Security Experts:

Connect with us

Hi, what are you looking for?


Data Protection

ACLU Sues FBI to Learn How It Obtains Data From Encrypted Devices

The American Civil Liberties Union (ACLU) announced on Tuesday that it has filed a lawsuit against the FBI in an effort to find out how the law enforcement agency can access information stored on encrypted devices.

The American Civil Liberties Union (ACLU) announced on Tuesday that it has filed a lawsuit against the FBI in an effort to find out how the law enforcement agency can access information stored on encrypted devices.

The FBI has often turned to third parties for help in accessing information stored on encrypted devices, but it has come to light in recent court documents that the agency’s Electronic Device Analysis Unit (EDAU) has been acquiring solutions that can help it break into encrypted devices on its own.

The ACLU has filed a request under the Freedom of Information Act (FOIA) in hopes of obtaining more information on the EDAU’s capabilities and the technologies it has used. However, the FBI provided what is known as a Glomar response, which indicates that the agency does not even want to confirm or deny the existence of any records related to EDAU, let alone share details on its capabilities.

However, the ACLU says the FBI’s response is not valid and it has asked a federal court to order the Department of Justice and the FBI to hand over documents related to the EDAU.

“A valid Glomar response is rare, as there are only extremely limited instances where its invocation is appropriate — that is, only where the existence or nonexistence of records is itself exempt under FOIA,” ACLU representatives wrote in a blog post on Tuesday. “The problem with the FBI’s Glomar response is that, as detailed above, we already know records pertaining to the EDAU exist because information about the unit is already public. The fact that all of this information is already publicly known deeply undercuts the FBI’s Glomar theory.”

They added, “By invoking the Glomar response, the federal government is sending a clear message: It aims to keep the American public in the dark about its ability to gain access to information stored on our personal mobile devices. But it’s not that the FBI has just shut the door on this information — they’ve shut the door, closed the windows, drawn the shades, and refused to acknowledge whether the house that we’re looking at even exists. It’s imperative that the public gets meaningful access to these records regarding the federal government’s capabilities to access our phones and computers. Our privacy and security are at stake.”

Officials — not just in the U.S. but all Five Eyes countries — have been trying to find ways to force technology companies that develop encrypted communication applications to implement encryption backdoors that would make it easier for law enforcement to conduct investigations.

In the United States, the FBI is often provided as an example, with officials claiming that the agency’s investigations have been impeded by strong encryption — even though in many cases the FBI did manage to gain access to data on encrypted devices and their claims were sometimes found to be exaggerated.

Privacy and security experts have long argued that implementing encryption backdoors would allow not only law enforcement, but also malicious actors to access protected data. Nevertheless, lawmakers continue to try to find ways to pass laws aimed at ending what they call “warrant-proof encryption.”

Related: Inside GCHQ’s Proposed Backdoor Into End-to-End Encryption

Related: WhatsApp Defends Encryption as It Tops 2 Billion Users

Related: DoJ Again Asks for Encryption Backdoors After Hacking US Naval Base Shooter’s iPhones

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.


US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.