The DOJ is not asking companies to stop offering encryption, a second official said, but to balance the cybersecurity benefits of end-to-end encryption with the risks of losing valuable evidence in child pornography, terrorism, organized crime and other cases.
There may be "theoretical risks" with companies retaining access to customers' encrypted data, one official said. "Are there costs and benefits associated with certain implementations of encryption, and are there costs and benefits associated with lack of law enforcement and national security access to communications in crucial cases?" the official added.
With hundreds of millions of email users already allowing their providers access, there needs to be a bigger debate about law enforcement access, the official said. "If it's worth it to have a cheaper product or a more appealing interface, if it's worth it for malware detection, then the question we're asking is, 'Is it not also worth it for protection against terrorism and for public safety?'"
President Barack Obama's administration has not yet made a decision on whether to seek new legislation to deal with end-to-end encryption and law enforcement access, the DOJ officials said. The agency does not believe it should tell companies how to design their encryption systems to allow law enforcement access, because companies know best how to deal with the issue, they said.
The DOJ supports the use of encryption to protect against cyberthreats, but it believes that purpose can coexist with law enforcement access, the officials said.
"The Department of Justice supports strong encryption," the second official said. "It's very important for a global economy and our national security to have strong encryption standards."
The officials, asked if mandated law enforcement access in the U.S. would drive some criminals to overseas services, acknowledged it might, in limited cases.
"If we're talking about a few bad guys, then we have a much different problem than if we're talking about an entire market for smartphones," the second official said. "We're just talking about different problem sets."
Sign up for CIO Asia eNewsletters.