Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

ACLU Sues FBI to Learn How It Obtains Data From Encrypted Devices

The American Civil Liberties Union (ACLU) announced on Tuesday that it has filed a lawsuit against the FBI in an effort to find out how the law enforcement agency can access information stored on encrypted devices.

The American Civil Liberties Union (ACLU) announced on Tuesday that it has filed a lawsuit against the FBI in an effort to find out how the law enforcement agency can access information stored on encrypted devices.

The FBI has often turned to third parties for help in accessing information stored on encrypted devices, but it has come to light in recent court documents that the agency’s Electronic Device Analysis Unit (EDAU) has been acquiring solutions that can help it break into encrypted devices on its own.

The ACLU has filed a request under the Freedom of Information Act (FOIA) in hopes of obtaining more information on the EDAU’s capabilities and the technologies it has used. However, the FBI provided what is known as a Glomar response, which indicates that the agency does not even want to confirm or deny the existence of any records related to EDAU, let alone share details on its capabilities.

However, the ACLU says the FBI’s response is not valid and it has asked a federal court to order the Department of Justice and the FBI to hand over documents related to the EDAU.

“A valid Glomar response is rare, as there are only extremely limited instances where its invocation is appropriate — that is, only where the existence or nonexistence of records is itself exempt under FOIA,” ACLU representatives wrote in a blog post on Tuesday. “The problem with the FBI’s Glomar response is that, as detailed above, we already know records pertaining to the EDAU exist because information about the unit is already public. The fact that all of this information is already publicly known deeply undercuts the FBI’s Glomar theory.”

They added, “By invoking the Glomar response, the federal government is sending a clear message: It aims to keep the American public in the dark about its ability to gain access to information stored on our personal mobile devices. But it’s not that the FBI has just shut the door on this information — they’ve shut the door, closed the windows, drawn the shades, and refused to acknowledge whether the house that we’re looking at even exists. It’s imperative that the public gets meaningful access to these records regarding the federal government’s capabilities to access our phones and computers. Our privacy and security are at stake.”

Officials — not just in the U.S. but all Five Eyes countries — have been trying to find ways to force technology companies that develop encrypted communication applications to implement encryption backdoors that would make it easier for law enforcement to conduct investigations.

In the United States, the FBI is often provided as an example, with officials claiming that the agency’s investigations have been impeded by strong encryption — even though in many cases the FBI did manage to gain access to data on encrypted devices and their claims were sometimes found to be exaggerated.

Advertisement. Scroll to continue reading.

Privacy and security experts have long argued that implementing encryption backdoors would allow not only law enforcement, but also malicious actors to access protected data. Nevertheless, lawmakers continue to try to find ways to pass laws aimed at ending what they call “warrant-proof encryption.”

Related: Inside GCHQ’s Proposed Backdoor Into End-to-End Encryption

Related: WhatsApp Defends Encryption as It Tops 2 Billion Users

Related: DoJ Again Asks for Encryption Backdoors After Hacking US Naval Base Shooter’s iPhones

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.