Deputy AG Rosenstein Says Companies Should Develop 'Responsible Encryption'
Companies should develop effective, secure and "responsible" encryption, which means giving law enforcement access to such data on consumer devices, said Deputy Attorney General Rod Rosenstein in prepared remarks Tuesday at the U.S. Naval Academy. He said engaging with major…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
U.S. tech companies hasn't worked, but those companies have accommodated foreign governments. "Responsible encryption can protect privacy and promote security without forfeiting access for legitimate law enforcement needs supported by judicial approval," said Rosenstein, adding the companies won't develop it if left up to themselves. He previously has spoken about encryption (see 1706160029), including a Wednesday speech about the problem of "warrant-proof encryption," at the Cambridge Cyber Summit in Boston. At the Naval Academy, he again warned about "growing dark," a term often used by then-FBI Director James Comey to describe law enforcement's inability to access encrypted data needed during criminal investigations (see 1705030055, 1608150061 and 1603040023). The deputy AG said responsible encryption is "achievable ... examples include central management of security keys and operating system updates; the scanning of content, like your emails, for advertising purposes; the simulcast of messages to multiple destinations at once; and key recovery when a user forgets the password to decrypt a laptop." Those functions aren't referred to as a back door, but often marketed and sought by many users, he said. The proposal that providers retain an ability to ensure that "evidence of crime can be accessed when appropriate," isn't unprecedented, he said, and every company doesn't have to implement the same technology, whether it's a chip, algorithm or key management technique or escrow. Rosenstein said there's "no constitutional right to sell warrant-proof encryption."