back to article 'There has never been a right to absolute privacy' – US Deputy AG slams 'warrant-proof' crypto

Continuing the US government's menacing of strong end-to-end encryption, Deputy Attorney General Rod Rosenstein told an audience at the US Naval Academy that encryption isn't protected by the American Constitution. In short, software writers and other nerds: the math behind modern cryptography is trumped by the Fourth …

Silver badge

Re: Backdoors are a smokescreen.

Sadly I have very little confidence in the current political climate - across many jurisdictions - for such powers and the demand for ever greater ones to be rolled back to allow something like this to be an option

You and me both.

3
0
Anonymous Coward

Right to priva...

Sorry, but the argument should start from the right to freedom of speech.

Let's put in the statement that your message is your speech, your expression.

With that the government should not be controlling your right to your speech and expression.

Thus the government should not have the power to stop you from locking or encrypting your speech.

11
0

There has never been a right to absolute privacy'

Really?

Oh okay if that's the case please kindly explain your presidents tax records

18
0

Re: There has never been a right to absolute privacy'

I'd love to see someone get a copy of The Donald's tax returns and place them in an encrypted file openly on the internet. They could then use the same encryption keys for all their own private information knowing that the publication of the keys would give the President yet another Bad Hair day.

5
0

Re: There has never been a right to absolute privacy'

Wile E Coyote says:

"There has never been a right to absolute privacy'

Really?

Oh okay if that's the case please kindly explain your presidents tax records"

Or Barack Obama's college transcripts and publications.

0
7

In any case his comment that "There has never been a right to absolute privacy" is wrong. The Bill of Rights is considered part of the constitution and -

Amendment IX

The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.

Amendment X

The powers not delegated to the United States by the Constitution, nor prohibited by it to the states, are reserved to the states respectively, or to the people.

I guess that fat hairy arsehole can't count beyond two and never read the rest of the constitution.

9
0
Silver badge

Or they simply state standing law prohibits a right to privacy, satisfying those Amendments' conditions.

0
1
Silver badge

"they"

can state what they like and make whatever laws they like but until the Orange One suspends the Supreme Court it won't do them any good.

2
0
Silver badge

Re: "they"

One SCOTUS now favors him. Two, note the Amendments allow the government to forbid things by law. Otherwise, things like tobacco control would be struck down as against those Amendments.

0
0
Silver badge
Boffin

So if someone wants to get legal, technically there is no encryption available today that cannot be broken.

What there is however is strong encryption that makes the breaking sufficiently complex and expensive to make such a breaking impractical.

4
0
Silver badge
Facepalm

technically there is no encryption available today that cannot be broken.

https://en.wikipedia.org/wiki/One-time_pad

3
0
Silver badge

You can still break it by recovering the key, which is normally too complex to commit to memory, meaning there WILL be a trace.

1
3

"You can still break it by recovering the key, which is normally too complex to commit to memory, meaning there WILL be a trace."

As it's a one time pad, once you have used it to encrypt or decrypt the message, you would delete (the segment used) using whatever method will make it unrecoverable, along with the plaintext if necessary.

3
0
Silver badge
Paris Hilton

You can still break it by recovering the key

That isn't breaking it, that's decrypting it. That might sound like semantics, but it's the difference between sneaking into a bank and being invited to meet with the bank manager.

3
0
Silver badge

And if the latter was made under false pretense.

As for stealing the key, you get it BEFORE it gets used. OR you can induce enough panic to make them burn their keys, breaking the communication chain which can be a desirable outcome in itself.

0
0
Silver badge

Sounds like he wants to be able to force people to give up passwords & keys

Not attempt the impossible trick of making secure encryption with a government backdoor.

2
0
Coat

Re: Sounds like he wants to be able to force people to give up passwords & keys

"Sounds like he wants to be able to force people to give up passwords & keys

Not attempt the impossible trick of making secure encryption with a government backdoor."

For the last 18-odd years the government here in Blighty has had the legal means to force the surrender of encryption keys on pain of imprisonment (RIPA 2000). I'm pleased to report this has prevented all terrorism and we live a life of unfettered bliss in these Sceptred Isles, secure under the watchful gaze of Big Brother.

