DOJ: Companies need to trust gov’t on cybersecurity

The U.S. fight against cybercrime would be more effective if companies put more trust in the country’s law enforcement agencies, a top U.S. Department of Justice official said.

The DOJ and private companies already cooperate on many cybercrime investigations, but more trust is still needed, said Leslie Caldwell, assistant attorney general with the DOJ’s Criminal Division.

“There’s a tendency among the public, including private-sector technology companies, to a little bit conflate what the Criminal Division does with what other government agencies might do,” Caldwell said Tuesday during a forum on cybersecurity in Washington, D.C.

Revelations over the past year and a half of U.S. National Security Agency surveillance have caused “an erosion of trust and a kind of a demonization” of the government, she said. Investigations by the DOJ’s Criminal Division require search warrants and other court supervision, Caldwell added.

“I would like to see a little more feeling of trust” from private companies, she said, when asked how companies can help with cybersecurity investigations.

In addition to more trust, more engagement from private companies is needed, added Joe Demarest, assistant director of the Cyber Division at the FBI.

Leslie Caldwell, assistant attorney general with the DOJ’s Criminal Division

But calls by DOJ officials for legislation to require mobile phone operating systems to include back doors in newly announced encryption tools may be a major stumbling block to additional cooperation. In recent months, FBI Director James Comey[cq] called on Congress to rewrite the 20-year-old Communications Assistance for Law Enforcement Act to allow for law enforcement agencies to access encrypted data on smartphones.

Comey has raised concerns about law enforcement access to criminal evidence on smartphones after Apple and Google both announced encryption tools for their mobile operating systems. Caldwell, on Tuesday, repeated those concerns.

Smartphone encryption probably “hasn’t affected that many cases yet,” but it’s likely to become a problem for law enforcement, she said. “We really need to think long and hard about whether we want to create a zone of lawlessness that law enforcement can’t access,” Caldwell said. “I think that’s a very dangerous precedent that’s been set.”

But Dean Garfield, CEO of tech trade group the Information Technology Industry Council, said the tech industry will oppose efforts to pass a law requiring a back door in encryption tools. Such regulations would be “incredibly disruptive in a negative way,” he said.

The decision to encrypt smartphone data is new and “largely driven by consumer choice,” Garfield said at the same cybersecurity event. “It would be a mistake to have technology-specific regulation that’s trying prohibit something that, from my perspective, has limited value and impact on national security,” he added.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant’s email address is grant_gross@idg.com.