The Lawful Access Challenge
Many federal, state, local, and tribal law enforcement agencies are facing challenges due to the phenomenon sometimes referred to as “warrant-proof” encryption.
Commercial service providers, device manufacturers, and application developers are increasingly deploying and aggressively marketing products and services with a form of strong encryption that can only be decrypted or accessed by the end users or device owners.
Because of warrant-proof encryption, the government often cannot obtain the electronic evidence necessary to investigate and prosecute threats to public and national safety, even with a warrant or court order. End-to-end encryption and other forms of warrant-proof encryption create, in effect, lawless spaces that criminals, terrorists, and other bad actors can exploit.
Examples of Lawful Access challenges include:
- The inability to access the stored data in an encrypted thumb drive, hard drive, smartphone, or tablet despite a judicially authorized search warrant
- The inability to obtain intelligible content from end-to-end encrypted communications apps during the execution of a court-ordered wiretap
More on Lawful Access
Department of Justice Lawful Access Summit (October 2019)
- Speech: FBI Director Christopher Wray Delivers Remarks at the Lawful Access Summit
- Story: FBI Asks Technology Companies for Support in Pursuing Child Abusers, Other Criminals
- Speech: Attorney General William P. Barr Delivers Remarks at the Lawful Access Summit
- FBI Response to UK Child Sexual Abuse Case
- International Statement: End-To-End Encryption and Public Safety
- Press Release: Barr, Wray Announce Significant Developments in the Investigation of the Naval Air Station Pensacola Shooting
- Department of Justice Lawful Access Page
- Proposed Lawful Access Legislation: S.4051 | H.R. 7891
What is Section 230 and Why Does It Matter?
Section 230 of the Computer Decency Act (CDA) grants online service providers immunity from civil liability for all claims arising out of content generated or published by third parties on their systems.
When passed in 1996, Section 230 was part of a larger law that served to protect internet users while simultaneously maximizing the growth and benefits of online platforms—then viewed as an upstart technology.
In 1997, the Supreme Court struck down all other provisions of the CDA, leaving in place provisions that preserved liability protections for technology providers.
In recent years, victims’ groups have advocated for the repeal or amendment of Section 230. They note that the upstart online platforms protected by its provisions are now titans of industry who no longer need special protection. These groups have also voiced concern that the law perversely incentivized online platforms to do little to police their services, even when some content carried by those services is known to cause serious harm.
Congress held bipartisan hearings on Section 230 in the fall of 2019, and the attorney general hosted a summit on the matter in February 2020 with representatives from industry, law enforcement, and victim advocacy groups.