In a speech delivered at the United States Naval Academy on October 10, Deputy Attorney General Rod Rosenstein waded into the public debate between data privacy and law enforcement interests. As part of a discussion moderated by former Covington cybersecurity attorney Jeff Kosseff, Rosenstein’s remarks discussed cyber issues facing law enforcement with a particular focus on the advent of “warrant-proof” encryption. In his view, warrant-proof encrypted data and devices are unable to be intercepted or unlocked by law enforcement, even with a court order.
Noting that “[p]rivate sector entities are crucial partners” in the fight against cyber threats, Rosenstein expressed concerns about the role played by tech companies in advancing warrant-proof encryption. While recognizing the need to balance important privacy interests against law enforcement priorities, Rosenstein argued that “[w]arrant-proof encryption defeats the constitutional balance by elevating privacy above public safety.” He emphasized the threat posed to public safety when technology developers deprive law enforcement of “crucial investigative tools.” Rosenstein advocated for “responsible encryption,” recognizing that this approach would not be one-size-fits-all and that solutions would likely look different depending on the company and technology at issue.
Rosenstein referenced past attempts to negotiate around encryption issues with tech companies, including the events following the horrific terrorist attack in San Bernardino in December 2015. In the wake of the shooting, the FBI wanted Apple to unlock an encrypted iPhone belonging to one of the shooters. Apple resisted a court order to unlock the phone, arguing that the creation of a “backdoor” to the iPhone could be incredibly dangerous to Apple customers if the technology fell into the wrong hands.
While a legal showdown was averted when the FBI was able to unlock the phone with the help of an unidentified third party, the litigation surrounding the San Bernardino shooting highlights the challenging position that tech companies find themselves in when law enforcement officers seek encrypted information. As Apple argued at the time, the same technology that would make sensitive data accessible to law enforcement may make that data vulnerable to others with less pure intentions. In light of the increasing prevalence of data breaches, consumers are understandably demanding more robust privacy protections for their information. Tech companies must be responsive to these consumer interests while also reasonably cooperating with law enforcement when necessary.