Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

EFF Sues DoJ Over Secret Data Decryption Orders

The Electronic Frontier Foundation (EFF) filed a lawsuit on Tuesday against the U.S. Department of Justice in hopes of obtaining information on secret court orders requiring technology companies to decrypt their customers’ communications.

The Electronic Frontier Foundation (EFF) filed a lawsuit on Tuesday against the U.S. Department of Justice in hopes of obtaining information on secret court orders requiring technology companies to decrypt their customers’ communications.

With this Freedom of Information (FOIA) lawsuit, the digital rights group wants to know if the government obtained orders from the Foreign Intelligence Surveillance Court (FISC) to force companies like Apple and Google to assist in surveillance efforts. The EFF said the DoJ must declassify this and other significant FISC opinions as part of the surveillance reforms enacted by Congress with the Freedom Act.

The FBI recently attempted to force Apple to build a backdoor to the iPhone that would allow the agency to bypass the passcode on the phone belonging to the man behind the San Bernardino terrorist attack. The agency backed down after a third-party helped it complete the task, but its encryption battle with Apple is being kept alive in other cases.

The EFF wants to know if the government attempted to obtain similar orders from the FISC, which the EFF says operates mostly in secret and approves a majority of surveillance requests.

The digital rights group cited news reports stating that the government has sought FISC orders in an attempt to force companies to hand over source code, which would allow agents to find and exploit software vulnerabilities for surveillance purposes.

“If the government is obtaining FISC orders to force a company to build backdoors or decrypt their users’ communications, the public has a right to know about those secret demands to compromise people’s phones and computers,” said EFF Senior Staff Attorney Nate Cardozo. “The government should not be able to conscript private companies into weakening the security of these devices, particularly via secret court orders.”

Security and privacy experts are also concerned about a legislation proposal unveiled earlier this month by Senators Richard Burr and Dianne Feinstein of the Senate Intelligence Committee. The Senators want a law that would force companies to decrypt user data when presented with a court order.

The senators said the proposal was a discussion draft that would be formally introduced only after they get feedback from the public and key stakeholders. Experts criticized the bill for its technical flaws, contradictions and potentially dangerous effects.

Advertisement. Scroll to continue reading.

Related: Amazon Quietly Removes Device Encryption From Fire Devices

Related: WhatsApp Toughens Encryption After Apple-FBI Row

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Government

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.