DOJ: Companies need to trust gov't on cybersecurity

nsa

The National Security Agency headquarters is in Fort Meade, Maryland.

The U.S. fight against cybercrime would be more effective if companies put more trust in the country’s law enforcement agencies, a top U.S. Department of Justice official said.

The DOJ and private companies already cooperate on many cybercrime investigations, but more trust is still needed, said Leslie Caldwell[cq], assistant attorney general with the DOJ’s Criminal Division.

“There’s a tendency among the public, including private-sector technology companies, to a little bit conflate what the Criminal Division does with what other government agencies might do,” Caldwell said Tuesday during a forum on cybersecurity in Washington, D.C.

Revelations over the past year and a half of U.S. National Security Agency surveillance have caused “an erosion of trust and a kind of a demonization” of the government, she said. Investigations by the DOJ’s Criminal Division require search warrants and other court supervision, Caldwell added.

“I would like to see a little more feeling of trust” from private companies, she said, when asked how companies can help with cybersecurity investigations.

In addition to more trust, more engagement from private companies is needed, added Joe Demarest[cq], assistant director of the Cyber Division at the FBI.

But calls by DOJ officials for legislation to require mobile phone operating systems to include back doors in newly announced encryption tools may be a major stumbling block to additional cooperation. In recent months, FBI Director James Comey[cq] called on Congress to rewrite the 20-year-old Communications Assistance for Law Enforcement Act to allow for law enforcement agencies to access encrypted data on smartphones.

Comey has raised concerns about law enforcement access to criminal evidence on smartphones after Apple and Google both announced encryption tools for their mobile operating systems. Caldwell, on Tuesday, repeated those concerns.

Smartphone encryption probably “hasn’t affected that many cases yet,” but it’s likely to become a problem for law enforcement, she said. “We really need to think long and hard about whether we want to create a zone of lawlessness that law enforcement can’t access,” Caldwell said. “I think that’s a very dangerous precedent that’s been set.”

But Dean Garfield[cq], CEO of tech trade group the Information Technology Industry Council, said the tech industry will oppose efforts to pass a law requiring a back door in encryption tools. Such regulations would be “incredibly disruptive in a negative way,” he said.

The decision to encrypt smartphone data is new and “largely driven by consumer choice,” Garfield said at the same cybersecurity event. “It would be a mistake to have technology-specific regulation that’s trying prohibit something that, from my perspective, has limited value and impact on national security,” he added.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.