On June 6, 2016, during a speech at a Cybercrime Symposium co-organized by the Centers for Strategic and International Studies and the Department of Justice’s (“DOJ”) Computer Crime and Intellectual Property Section, Assistant Attorney General Leslie Caldwell continued to push for access by law enforcement to encrypted data. In her remarks, Caldwell highlighted that public policy makers – and not the private sector – should decide whether, and to what extent, law enforcement should have access to encrypted data that could be evidence in criminal investigations. Caldwell also reiterated the DOJ’s position that law enforcement should be able to subpoena and collect data from U.S. companies for investigations, regardless of whether the data is stored in the U.S. or abroad.
During extensive remarks on a variety of cyber issues, Caldwell commented that while technology and the internet have provided significant benefits to the global economy, they also have brought risks that “criminals have been able to turn the advantages of the internet against us.” She noted the threat of the development of “warrant-proof encryption, ” where a service provider has developed encryption “in a way that prevents them from producing stable, unencrypted information even if they are served with a valid court order.” According to Caldwell, such “warrant-proof encryption” has, in many circumstances, thwarted the prosecution of crimes, and “pose[s] an undeniable and growing threat to…law enforcement’s ability to protect the American public.” Caldwell has previously called access by law enforcement to encrypted information “essential” to national security interests.
Concerning gaining access to data physically stored outside the borders of the U.S., Caldwell emphasized that the DOJ opposes “legislation that conditions our ability to get data based on where the data is located.” One of the proposed reforms to the Electronic Communications Privacy Act (the “ECPA”) is called the Law Enforcement Access to Data Stored Abroad Act of 2015 (the “LEADS Act”). If passed, the LEADS Act would limit the ability of U.S. law enforcement personnel to compel electronic communications service providers to turn over user data if doing so could run afoul of foreign law or if the data was not related to a U.S. citizen. After passing the U.S. House of Representatives last month, the updates to the ECPA (including the LEADS Act) have stalled in the Senate Judiciary Committee.
Reporter, Ehren K. Halse, San Francisco, +1 415 318 1216, ehalse@kslaw.com