DOJ’s Rosenstein is set to jump back down the rabbit hole of opposing encryption in your smartphone
The deputy AG set out earlier this month to revive the former FBI director’s efforts to limit encryption and other digital security technologies. In doing so, Rosenstein drew upon nearly a quarter century of the FBI’s anti-encryption tradition. But it’s a bad tradition.
Like many career prosecutors, Rosenstein is pretty sure he’s more committed to upholding the U.S. Constitution and the rule of law than most of the rest of us are. This was the thrust of his Oct. 10 remarks on encryption, delivered to an audience of midshipmen at the U.S. Naval Academy.
The most troubling aspect of Rosenstein’s speech was his insistence that, while the government’s purposes in defeating encryption are inherently noble, the motives of companies that provide routine encryption and other digital-security tools (the way Apple, Google and other successful companies now do) are inherently selfish and greedy.
At the same time, Rosenstein characterized those who disagree with him on encryption policy as a matter of principle—based on decades of grappling with the public-policy implications of using strong encryption versus weak encryption, or no encryption—are “advocates of absolute privacy.” (We all know that absolutism isn’t good, right?)
Rosenstein implied in his address that federal prosecutors are devoted to the U.S. Constitution in the same way that Naval Academy students are:
Each Midshipman swears to ‘support and defend the Constitution of the United States against all enemies, foreign and domestic.’ Our federal prosecutors take the same oath.
Of course, he elides the fact that many whose views on encryption differ from his views—including yours truly, as a lawyer licensed in three jurisdictions—have also sworn, multiple times, to uphold the U.S. Constitution. What’s more, many of the constitutional rights we now regard as sacrosanct, like the Fifth Amendment privilege against self-incrimination, were only vindicated over time under our rule of law—frequently in the face of overreaching by law-enforcement personnel and federal prosecutors, all of whom also swore to uphold the Constitution.
The differing sides of the encryption policy debate can’t be reduced to those who support or oppose the rule of law and the Constitution. Rosenstein chooses to characterize the debate this way because, as someone whose generally admirable career has been entirely within government, and almost entirely within the U.S. Justice Department, he has simply never attempted to put himself in the position of those with whom he disagrees.
As I’ve noted, Rosenstein’s remarks draw on a long tradition. U.S. intelligence agencies, together with the DOJ and the FBI, long have resorted reflexively to characterizing their opponents in the encryption debate as fundamentally mercenary (if they’re companies) or fundamentally unrealistic (if they’re privacy advocates). In Steven Levy’s 2001 book Crypto, which documented the encryption policy debates of the 1980s and 1990s, he details how the FBI framed the question for the Clinton administration:
What if your child is kidnapped and the evidence necessary to find and rescue your child is unrecoverable because of ‘warrant-proof’ encryption?
The Clinton administration’s answer—deriving directly from George H.W. Bush-era intelligence initiatives—was to try to create a government standard built around a special combination of encryption hardware and software, labeled “the Clipper Chip” in policy shorthand. If the U.S. government endorsed a high-quality digital-security technology that also was guaranteed not to be “warrant-proof”—that allowed special access to government agents with a warrant—the administration asserted this would provide the appropriate “balance” between privacy guarantees and the rule of law. But as Levy documented, the government’s approach in the 1990s raised just as many questions then as Rosenstein’s speech raises now:
If a crypto solution was not global, it would be useless. If buyers abroad did not trust U.S. products with the [Clipper Chip] scheme, they would eschew those products and buy instead from manufacturers in Switzerland, Germany, or even Russia.
The United States’ commitment to rule of law also raised questions about how much our legal system should commit itself to enabling foreign governments to demand access to private communications and other data. As Levy asked at the time:
Should the United States allow access to stored keys to free-speech–challenged nations like Singapore, or China? And would France, Egypt, Japan, and other countries be happy to let their citizens use products that allowed spooks in the United States to decipher conversations but not their own law enforcement and intelligence agencies?
Rosenstein attempts to paint over this problem by pointing out that American-based technology companies have cooperated in some respects with other countries’ government demands—typically over issues like copyright infringement or child pornography, rather than digital-security technologies like encryption. “Surely those same companies and their engineers could help American law enforcement officers enforce court orders issued by American judges, pursuant to American rule of law principles,” he says.
Sure, American companies, like companies everywhere, have complied as required with government demands designed to block content deemed in illegal in the countries where they operate. But demanding these companies meet content restrictions—which itself, at times, also raises international rule-of-law issues—is a wholly separate question from requiring companies to enable law-enforcement everywhere to obtain whatever information they want regarding whatever you do on your phone or on the internet.
This is particularly concerning when it comes to foreign governments’ demands for private content and personal information, which might include providing private information about dissidents in unfree or “partly free” countries whose citizens must grapple with oppressive regimes.
It is simply not true that technology companies are just concerned about money. In fact, it’s cheaper to exclude digital-security measures than to invent and install new ones (such as Apple’s 3D-face-recognition technology set to be deployed in its new iPhone X). Companies do this not just to achieve a better bottom line but also to earn the trust of citizens. That’s why Apple resists pressure, both from foreign governments and from the U.S. government, to develop tools that governments (and criminals) could use to turn my iPhone against me.
This matters even more in 2017, and beyond. No matter how narrowly a warrant or wiretap order is written, access to my phone and other digital devices is access to more or less everything in my life. The same is true for most other Americans these days.
Rosenstein is certainly correct to say “there is no constitutional right to sell warrant-proof encryption”—but there absolutely is a constitutional right to write computer software that encrypts my private information so strongly that government can’t decrypt it easily (or at all). Writing software is generally understood to be presumptively protected expression under the First Amendment. And, of course, one needn’t sell it—many developers of encryption tools have given them away for free.
What’s more, our government’s prerogative to seek information pursuant to a court-issued order or warrant has never been understood to amount to a “constitutional right that every court order or search warrant be successful.” It’s common in our law-enforcement culture—of which Rosenstein is unquestionably a part and a partisan—to invert the meaning of the Constitution’s limits on what our government can do, so that that law-enforcement procedures under the Fourth and Fifth Amendments are interpreted as a right to investigatory success.
We’ve known this aspect of the encryption debate for a long time, and you don’t have to be a technologist to understand the principle involved. Levy quotes Jerry Berman, then of the Electronic Frontier Foundation and later the founder of the Center for Democracy and Technology, on the issue: “The idea that government holds the keys to all our locks, even before anyone has been accused of committing a crime, doesn’t parse with the public.”
As Berman bluntly sums it up, “It’s not America.”
Image by Victor Moussa