The Justice Department wants to add a feature to your smartphone shopping list: “responsible encryption.”
In an Oct. 10 speech at the U.S. Naval Academy in Annapolis, Maryland., Deputy Attorney General Rod Rosenstein made a case to step back from what the tech industry generally sees as an advance in security: “warrant-proof” encryption on devices that even court-authorized investigators can’t unlock.
Instead, he urged tech firms to adopt “responsible encryption”—as in, the kind “that allows access only with judicial authorization.”
As examples, Rosenstein pointed to “the central management of security keys and operating system updates” and “key recovery when a user forgets the password to decrypt a laptop.”
But granting that seemingly innocuous request could start to carve giant holes into your phone’s security.
That leaves one last option, one the FBI tried in the San Bernardino iPhone case: Compel Apple or Google to push a software update to a phone to disable its security.
That remains a possibility and has to — somebody must control software updates for them to be secure at all. Government exploitation of that single point of failure worries security experts too.
“Just one instance like that would essentially ruin all the educational efforts folks like me engage in to improve domestic cybersecurity,” said Joseph Lorenzo Hall, chief technologist with the Center for Democracy & Technology. Some people would then distrust bug-fix updates — and, by declining them, get stuck with less-secure devices.