In a press conference, Deputy Attorney General Rod Rosenstein stated that the “absolutist position” that strong encryption should be, by definition, unbreakable is “unreasonable.”
The DOJ is lying about three things:
The US government works against the security of businesses. Just this week, I had to tell Apple that my iPhone app did not have certain kinds of encryption that the U.S. government has export control on. Encryption export controls cripple the security and innovation of software products made by American businesses.
Furthermore, the U.S. government hoards software exploits so it can hack into your computer rather than publish them that so companies can patch their products. The NSA intentionally sneaks weaknesses into protocols and bribes businesses to add holes to security products so it can steal the data of their customers.
The only “cybersecurity” that the government cares about is its ability to conduct surveillance and attacks on political targets. When businesses want to improve the security of their products, they offer rewards for exploits—Microsoft pays up to $250,000 per exploit, Facebook has paid $40,000, and so on. The NSA purchases millions of dollars of exploits from hackers and uses them to spy on the entire world, including U.S. citizens. Unfortunately, the NSA is incompetent at keeping secrets, so it lost their exploit database and caused millions of computers to be infected and hijacked with the exploits they hoarded.
The hardware and software pieces of both the Internet and individual users' computers are made by private companies. There is nothing the U.S. government can do to improve “cybersecurity” other than prosecuting criminal behavior. However, the U.S. government prosecutes a minuscule proportion of cybercrime. Whether it is unable or unwilling to punish criminals, the reality is that the only “cybersecurity” that the government cares about is its ability to conduct surveillance and attacks on foreign and domestic political targets.
The idea that “strong security” is compatible with a government backdoor is a lie. Any security expert can tell you that a backdoor leaves your product vulnerable, even if you trust the government agency with the key. Previous backdoors advocated by the US government have been blown wide open by security experts. There is near-universal agreement among security experts that government backdoors and security are not compatible—a reality that the DOJ continues to ignore.
It is not true that the government wants to weaken American’s security to protect against crime or terrorism. Their real motivation has always been power and money: they want to monitor the flow of information in order to prevent people from hiding their wealth and use their secret keys and vulnerability stash to intimidate and blackmail other countries into compliance with U.S. policies. This is why the U.S. intelligence budget of over $75 billion did not prevent most Americans' personal details from being leaked, but U.S. citizens who do not report foreign bank accounts (under FATCA) can be fined $250,000 or 5 years in jail even if they have never stepped foot in the USA.
Reprinted from The Ungoverned