Fine, OK, no backdoors, says Deputy AG. Just keep PLAINTEXT copies of everyone's messages

Sure, that won’t go wrong at all

The US Deputy Attorney General has told business leaders that Uncle Sam won't demand mandatory backdoors in encryption – so long as companies can cough up an unencrypted copy of every message, call, photo or other form of communications they handle.

Speaking at the 2017 North American International Cyber Summit in Detroit on Monday, Deputy Attorney General Rod Rosenstein appeared to shift tack on his earlier position that end-to-end encryption systems, such as instant messengers and video call apps, should grant special access exclusively to crime investigators on demand.

Tech giants are resisting weakening their strong end-to-end and filesystem crypto just to help cops and Feds arbitrarily decipher suspects' messages and files on devices. So, Rosenstein has another approach: let people send stuff encrypted as normal, but a plaintext copy of everything – from communications to files on devices – must be retained in an unencrypted form for investigators to delve into as needed.

"Encryption serves a valuable purpose. It is a foundational element of data security and essential to safeguarding data against cyber-attacks. It is critical to the growth and flourishing of the digital economy, and we support it. I support strong and responsible encryption," he said.

"I simply maintain that companies should retain the capability to provide the government unencrypted copies of communications and data stored on devices, when a court orders them to do so."

Despite the fact that doing this would be a massive money and time suck, in terms of storage capacity and processing, it also kind of takes the point out of using encrypted conversations for privacy. It also means that any hacker who breaks into these archives would have access to the crown jewels of personal and corporate secrets.

'There has never been a right to absolute privacy' – US Deputy AG slams 'warrant-proof' crypto


Mind you, that would surely never happen. We never come across stories about servers getting hacked, and certainly the government is immune from such incidents, especially where they involve staffers' fingerprints and security clearances.

Rosenstein prefaced his suggestions with dire warnings about the effects of online crime. Since January 1 last year, there has been an average of 4,000 ransomware "attacks" a day, up 300 per cent on the previous year, he claimed, and said the FBI warned him ransomware infects more than 100,000 computers a day around the world.

In other scary news, Rosenstein warned that botnets – commandeered internet-of-things devices – could end up crashing large chunks of the internet. Speaking of crashing, he also warned that hackers could launch devastating attacks against autonomous cars that could leave passengers injured or killed.

He said that some CEOs had told him that they were reluctant to report hacking attacks to the authorities. Rosenstein said he understood those concerns but that it was vital for businesses to get in touch so that the perpetrators could be stopped from using the same attacks against others.

"Many cyberattacks are directed by foreign governments. When you are up against the military or intelligence services of a foreign nation-state, you should have our federal government in your corner," he said.

"By alerting law enforcement about a cyber incident, your organization performs a public service; it helps strengthen the cyber defenses of others. When law enforcement understands the details of an attack, we can promptly work on trying to apprehend the perpetrator, potentially before the next attack." ®

Send us news

Can confidential computing stop the next crypto heist?

Tech giants and startups hype next big thing in security

FYI: Microsoft Office 365 Message Encryption relies on insecure block cipher

Redmond says OME isn't supposed to be used for security, just for something else

Upstart Ransom Cartel linked to REvil veterans

Lesser of two REvils? There’s a relationship, say infosec bods, but not enough to say one evolved into the other

Scanning phones to detect child abuse evidence is harmful, 'magical' thinking

Security expert challenges claim that bypassing encryption is essential to protecting kids

Children should have separate sections in social media sites, says UK coroner

Also recommends age verification as Meta tells The Reg it's working on parental controls

When are we gonna stop calling it ransomware? It's just data kidnapping now

It's not like the good old days with iffy cryptography and begging for keys

Loads of PostgreSQL systems are sitting on the internet without SSL encryption

They probably shouldn't be connected in the first place, says database expert

FBI: We tracked who was printing secret documents to unmask ex-NSA suspect

Infosec systems designer alleged to have chatted with undercover agent

Matrix chat encryption sunk by five now-patched holes

You take the green pill, you'll spend six hours in a 'don't roll your own crypto' debate

Meta, Twitter, Apple, Google urged to up encryption game in post-Roe America

Tech giants 'throwing their users to the wolves'

Ever suspected bankers used WhatsApp comms at work? $1.8b says you're right

Thought shadow IT at your office was bad? Try enforcing workplace device policies on hedge fund traders

Patch your Mitel VoIP systems, Lorenz ransomware gang is back on the prowl

Criminals do love that unpatched VoIP and IoT kit