorney General Rod Rosenstein indicated Tuesday that the Justice Department may be more aggressive in trying to secure access to encrypted information from technology companies during criminal and terrorism investigations.

In a speech in Annapolis, Maryland, Rosenstein, the second-highest-ranking official in the Justice Department, acknowledged the balancing act between privacy and public safety but said the needs of law enforcement can outweigh personal privacy when crimes need to be prevented and solved.

"Warrant-proof encryption is a serious problem," Rosenstein said in his speech at a conference at the U.S. Naval Academy. "The public bears the cost. When investigations of violent criminal organizations come to a halt because we cannot access a phone, even with a court order, lives may be lost. When child molesters can operate anonymously over the Internet, children may be exploited. When terrorists can communicate covertly without fear of detention, chaos may follow."

Rosenstein did not offer policy proposals or specific steps Justice Department officials will take to combat what law enforcement refers to as "going dark." But he strongly criticized technology companies and said the government's efforts to engage with them has not been successful.

"Technology companies almost certainly will not develop responsible encryption if left to their own devices," Rosenstein said. "They are in the business of selling products and making money. . . . We are in the business of preventing crime and saving lives."


Ari Schwartz, a former senior director for cybersecurity in the Obama White House, said that while there are "a few instances" in which technology companies do not help the government, "there are plenty of cases" in which they do.

"I'm not seeing how this gets us closer to having the real discussion about solutions in this space," said Schwartz, managing director of cybersecurity services at the Venable law firm. "The government feels as though tech companies have to find a solution for them, and the tech companies feel as though the government just doesn't understand how they're putting the larger security at risk here."

Rosenstein highlighted the February 2016 case in San Bernardino, California, when the FBI obtained the iPhone used by a terrorist who shot and killed 14 people and injured 22 others. The data on the iPhone was encrypted, and the government sought Apple's assistance to find out whether there was evidence of other attack plans.

"Apple rejected the government's request, although it had the technical capability to help," Rosenstein said.

An Apple spokesman declined to comment on Rosenstein's remarks.

The Obama administration went to court to obtain an order requiring Apple to help, and Apple said it would appeal the order. The FBI was eventually able to access the data on the phone without Apple's assistance, by enlisting the help of professional hackers.

"But the problem persists," Rosenstein said. "Today, thousands of seized devices sit in storage, impervious to search warrants. Over the past year, the FBI was unable to access about 7,500 mobile devices submitted to its computer analysis and response team, even though there was legal authority to do so."

Rosenstein said that while technology companies do not cooperate with Justice Department officials, they operate in foreign countries that censor and suppress information, citing incidents that involved Facebook and Amazon.com. (Amazon founder and chief executive Jeff Bezos owns The Washington Post.)

"American technology providers sell products and services in foreign markets where the governments have questionable human rights records and enforce laws affording them access to customer data, without American due process or legal protections," Rosenstein said. "Surely those same companies and their engineers could help American law enforcement officers enforce court orders issued by American judges, pursuant to American rule-of-law principles."

Columnists

Toons

Lifestyles