19
0

Encryption and the Fifth Amendement

The deputy AG says that there has never been an absolute right to privacy. This is a firm statement by someone in authority and it needs to be examined in the context of the Fifth Amendment.

The Fifth includes the requirement that “nor shall be compelled in any criminal case to be a witness against himself,”

The contents of an encrypted file could well include information that could lead to prosecution of the witness, either directly or through association with others (known or unknown) through the wide ranging conspiracy laws. The whole nature of secret information is that it is not known to the examiner. Only the holder of that information knows its true nature which is why invoking the Fifth is difficult to challenge. Grand Juries can grant immunity but only under local jurisdiction. What happens if declaring that information makes you a criminal outside the USA. Immunity is limited. Extradition complicates matters. Can a Grand Jury grant immunity for any and all crimes that it won’t know about until the information is exposed. It is a Catch-22.

So what is the difference between the contents of an encrypted file and knowledge in a witness’s head? Imagine if you will that rather than place information in an encrypted file, the witness chose to memorise it. The actors playing Hamlet have to memorise roughly 1500 lines (about 12,000 words) and deliver them in public. That is a lot of information.

I can envisage a slightly humorous scene in a courtroom where the deputy AG is enforcing the handing over of encryption keys. After much objection by the witness and lawyers, the Judge rules that the file must the decrypted on pain of nasty punishment and witness hands over the keys. The file is decrypted and reads “Everything you need to know is in the witness’s head.” I suppose the deputy AG would claim the fifth doesn’t apply any more.

7
0
Silver badge

Re: Encryption and the Fifth Amendement

Memory Theater and other mnemonics tend to rely on sequences to establish relations. It doesn't work so well when the recall is more random in nature.

As for extradition, that's up to the country currently housing the suspect. Generally, it has to be a crime in that country first before they'll even consider extradition. Differences in law provide an angle for political refugeeism.

0
2

what a mahoosive ignorant tool......

"Our society has never had a system where evidence of criminal wrongdoing was totally impervious to detection, especially when officers obtain a court-authorized warrant. But that is the world that technology companies are creating."

A messenger carrying a memorised message concerning criminal activity is not obliged to reveal it, is obliged to be told they can keep their trap shut, and is protected by the constitution against attempts to force them to reveal it.

Being compelled to use crypto that has a government backdoor doesn't gel very well with the actual text in question.. "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated" that's before we note that a government back door is a few bribes threats and hacks away from being a back door that sees more passing trade than a Bangkok brothel....

"There is no constitutional right to sell warrant-proof encryption. "

There's no constitutional right to sell a cheese sandwich or a car either WTF has that got to do with anything...

The technical trend is clear and in the direction of ephemeral session keys that even the user doesn't possess the key for... time to stop being fat and lazy and start doing proper police work again....

3
0
Silver badge

How can the police do their work when hostile sovereignty gets in the way? The Internet makes using hostile sovereignty as a shield much easier.

0
3

Constitutional rights

"There's no constitutional right to sell a cheese sandwich or a car either WTF has that got to do with anything..."

Quite so. The rights are no in selling, rather in owning and/or using.

The solution to this problem is in the second amendment. All some bright spark has to do is find a way of building encryption into a gun and there is no way that the US government would be able to challenge it. The NRA would never have it.

2
0

If...

...you're not already interested in the persons at either end of the encrypted communication, why do you want to decrypt the message? If you are interested, why not capture the message before it's encrypted or after the recipient has decrypted it?

5
0
Silver badge

Re: If...

One end may be outside your jurisdiction and you don't know enough about your end to establish probable cause.

0
3
Silver badge

Re: If...

"One end may be outside your jurisdiction and you don't know enough about your end to establish probable cause."

Not knowing enough about your end to establish probable cause, (meaning you wouldn't get a warrant) is EXACTLY the reason why law enforcement should not have access to the decrypted message

9
0
Silver badge

Re: If...

One end may be outside your jurisdiction and you don't know enough about your end to establish probable cause.

And this, my good man, is known as a fishing expedition. If you think one of those is a good thing - well, you are just wrong.

3
0
Silver badge

Re: If...

It's wrong to get something to eat? It's wrong to try to find out if someone's about to blow up your capital and there's no other way to find it because hostile sovereignty is in the way? Frankly, with attitudes like that, civilization hasn't got a prayer.

