US Dept of Justice calls for encryption balance that includes law enforcement needs

Companies encrypting customer data should weigh the benefits to cybersecurity against needs of law enforcement, officials say

Apple, Google urge Obama to reject encryption back doors

Apple, Google urge Obama to reject encryption back doors

It's possible for companies to design their encryption systems to allow law enforcement agencies to access customer data with court-ordered warrants while still offering solid security, U.S. Department of Justice officials said.

When DOJ and FBI officials raised recent concerns over end-to-end encryption on Android and iOS mobile phones, some security experts suggested it was difficult or unsafe to build in provider access to encrypted consumer data. But many companies already offer encryption while retaining some access to user information, two senior DOJ officials said Wednesday.

Many email service providers offer encryption but retain access to the content of users' email to deliver advertising based on keywords in email text, to filter out spam or malware or to enforce terms of service, one DOJ official said on background during a press briefing. Many U.S. companies also encrypt employee mobile phones or laptops, while retaining the ability to access the content on those devices, he added.

Some of the same companies offering end-to-end encryption also retain access to customers' email in other services, one DOJ official said.

The DOJ sees encryption deployed "where companies and providers strike an appropriate balance between data security and the ability to access data when they need to," the official said. Most of the large email providers in the U.S. encrypt data "but retain the ability to access that data for their own business purposes," the official added.

Beginning in late 2014, FBI and DOJ officials have sounded alarms about encryption, saying law enforcement agencies are increasingly "going dark" in criminal and terrorism investigations because subjects' data unavailable, even after a court-issued warrant. Apple and Google both announced new end-to-end encryption services on their mobile operating systems, in part as a response to leaks about massive surveillance programs at the National Security Agency.

One recent criminal defendant described end-to-end encryption as "another gift from God," Deputy Attorney General Sally Quillian Yates said during a speech last month. "But we all know this is no gift -- it is a risk to public safety," she said then.

Several encryption and security experts, as well as digital rights groups, have criticized the DOJ and FBI calls for encryption workarounds. "If it's easier for the FBI to break in, then it's easier for Chinese hackers to break in," Senator Ron Wyden, an Oregon Democrat, said last month. "It's not possible to give the FBI special access to Americans' technology without making security weaker for everyone."

Nearly all of the DOJ's criminal cases now include digital evidence, one DOJ official said during Wednesday's press briefing. The DOJ doesn't yet have statistics on the number of criminal cases affected by encryption, but the agency is working on compiling that information, one official said.

The DOJ is not asking companies to stop offering encryption, a second official said, but to balance the cybersecurity benefits of end-to-end encryption with the risks of losing valuable evidence in child pornography, terrorism, organized crime and other cases.

There may be "theoretical risks" with companies retaining access to customers' encrypted data, one official said. "Are there costs and benefits associated with certain implementations of encryption, and are there costs and benefits associated with lack of law enforcement and national security access to communications in crucial cases?" the official added.

With hundreds of millions of email users already allowing their providers access, there needs to be a bigger debate about law enforcement access, the official said. "If it's worth it to have a cheaper product or a more appealing interface, if it's worth it for malware detection, then the question we're asking is, 'Is it not also worth it for protection against terrorism and for public safety?'"

President Barack Obama's administration has not yet made a decision on whether to seek new legislation to deal with end-to-end encryption and law enforcement access, the DOJ officials said. The agency does not believe it should tell companies how to design their encryption systems to allow law enforcement access, because companies know best how to deal with the issue, they said.

The DOJ supports the use of encryption to protect against cyberthreats, but it believes that purpose can coexist with law enforcement access, the officials said.

"The Department of Justice supports strong encryption," the second official said. "It's very important for a global economy and our national security to have strong encryption standards."

The officials, asked if mandated law enforcement access in the U.S. would drive some criminals to overseas services, acknowledged it might, in limited cases.

"If we're talking about a few bad guys, then we have a much different problem than if we're talking about an entire market for smartphones," the second official said. "We're just talking about different problem sets."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags U.S. Department of JusticesecurityRon WydenregulationU.S. National Security AgencygovernmentprivacySally Quillian YatesU.S. FBI

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?