SAN FRANCISCO — Tech companies could provide keys to decrypt information to third-party entities, a senior Justice official said, describing one way the private sector might enable law enforcement’s warranted access to encrypted data for criminal investigations while preserving privacy under a legal framework.
“I believe they can coexist,” John Demers, assistant attorney general for national security, told reporters Monday ahead of the RSA cybersecurity conference. Demers challenged a broadly-held belief among privacy advocates that it is impossible to retain end-to-end encryption for cybersecurity while allowing law enforcement special access to the coded data.
As Justice officials stress they need access to investigate egregious crimes such as child sexual exploitation and trafficking, opponents say there is no “technical solution” to allow law enforcement in without undermining everyone’s privacy.
One solution could be escrowed encryption, where a third party holds the decryption keys. A Cisco-certified expert blog on the issue argues human reasons, more than technical or legal ones are why escrowed encryption is largely unworkable. The scenario raises big unanswered questions: which encryption keys should be put in escrow, what entities should act as trusted third parties, can the security for the database of decryption keys be ensured or would the database be vulnerable to bribable employees?
Demers acknowledged some people say law enforcement access and end-to-end encryption “can’t coexist,” but pointed to laws established in Australia and the United Kingdom as examples of how he said other ..