Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

DOJ calls for encryption balance that includes law enforcement needs

Grant Gross | Aug. 18, 2015
It's possible for companies to design their encryption systems to allow law enforcement agencies to access customer data with court-ordered warrants while still offering solid security, U.S. Department of Justice officials said.

It's possible for companies to design their encryption systems to allow law enforcement agencies to access customer data with court-ordered warrants while still offering solid security, U.S. Department of Justice officials said.

When DOJ and FBI officials raised recent concerns over end-to-end encryption on Android and iOS mobile phones, some security experts suggested it was difficult or unsafe to build in provider access to encrypted consumer data. But many companies already offer encryption while retaining some access to user information, two senior DOJ officials said Wednesday.

Many email service providers offer encryption but retain access to the content of users' email to deliver advertising based on keywords in email text, to filter out spam or malware or to enforce terms of service, one DOJ official said on background during a press briefing. Many U.S. companies also encrypt employee mobile phones or laptops, while retaining the ability to access the content on those devices, he added.

Some of the same companies offering end-to-end encryption also retain access to customers' email in other services, one DOJ official said.

The DOJ sees encryption deployed "where companies and providers strike an appropriate balance between data security and the ability to access data when they need to," the official said. Most of the large email providers in the U.S. encrypt data "but retain the ability to access that data for their own business purposes," the official added.

Beginning in late 2014, FBI and DOJ officials have sounded alarms about encryption, saying law enforcement agencies are increasingly "going dark" in criminal and terrorism investigations because subjects' data unavailable, even after a court-issued warrant. Apple and Google both announced new end-to-end encryption services on their mobile operating systems, in part as a response to leaks about massive surveillance programs at the National Security Agency.

One recent criminal defendant described end-to-end encryption as "another gift from God," Deputy Attorney General Sally Quillian Yates said during a speech last month. "But we all know this is no gift-it is a risk to public safety," she said then.

Several encryption and security experts, as well as digital rights groups, have criticized the DOJ and FBI calls for encryption workarounds. "If it's easier for the FBI to break in, then it's easier for Chinese hackers to break in," Senator Ron Wyden, an Oregon Democrat, said last month. "It's not possible to give the FBI special access to Americans' technology without making security weaker for everyone."

Nearly all of the DOJ's criminal cases now include digital evidence, one DOJ official said during Wednesday's press briefing. The DOJ doesn't yet have statistics on the number of criminal cases affected by encryption, but the agency is working on compiling that information, one official said.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.