Senate Republicans pushed forth the “lawful access to encrypted data act” yesterday, attempting to, with the right court access, be able to use private companies to access digital spaces that criminals operate in “lawlessly” right now.
The act is meant to help the government reach into dark places that the government struggles to reach into with their justice workers because of the great challenges regarding data encryption. The judiciary offered several examples of these scenarios.
- In December 2019, a member of the Royal Saudi Air Force carried out a terrorist attack at the Pensacola Naval Air Station in Pensacola, Florida, killing three service members and wounding eight. Attorney General Barr and FBI Director Wray recently announced that new evidence shows the terrorist was radicalized by al Qaeda. The FBI uncovered this evidence only after hacking into the phone to recover encrypted data. The terrorist had shot the phone in an attempt to destroy it. The FBI said they “effectively received no help from Apple” and the effort took over four months, costing “large sums of taxpayer dollars.” Remarks, Department of Justice
- During a money laundering investigation involving the Sinaloa Cartel, numerous lawful access issues arose because of the cartel’s use of an end-to-end encrypted app. The targets of the investigation made phone calls and sent messages using WhatsApp to coordinate drug deals and cash drops. The warrant-proof encrypted messages allowed the criminals to conceal their communications and prevent investigators from intercepting entire conversations, even with a court-authorized wiretap order. The inability to access content from WhatsApp prevented law enforcement from identifying suspects and producing seizures of drugs and money.
- In May 2015, there was a terrorist attack Garland, Texas. ISIS later claimed responsibility. Investigators discovered that one of the terrorists in Texas exchanged more than 100 messages with a terrorist overseas using an end-to-end encrypted app. To date, the FBI is still unable to determine the content of these messages.
- Ryan Lin, a computer scientist with extensive knowledge of encryption and hacking, was accused of cyberstalking, threatening and harassing of a number of victims over several years. Lin used various methods to hide his virtual identity, including VPNs, encrypted devices and encrypted overseas email accounts. During an investigation of Lin, he admitted to collecting a large amount of child sexual abuse material (CSAM) – including a dozen images of prepubescent CSAM he sent, unsolicited, to others – but had taken steps to encrypt the illegal material. Law enforcement conducted a costly and risky operation to seize Lin’s phone while he was using it to increase the likelihood of capturing unencrypted messages. Although agents were successful in obtaining Lin’s phone and material located on the phone, almost every device agents seized from Lin’s home was encrypted. Agents never recovered Lin’s CSAM collection on the seized encrypted devices. This limited law enforcement’s ability to identify victims, notify those victims, and present a fuller, more accurate portrayal of Lin’s conduct at sentencing.
- In 2016, FBI agents identified an IP address sharing image and video files of child pornography using the peer-to-peer program FrostWire. After receiving documents pursuant to legal process requests, the FBI identified a target associated with the IP address. In August 2017, FBI obtained a warrant to seize a desktop computer. The target used BitLocker, a full-volume encryption feature included with Microsoft Windows, to encrypt the desktop. Agents were unable to locate evidence of CSAM on the computer and were forced to close the case. The target of the investigation had regular access to children through his employment as a school bus driver.
Here’s what the judiciary aims to accomplish with the bill:
- Enables law enforcement to obtain lawful access to encrypted data.
- Once a warrant is obtained, the bill would require device manufacturers and service providers to assist law enforcement with accessing encrypted data if assistance would aid in the execution of the warrant.
- In addition, it allows the Attorney General to issue directives to service providers and device manufacturers to report on their ability to comply with court orders, including timelines for implementation.
- The Attorney General is prohibited from issuing a directive with specific technical steps for implementing the required capabilities.
- Anyone issued a directive may appeal in federal court to change or set aside the directive.
- The Government would be responsible for compensating the recipient of a directive for reasonable costs incurred in complying with the directive.
- Incentivizes technical innovation.
- Directs the Attorney General to create a prize competition to award participants who create a lawful access solution in an encrypted environment while maximizing privacy and security.
- Promotes technical and lawful access training and provides real-time assistance.
- Funds a grant program within the Justice Department’s National Domestic Communications Assistance Center (NDCAC) to increase digital evidence training for law enforcement and creates a call center for advice and assistance during investigations.
What are your thoughts? Should the bill be passed?
Let me know in the comments below. I read them all.