Debate about law enforcement’s ability to access encrypted devices and communications remains a stalemate. Law enforcement leaders continue to insist on the need for extraordinary access to encryption in criminal investigations; technology experts note that such an approach would bring untenable risks to the security and privacy of individuals, businesses, and critical infrastructure. While this stalemate persists, a range of other challenges hindering criminal investigations are left unaddressed. This outcome is bad for everyone involved and it is time for a new approach.
The advent of the digital age has ushered in a new era of law enforcement. It has brought tremendous opportunities for criminal investigators, who can access more data on criminal suspects than ever before. But the digital age has also brought new challenges: the growing use of encryption to secure our data has been misused by criminals to evade such investigators.
Law enforcement’s inability to gain access to encrypted data is a legitimate and growing problem. Yet it is hardly the only obstacle to their access to digital evidence, and arguably not even the main problem. For too long, it has drawn inordinate attention from policymakers while opportunities to address substantial, solvable access challenges are neglected.
A report released by the Center for Strategic and International Studies offers a roadmap for overcoming this counterproductive dynamic.
The report shines new light on access challenges. To better understand the nature and scope of the problem, the authors surveyed federal, state, and local law enforcement officers. The most significant obstacle they face in accessing digital evidence is not encryption, but simply identifying which service providers have access to the evidence investigators are seeking. The second greatest challenge is getting digital evidence from providers once the right provider is identified. These challenges highlight the need for improving technical capacity among law enforcement and enhancing cooperation between law enforcement and the technology community.
The report’s authors offer several concrete recommendations, including both practical steps for technology providers and law enforcement organizations, and legislative measures that would establish stronger policy foundations to address access challenges. The recommendations call for creating a central clearinghouse for training and technical support for law enforcement, streamlining mechanisms for submitting and responding to law enforcement requests for digital evidence, and standing up a National Digital Evidence Office at the Justice Department.
Technology providers view their first obligation as being toward the security and privacy of the customers they are contractually committed to protecting; for that reason, they have often been miscast as antagonists to law enforcement interests. In fact, such providers go to great lengths to simultaneously uphold these privacy and security obligations and cooperate with law enforcement on legitimate criminal inquiries. The CSIS report’s recommendations represent common-sense measures to expand such cooperation without compromising the security and privacy and law-abiding citizens.
In fact, technology providers are already taking steps to implement the report’s recommendations. Many companies participate in training law enforcement officers on how to pursue digital evidence and have streamlined the processing of law enforcement requests through the creation of dedicated online law enforcement portals. Such measures can substantially improve collaboration on legitimate law enforcement investigations and should be adopted more broadly.
BSA strongly supports legislation to address these law enforcement challenges. Congress should take action to create a new office at the Department of Justice dedicated to addressing the technological and training challenges identified in the CSIS report. Such a unit is important now–but will be even more critical in the coming years as questions associated with law enforcement’s data access to Internet of Things devices, the evolution of quantum-proof encryption, the increasing ubiquity of “Smart City” sensors, and other emerging technologies come to the forefront.
Congress should also create a central clearinghouse for training and technical support and should consider consolidating the varied enterprise of existing training providers into a more coherent organization that can address and prioritize diverse training needs across federal, state, and local officials. Given the growing complexity of digital investigations, we cannot afford for law enforcement training demands to be met on an ad hoc basis by a motley patchwork of providers. Moreover, Congress should establish a dedicated source of funding for grants to support digital evidence collection and analysis at the state and local level, enabling law enforcement to keep up with the constant evolution of digital forensics tools.
The law enforcement and technology communities share the same goal: keeping law-abiding individuals and the communities in which they reside safe from crime. Both communities work tirelessly to achieve that goal by fighting crime, enhancing cybersecurity, and preventing the exploitation of technology by dangerous criminal networks. Rather than focusing on areas of disagreement, much progress can be made by identifying common ground. Technology providers stand ready to work with Congress and law enforcement at all levels on common-sense measures to make our communities safer.
**This op-ed originally appeared in The Hill on July 27, 2018**