In a keynote address at the International Conference on Cyber Security on Tuesday, July 23, Attorney General Barr clearly articulated the DOJ’s position that “‘warrant-proof’ encryption poses a grave threat to public safety by extinguishing the ability of law enforcement to obtain evidence essential to detecting and investigating crimes.”1 Barr outlined the ways in which criminals — including drug traffickers, human traffickers, terrorists, and gangs — use encrypted messaging technology to further criminal enterprises, and he criticized technology companies for failing to work with law enforcement “to preserve lawful access” to suspects’ encrypted devices and messages, even when police have a valid search warrant.2 Barr’s remarks add fuel to a years-long debate over whether technology companies should — and may, in the future — be required to provide law enforcement with “backdoor” access to users’ encrypted information, and whether such access would compromise the security of individuals’ digital data.
The Ongoing Encryption vs. Law Enforcement Debate
On July 23, 2019, AG Barr reignited a longstanding debate over whether government officials should have access to criminal suspects’ encrypted devices and communications in the course of criminal investigations. In his remarks, Barr emphasized that criminals of all kinds — including domestic and foreign terrorists, drug cartels, “lone wolf” actors, large violent gangs, and human traffickers and pedophiles — are increasingly able to evade detection and apprehension by using encrypted communications on commercially available platforms like WhatsApp.3 While encryption technology helps to protect personal and sensitive information (making digital transactions more safe and secure), it also prevents law enforcers from being able to access criminal suspects’ messages and other information after a crime has been committed and when monitoring suspected criminal activity — even when police have a valid warrant to access that data.
AG Barr’s address is the latest development in the ongoing encryption debate, and it sets the tone for any potential DOJ policies and action during his tenure as Attorney General. In his remarks, Barr argued that “the deployment of warrant-proof encryption is already imposing huge costs on society” because it allows “dangerous criminals to cloak their communications and activities behind an essentially impenetrable digital shield.”4 Barr stated that encryption technology converts internet and communications platforms into “law-free zones” giving “criminals the means to operate free of lawful scrutiny.”5 Barr pointed to technology providers’ refusal to develop decryption technology for law enforcement purposes as a major driver of criminals’ increased use of encrypted devices and services.
Barr’s comments join a growing list of instances in which the federal government has publicly rebuked technology service providers for failing to develop decryption technology for law enforcement purposes. In 2016, the encryption debate came to a head when the FBI sought to enforce a federal court order requiring Apple to decrypt the iPhone of an individual who had shot and killed 14 people and injured 22 others in his workplace in San Bernardino.6 Apple resisted the Order, arguing that decrypting the phone for the government would provide the government with the means to access millions of others’ devices and personal data.7 Although the FBI ultimately withdrew its motion to compel after obtaining access to the phone by other means,8 the case stirred questions over whether the government can lawfully force technology companies to provide law enforcement with access to users’ encrypted data, and whether such access would put the public’s data security and privacy at risk.
AG Barr Underscores DOJ View that Warrant-Proof Encryption is “Illegitimate” and Should be Addressed
In his speech, Barr argued that the Fourth Amendment prevents technology service providers from refusing to provide access to data that is subject to legitimate warrants. The Fourth Amendment “defines the terms under which the Government may obtain . . . access” to information, and is designed to “strike a balance” between personal and public interests.9 DOJ takes the position that technology providers using encryption technology in their consumer products bear a responsibility to “maintain an appropriate mechanism for lawful access” by government entities “when they have appropriate legal authority.”10 Many technology companies and data privacy advocates, however, have expressed concerns that legislation or court orders requiring companies to develop special-access mechanisms for law enforcement would weaken the public’s data security and privacy. These critics argue that there is no way to create a special-access mechanism just for the government without leaving users’ personal information vulnerable to exploitation by hackers and other types of criminals.
But Barr made it clear that he does not share these concerns: He argued that the risks that might result from developing a lawful access mechanism are not “materially greater” than the risks posed by existing technology.11 While Barr also specifically noted that other countries, like Australia, have recently taken steps to address the encryption issue, he did not propose any specific solutions, instead putting the onus on technology companies to develop secure decryption technology to be used for law enforcement purposes. In Barr’s view, it is not a question of whether technology companies can develop a solution to encryption that also adequately addresses privacy concerns, but whether they are willing to do so — and that their unwillingness is unacceptable.
The extent to which the government can compel decryption also directly impacts the right of individual criminal suspects. As we previously wrote, the compelled use of individuals’ biometrics to decrypt digital devices is a recurring issue in Fourth and Fifth Amendment litigation, and will continue to impact the course of criminal cases. Additionally, even the use of voluntarily provided information for decryption purposes can have significant consequences for companies under investigation that provide their employees with company-owned devices.
As Barr’s recent comments demonstrate, the government is unlikely to back away from the encryption debate, and will probably only continue to push for greater access to encrypted information — whether by technology providers, individual users, or both — in the course of criminal investigations. In his speech, Barr even hinted that if technology companies continue to refuse to help law enforcement solve the encryption issue, then protecting the public safety may eventually require the modification of existing products so they are “compatible with the public interest,” or even the “prohibit[ion of] certain products all together.”12