EFF files suit to seek answers on secret decryption orders

The EFF said that all significant orders filed in the secret government "must be declassified" under new legislation, passed in the wake of the Edward Snowden disclosures.
Written by Zack Whittaker, Contributor

US Dept. of Justice in Washington DC. (Image: file photo)

A leading privacy group is suing the Justice Dept. to determine if the government has ever secretly forced a company to decrypt customer data.

The Electronic Frontier Foundation (EFF) said in a blog post on Tuesday that the government must disclose if it's ever sought or obtained an order to force companies to unscramble data from the secretive Foreign Intelligence Surveillance Court (FISC), which authorizes state surveillance requests.

It's a practice that the privacy group said "could undermine the safety and security of devices used by millions of people."

The lawsuit, posted online, argues that an order of that scope and scale should be made public.

Under the new Freedom Act, which last year replaced parts of the Patriot Act, the privacy group said the government is mandated to declassify "significant" decisions made by the secretive Washington DC-based court.

The Freedom of Information (FOIA) lawsuit comes just a month after the government ended its public battle with Apple, in which the company refused to help law enforcement gain access to the iPhone used by one of the San Bernardino shooters because the company built newer smartphones to be inaccessible to everyone except the owner.

Other companies, including Google, Facebook and WhatsApp, and Yahoo, have in recent months and years pushed for greater security and stronger encryption across their apps, products, and services, in an effort to not only keep out hackers and intrusive intelligence agencies.

But it's not known if any of those companies have been forced to comply with secret demands to decrypt user data.

Last month, we revealed that the US government had used the secret court to demand source code from tech companies. Obtaining a company's source code makes it radically easier to find security flaws and vulnerabilities for surveillance and intelligence-gathering operations.

"If the government is obtaining FISC orders to force a company to build backdoors or decrypt their users' communications, the public has a right to know about those secret demands to compromise people's phones and computers," said Nate Cardozo, a senior staff attorney at the EFF.

"The government should not be able to conscript private companies into weakening the security of these devices, particularly via secret court orders," he added.

Editorial standards