U.S. tech companies should retain access to the encrypted information of their customers, instead of providing end-to-end encryption, in order to give police the tools they need to investigate crimes and terrorist activity, two senior law enforcement officials said.
The U.S. Department of Justice and the FBI aren't seeking new legislation to require tech companies to comply with warrant requests, at least for now, and they don't want companies to build encryption back doors that give the agencies direct access to communications and information stored on smartphones, said Sally Quillian Yates, the DOJ's deputy attorney general.
Instead, the DOJ and FBI, in their continuing efforts to combat the use of encryption by criminals and terrorists, are proposing that tech and communications companies retain internal access to encrypted information so that they can comply with court-ordered search warrants, she told the Senate Judiciary Committee Wednesday. Several tech companies already retain some access to customers' encrypted data, she said.
Legislation may eventually be necessary, but the DOJ is now looking for voluntary compliance from tech companies, she said.
With new encryption services from tech companies, "critical information becomes, in effect, warrant-proof," Yates said. "We are creating safe zones where dangerous criminals and terrorists can operate and avoid detection."
A recent push by tech companies toward end-to-end encryption, partly in response to reports of mass surveillance programs, has led the DOJ and FBI to raise concerns about law enforcement agencies "going dark" when investigating crime. Last September, FBI Director James Comey Jr. first questioned decisions by Apple and Google to offer encryption by default on their smartphone operating systems.
"The world has changed in the last two years," Comey told senators. "Encryption has moved from something available to something that is the default, both on devices and on data in motion."
Terrorist group ISIL (Islamic State of Iraq and the Levant) has used encryption effectively, Yates said. ISIL makes first contact with many potential recruits on Twitter, where the group has about 21,000 followers of its English language feed, but then directs them to communicate further on an encrypted messaging service, she said.
"This is a serious threat, and our inability to access these communications with valid court orders is a real national security problem," Yates added. "We must find a solution to this pressing problem, and we need to find it soon."
U.S. tech companies should be able to find a way to provide law enforcement access to encrypted data and still provide many of the security and privacy benefits of encryption, Comey said. "The tools we are being asked to use are increasingly ineffective in our national security work and in our criminal work," he said. "I don't come with a solution -- this is a really, really hard problem."
Sign up for Computerworld eNewsletters.