Encrypted Data Posing Major Problem for Law Enforcement, DOJ Official Warns

Caldwell, who heads DOJ’s criminal division, said there's no longer much of a paper trail for any crime, only virtual trails. Physical evidence -- handwritten notes, documents or file cabinets full of paperwork -- “is growing scarcer by the day,” she said. “Our ability to track and prosecute criminals now really depends on instant messages, emails and other forms of digital information.” That's true of almost every kind of criminal case, she said.

As encryption becomes more common, it's becoming more difficult for law enforcement to obtain data, Caldwell said. “We find ourselves facing obstacles to our investigations and these are obstacles that can and do stop our investigations and our prosecutions in their tracks.”

Caldwell said DOJ understands that data security is important. “So too is the legal process that protects our values and, very importantly, our safety. These are complementary priorities. They are not competing priorities.” When prosecutors obtain a warrant from a court they need to be able to act on the court’s directive, she said.

An incident last May in Garland, Texas, outside the "First Annual Muhammad Art Exhibit and Contest" shows the problems encountered by DOJ, Caldwell said. Two attackers wounded a security guard in an assault before being killed themselves. One of the shooters exchanged 109 messages with an overseas terrorist before the attack and because the messages were encrypted law enforcement officials still don’t know what the messages said, Caldwell said. “That’s a big problem” that must be addressed, she said.

Digital technology has “greatly expanded and complicated our capacity to detect, investigate and prosecute crimes,” Caldwell said. “Today, by using new technologies, we can process and analyze evidence with really unprecedented speed and accuracy and precision. We’re able to coordinate with partners around the world in real time.”

The bad news is that criminals also have learned how to exploit the Internet, Caldwell said. “Our bank accounts, our personal information, are now fair game and all too readily and tempting to thieves … and not just in the United States, but all over the world,” she said. Arms traders and child pornographers alike are able to use dark websites to protect their identities, she said. All communication is increasingly based on emails and instant messaging, she said.

As DOJ seeks to protect devices, databases and networks, the department must work with the “executives, the entrepreneurs, the engineers and the companies who make America’s tech sector the envy of the world,” Caldwell said. Lynch meets with industry leaders from around the U.S. to encourage greater cooperation, she said. “Our door is always open to discussing new ideas to combating cybercrime,” she said.

The U.S. detects thousands of attempts at industrial espionage every day, Caldwell said. “Some companies are attacked thousands of times in a single day on a regular basis,” she said. “We see rogue militants and official cyberwarfare units targeting our infrastructure, she said.

DOJ puts much of its emphasis on prevention, Caldwell said. There's a real hunger for information about cybersecurity, she said. In July, working with the European Cybercrime Centre, the U.S. was part of a coalition of 20 countries that shut down the Darkode hacking forum, “an underground site where hackers met to buy, sell and trade malicious software, botnets, intrusion tools and stolen personal information,” she said. The operation “allowed us to charge, arrest or search 70 Darkode members and associates around the world.”

Growing cyberthreats mean DOJ needs to be “nimble, innovative and adaptive,” Caldwell said. “At the Department of Justice we are committed to staying ahead of the bad guys.”