0
2
Anonymous Coward

TL;DR all comments, but in science v. "the law" ...

science can't lose.

Even if (snopes alert) the law declares Pi to be "3".

Starting with a OTP, there are several ways to render plaintext unreadable - forever - without the key.

If I were really worried, I would look towards a system which required (say) 9 people to each provide a fragment of a key before the ciphertext can be read.

If each of those people lives in a different jurisdiction (India, China, Australia, EU, Mexico etc) then good luck with that.

Tolkien needs to be read as a metaphor.

3
0
Silver badge

Re: TL;DR all comments, but in science v. "the law" ...

But then they have to get together to actually get things done. Just make it hard for them and they'll be forced to change methods.

As for the one time pad, continual pressure could force them to keep ditching their pads in a panic, breaking communication chains. Remember, keeping them from communicating can be as effective as intercepting them.

0
1
Silver badge
Flame

“evidence ... was totally impervious to detection.”

So we're going to ban fire in case anyone tries to burn evidence.

6
0
Silver badge

Well come on

Why would an honest citizen need matches?

4
0
Bronze badge
Big Brother

Outlawed Encryption and More Creepy Surveillance

This whole thing totally creeps me out.

I only skimmed the comments, but I didn't see anyone discussing what it will mean when people are permitted only to use "approved" encryption. They'll want a way to hunt down anyone using illegal encryption. Wouldn't this require more surveillance? How else will they be able to verify that everyone is complying with the law?

And, you know criminals will just end up finding ways to hide encrypted data; it's just too easy a thing to do. So, what this is really going to do is give them a new law to prosecute on, a law mandating "registration" of backdoor access, and very little else. They aren't going to actually get much in the way of back doors to real criminals. The mathematics aside, they're in fantasy land if they think their efforts will yield any meaningful results without hurting society. And if they do it wrong, the worst case scenario is Cybergeddon--just imagine the wholesale draining of banks and markets crashing left and right.

3
0
Anonymous Coward

Re: Outlawed Encryption and More Creepy Surveillance

Just imagine the glee of the 0.0001% since their wealth isn't in banks but in gold, silver, other intrinsic valuables, and of course land.

0
0

Cryptic :)

∃p : ¬p∧Bp nuff said

0
0
Silver badge
Pirate

There are ways around encryption without magic back doors

Obligatory XKCD here.

2
0
Silver badge

Re: There are ways around encryption without magic back doors

And then there's the obvious counters: the suspect is either a masochist (WANTS to be hit) or a wimp (faints at the sight of it). THEN what?

0
1

Making more criminals

The only thing his laws would do is make more people classified as criminals. Just by having a program that does encryption that does not have a backdoor. You may not even know you have one, but that's no excuse under the law. Like banning all knives over 4", does your kitchen knife count? a hatchet, a chainsaw, wood saw, sheep shears.. To the law - Yes. (the analogy is based on a law of knives you could have in public at one time in some US states.)

4
0

This discussion, and Rosenstein's arguments, should be dead in the water. Here's the thing: It is, technically, possible for anyone, including criminal and terrorist groups, to employ unbreakable encryption. The math and algorithms are out there.

Outlawing unbreakable encryption does not change this fact one bit. Why should a criminal or terrorist care if he breaks one more law?

It stands to reason, therefore, that a demand to backdoored, breakable encryption by law will not achieve its stated goal, namely catching criminals and terrorists, in particular not the smart and therefore most dangerous ones.

QED

5
0
Silver badge

>Warrant-proof encryption defeats the constitutional balance

What 'constitutional balance'? If, in 1783, I burned all my subversive letters, no court could order me to reconstruct them (even if I had perfect memory of what they contained).

There is no 'balance'.

5
0

I'll agree to this as soon as the government agrees to only use backdoored encryption also and gives we the people the keys so we can see what the elected and unelected ruling classes are doing

If they aren't doing anything wrong, they shouldn't have any reason to hide it.

5
0

All I can say, he is cockwomble !

2
0
Anonymous Coward

Second Amendment

It's comments like this that almost make me wish that Crypto was still classified as a weapon. Break out the 2nd amendment at them and see thire heads explode.

