Fine, OK, no backdoors, says Deputy AG. Just keep PLAINTEXT copies of everyone's messages

Sure, that won’t go wrong at all

By Iain Thomson in San Francisco

Posted in Security, 30th October 2017 20:52 GMT

The US Deputy Attorney General has told business leaders that Uncle Sam won't demand mandatory backdoors in encryption – so long as companies can cough up an unencrypted copy of every message, call, photo or other form of communications they handle.

Speaking at the 2017 North American International Cyber Summit in Detroit on Monday, Deputy Attorney General Rod Rosenstein appeared to shift tack on his earlier position that end-to-end encryption systems, such as instant messengers and video call apps, should grant special access exclusively to crime investigators on demand.

Tech giants are resisting weakening their strong end-to-end and filesystem crypto just to help cops and Feds arbitrarily decipher suspects' messages and files on devices. So, Rosenstein has another approach: let people send stuff encrypted as normal, but a plaintext copy of everything – from communications to files on devices – must be retained in an unencrypted form for investigators to delve into as needed.

"Encryption serves a valuable purpose. It is a foundational element of data security and essential to safeguarding data against cyber-attacks. It is critical to the growth and flourishing of the digital economy, and we support it. I support strong and responsible encryption," he said.

"I simply maintain that companies should retain the capability to provide the government unencrypted copies of communications and data stored on devices, when a court orders them to do so."

Despite the fact that doing this would be a massive money and time suck, in terms of storage capacity and processing, it also kind of takes the point out of using encrypted conversations for privacy. It also means that any hacker who breaks into these archives would have access to the crown jewels of personal and corporate secrets.

'There has never been a right to absolute privacy' – US Deputy AG slams 'warrant-proof' crypto

READ MORE

Mind you, that would surely never happen. We never come across stories about servers getting hacked, and certainly the government is immune from such incidents, especially where they involve staffers' fingerprints and security clearances.

Rosenstein prefaced his suggestions with dire warnings about the effects of online crime. Since January 1 last year, there has been an average of 4,000 ransomware "attacks" a day, up 300 per cent on the previous year, he claimed, and said the FBI warned him ransomware infects more than 100,000 computers a day around the world.

In other scary news, Rosenstein warned that botnets – commandeered internet-of-things devices – could end up crashing large chunks of the internet. Speaking of crashing, he also warned that hackers could launch devastating attacks against autonomous cars that could leave passengers injured or killed.

He said that some CEOs had told him that they were reluctant to report hacking attacks to the authorities. Rosenstein said he understood those concerns but that it was vital for businesses to get in touch so that the perpetrators could be stopped from using the same attacks against others.

"Many cyberattacks are directed by foreign governments. When you are up against the military or intelligence services of a foreign nation-state, you should have our federal government in your corner," he said.

"By alerting law enforcement about a cyber incident, your organization performs a public service; it helps strengthen the cyber defenses of others. When law enforcement understands the details of an attack, we can promptly work on trying to apprehend the perpetrator, potentially before the next attack." ®

Sign up to our NewsletterGet IT in your inbox daily

99 Comments

More from The Register

Crypto-gurus: Which idiots told the FBI that Feds-only backdoors in encryption are possible?

Brilliant boffins back bullsh*tting bureau bollocking

Ignore that FBI. We're the real FBI, says the FBI that's totally the FBI

Don't open that malware mail from the Feds that's not from the Feds, Feds warn

Scammers become the scammed: Ransomware payments diverted with Tor proxy trickery

Of course this does nothing for victims' encrypted files

Trump's FBI boss, Attorney General picks reckon your encryption's getting backdoored

This isn't going to end well

Tor Project works on anti-FBI defenses amid iOS row with Apple

Vows never to add backdoors, improve tamper detection, remove single points of failure

FBI says it can't unlock 8,000 encrypted devices, demands backdoors for America's 'public safety'

Where there's a will, there's a Wray

FBI declines to comment on WhatsApp encryption

Judge orders FBI to reveal whether White House launched 'Tor pedo' torpedo exploits

Alleged Playpen perverts win a concession

Phone crypto shut FBI out of 7,000 devices, complains chief g-man

But he gets it, there's a balance to be struck, yada yada

I'll torpedo Tor weirdos, US AG storms: Feds have 'already infiltrated' darknet drug souks

Sessions sets up task force for dopes' dope dope crack down