Law enforcement is increasingly facing challenges due to the phenomenon of “warrant-proof” encryption. Service providers, device manufacturers, and application developers are deploying products and services with encryption that can only be decrypted by the end user or customer. Because of warrant-proof encryption, the government often cannot obtain the electronic evidence and intelligence necessary to investigate and prosecute threats to public safety and national security, even with a warrant or court order. This provides a “lawless space” that criminals, terrorists, and other bad actors can exploit for their nefarious ends.
On August 27, 2019, in North Canton, Ohio, an undercover police officer responded to an advertisement on a prostitution website that offered a woman for sexual acts. The ad suggested that the woman being sold was new to prostitution, potentially a victim of sex trafficking, and young—possibly even underage.
The person responding to the officer’s message arranged to have the woman meet the officer in a hotel, with the condition that she would be accompanied by a man who was acting as her pimp. When they arrived at the hotel, police quickly established that the woman was a girl - just 16 years old. The girl later told police that the man who accompanied her received money for bringing her to various hotels and other locations to have sex with strangers. Police arrested the male suspect and seized his cell phone.
The day after his arrest, the suspect was overheard speaking to a female acquaintance on a jail telephone. He expressed concern that the police would access the contents of his cell phone and discover evidence of serious criminal conduct. He said candidly, “If they get in my phone, I’m doing time . . . . If they get in my phone, I’m doing time for other [stuff].”
Law enforcement quickly used this evidence to seek a search warrant to access the contents of the suspect’s cell phone to investigate and obtain evidence of criminal conduct. A federal judge agreed that there was probable cause to search the phone and issued the warrant.
Law enforcement expected the phone to contain names of other sex trafficking victims, contact information for additional sexual predators, and evidence of other criminal activity alluded to by the suspect. But law enforcement wasn’t able to access any of that information because the suspect’s cell phone was encrypted.
Despite a lawfully issued warrant, law enforcement was unable to bypass the encryption on the phone and access its content. In fact, the cell phone manufacturer’s default encryption ensures that no one, other than the suspected sex trafficker himself, would be able to unlock it. To this day, law enforcement has been unable to access the encrypted phone and may never get the evidence needed to prosecute the suspect for his most serious offenses, identify other potential sex offenders who purchase sex with children or trafficked persons, or save other potential victims.
On October 4, 2019, the Department hosted a summit entitled Lawless Spaces: Warrant-Proof Encryption and Its Impact on Child Exploitation Cases. The Summit explored the impact of warrant-proof encryption on investigations and prosecutions. It featured speeches by senior Department officials and distinguished guests and panel discussions and presentations from non-governmental organizations, state and local law enforcement, and international partners.
Speeches from the Summit are below:
- Attorney General William P. Barr, Keynote Address
- Deputy Attorney General Jeffrey A. Rosen, Remarks
- FBI Director Christopher Wray, Finding a Way Forward on Lawful Access: Bringing Child Predators out of the Shadows
For more information about the Lawful Access summit or to view the agenda or archived video of the event, please visit the Lawless Spaces: Warrant-Proof Encryption and Its Impact on Child Exploitation Cases page
The Department has long been concerned about the lawful access issue. A selection of previous statements are listed below.
- Attorney General William P. Barr, Keynote Address at the International Conference on Cyber Security (July 2019)
- FBI Director Christopher Wray, “The Way Forward: Working Together to Tackle Cybercrime,” International Conference on Cyber Security (July 2019)
- Report of the Attorney General’s Cyber-Digital Task Force (July 2018) (see pages 116-118)
- [Former] Deputy Attorney General Rod J. Rosenstein, Remarks on Encryption at the United States Naval Academy (Oct. 2017)
- [Former] Deputy Attorney General Rod J. Rosenstein, Remarks at the Global Cyber Security Summit (Oct. 2017)
On October 3, 2019, the Department published an open letter to Facebook from international law enforcement partners from the United States, United Kingdom, and Australia in response to the company’s publicly announced plans to implement end-to-end-encryption across its messaging services.
The letter is signed by Attorney General William P. Barr, United Kingdom Home Secretary Priti Patel, Australia’s Minister for Home Affairs Peter Dutton, and Acting Homeland Security Secretary Kevin McAleenan.
To read the Department’s statement or to link to the letter, please visit the Office of Public Affairs page
Encryption is an essential tool that helps protect data, communications, devices, and infrastructure from cyber threats and contributes to user privacy. But the rapidly growing use of warrant-proof encryption in everyday devices and software means that criminals—including drug dealers, child predators, and terrorists—use encryption to shield their illicit activities from authorities.
Encryption is a means of concealing data (including text, images, or video) from anyone who is not the intended recipient. It translates the data into a format that is unintelligible until it is retranslated back into its original form through use of a decoding mechanism. While forms of encryption have been used for many years, encrypted information today can be impossible (or nearly impossible) to decode even using sophisticated technology.
The U.S. legal system permits law enforcement officials to obtain access to evidence in private locations by convincing an independent judge to issue a search warrant or a wiretap order. To obtain such access, the government must provide evidence to a court that there is probable cause to believe that evidence of a crime will be found in the location to be searched. The judge will then assess the individual’s privacy interests and determine whether there is sufficient probable cause to justify the search. However, this system is thwarted by warrant-proof encryption.
Law enforcement regularly encounters encryption in two ways: (1) default encryption for data stored on devices (“data at rest”); and (2) real-time communications in transit over a network (“data in motion”), where decryption capability is limited to the end user (“end-to-end encryption”). End-to-end encryption leaves the service provider unable to produce readable content in response to wiretap orders and search warrants, thus making the content “warrant-proof.” In other words, the targets of the investigation control whether or not their communications are subject to lawful surveillance.
The use of widespread and increasingly sophisticated encryption technologies significantly impairs, or entirely prevents, many serious criminal and national security investigations, including those involving violent crime, drug trafficking, child exploitation, cybercrime, and domestic and international terrorism.