0
0
Silver badge

Re: Second Amendment

Well, it's still classified as a "dual use technology", see the Wassenaar Arrangement:

http://www.wassenaar.org/wp-content/uploads/2016/12/List-of-Dual-Use-Goods-and-Technologies-and-Munitions-List-Corr.pdf

page 86.

Your local laws may or may not be based on this, Hong Kong's (https://www.stc.tid.gov.hk/english/checkprod/cat5A002.htm) follows the wording so closely that I'm surprised it isn't a copyright violation.

1
0

They never can get enough

I _might_ be inclined to believe the government when they said that they needed complete access to all communications to prevent or punish terrorism, if only the creeps making those claims hadn't already demonstrated that EVERY police power that they claim will prevent terrorism is immediately used for petty crimes like tax non-compliance or divorce or child custody disagreements. EVERY tool that the police obtain will be used in EVERY case in which it might be useful.

Cops demand the use of "Stingray" cell site simulators to catch terrorists - and then use them to find low-level drug dealers and cigarette smugglers.

No! Police, you have abused EVERY tool that you've ever been given. NO MORE!

6
0

Who's warrant?

As I understand the AAG's position, he wants to be able to serve a warrant on a third party (the hardware/software company) to get access to information. Right now, there is a mechanism to compel defendants to comply with a warrant (contempt of court). But it isn't 100% effective, and trying individual cases is time consuming. Why serve individuals when you can serve tech companies and get lots of cases resolved at once? It also eliminates that pesky problem of individuals challenging the warrant instead of putting a gag order on the warrant so the subject never knows until they are hauled into court.

We have never required safe manufacturers to create a master key for law enforcement. Why should electronic devices be different?

4
0
Silver badge

The law recognizes that legitimate law enforcement needs can outweigh personal privacy concerns.

Key word: legitimate. I absolutely agree that law enforcement should be able to gather evidence of crimes, especially in a system that places the burden of proof on them. The problem is that they've not limited their searches to areas where they have a reasonable expectation of finding such evidence. They have, in short, repeatedly and wantonly committed the very act that the Fourth is intended to protect us from.

Here in the US we have the reality of cops making the owner of a car stand out in the cold for hours waiting for their car to be searched simply because they're teens. And should the teen be aware of their rights and try to prevent it they'll bring over a drug dog and have it jump on the car on cue to give them probable cause. We live in a world where data on your laptop can be searched simply because you carried it through an airport with no reason to suspect you've committed any crime. We live in a world where every single email we send or phone call we make is probably being monitored by bots to flag suspicious ones.

He's right that we don't have an absolute right to privacy. Law enforcement has always been able to get warrants to search whatever they need to if they can give a good reason. But we do have a reasonable right to privacy, and warrant-proof encryption has become the only way we can enforce it in a world where law enforcement has developed a habit of skipping the warrant.

3
0
Silver badge

"They have, in short, repeatedly and wantonly committed the very act that the Fourth is intended to protect us from."

It's simple. If you're under perpetual existential threat (and can prove it, too, with things like 9/11) then it's very easy to claim anything is reasonable if your country won't exist tomorrow otherwise.

0
4
Silver badge

It's simple. If you're under perpetual existential threat (and can prove it, too, with things like 9/11) then it's very easy to claim anything is reasonable if your country won't exist tomorrow otherwise.

Wow. Your argument is a relatively minor1 event 16 years ago?

1 Relatively minor : IIRC there was something like 3 million people airborne around the world during the time of the alleged 'terror attacks"2, many more travelling in various other means. Hell, probably more people died in traffic accidents around the world at that time, and probably more women died in childbirth that year than from terrorist attacks world-wide (not counting US etc invasions as terrorism, though they probably are at least that).

2 Lots stinks about it OK?, esp WT collapses and esp WT7. I'm not convinced either way.

2
0
Silver badge

I'm speaking from THEIR end, and consider it a dry run. Think instead an atomic bomb detonated 20 miles over South Dakota.

0
1
Anonymous Coward

Law: Where did you bury the body?

Suspect: I know nothing about what you are asking.

Law: We know you did it, take us to the body.

Suspect: Get a warrant and have fun.

Law: We are not going to spend our pension money digging up your property. Tell us where the body is.

Suspect: I know nothing about what you are asking.

Backdoor encryption gives an unfair advantage. I think the law needs to dig their own holes.

4
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018