Certain types of “warrant-proof” encryption could pose significant danger to law enforcement’s ability to investigate and prosecute crimes, according to Assistant Attorney General Leslie R. Caldwell.
“As organized crime digitizes its operations, law enforcement faces two significant challenges,” Caldwell said in a speech at New York University on Tuesday. “First, the use by criminals of new encryption technologies to victimize innocent people while avoiding identification; and second, territorial limits on our ability to gather digital evidence of crimes.”
Caldwell said that companies advertising for messaging apps or devices with encryption capabilities “that preclude access to data without the consent of the user,” could be damaging to law enforcement investigations, particularly that of crimes that take place primarily online. She expressed many of the same concerns as FBI Director James Comey has on the issue.
“We recognize that the development and adoption of strong encryption is essential to counteracting cyber threats and to promoting our overall safety and privacy,” Caldwell said. “But certain implementations of strong encryption pose an undeniable and growing threat to our ability to protect the American people.”
Caldwell also addressed the difficulties that law enforcement faces when data about a crime or a criminal is stored in an area that is outside the jurisdiction of the investigation.
“The challenge we face with warrant-proof encryption is part of a broader trend requiring harmonization of law and technology,” said Caldwell. “In July, in the so-called ‘Microsoft Ireland’ case, the Court of Appeals for the Second Circuit held that a judge could not authorize the use of a Stored Communications Act (SCA) warrant to compel disclosure by Microsoft of email communications stored in Microsoft’s Ireland data center, or any server outside U.S. borders.”
She explained that it is not uncommon for data about U.S. customers to be stored in foreign servers, and that this data does not always remain in one place. Additionally, some companies offer the opportunity for customers to select specifically that their data be stored abroad.
“In today’s world of global cloud computing, it makes little sense to determine the legality of search warrants based on where companies choose to store their data.”