US DOJ: Companies need to trust gov't on cybersecurity

U.S. companies should recognize that criminal investigations are different from surveillance, a DOJ official says

The U.S. fight against cybercrime would be more effective if companies put more trust in the country's law enforcement agencies, a top U.S. Department of Justice official said.

The DOJ and private companies already cooperate on many cybercrime investigations, but more trust is still needed, said Leslie Caldwell[cq], assistant attorney general with the DOJ's Criminal Division.

"There's a tendency among the public, including private-sector technology companies, to a little bit conflate what the Criminal Division does with what other government agencies might do," Caldwell said Tuesday during a forum on cybersecurity in Washington, D.C.

Revelations over the past year and a half of U.S. National Security Agency surveillance have caused "an erosion of trust and a kind of a demonization" of the government, she said. Investigations by the DOJ's Criminal Division require search warrants and other court supervision, Caldwell added.

"I would like to see a little more feeling of trust" from private companies, she said, when asked how companies can help with cybersecurity investigations.

In addition to more trust, more engagement from private companies is needed, added Joe Demarest[cq], assistant director of the Cyber Division at the FBI.

But calls by DOJ officials for legislation to require mobile phone operating systems to include back doors in newly announced encryption tools may be a major stumbling block to additional cooperation. In recent months, FBI Director James Comey[cq] called on Congress to rewrite the 20-year-old Communications Assistance for Law Enforcement Act to allow for law enforcement agencies to access encrypted data on smartphones.

Comey has raised concerns about law enforcement access to criminal evidence on smartphones after Apple and Google both announced encryption tools for their mobile operating systems. Caldwell, on Tuesday, repeated those concerns.

Smartphone encryption probably "hasn't affected that many cases yet," but it's likely to become a problem for law enforcement, she said. "We really need to think long and hard about whether we want to create a zone of lawlessness that law enforcement can't access," Caldwell said. "I think that's a very dangerous precedent that's been set."

But Dean Garfield[cq], CEO of tech trade group the Information Technology Industry Council, said the tech industry will oppose efforts to pass a law requiring a back door in encryption tools. Such regulations would be "incredibly disruptive in a negative way," he said.

The decision to encrypt smartphone data is new and "largely driven by consumer choice," Garfield said at the same cybersecurity event. "It would be a mistake to have technology-specific regulation that's trying prohibit something that, from my perspective, has limited value and impact on national security," he added.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is

Join the CSO newsletter!

Error: Please check your email address.

Tags U.S. Department of JusticeInformation Technology Industry CouncilU.S. National Security AgencyJames ComeyJoe DemarestprivacycybercrimeU.S. FBIDean GarfieldLeslie CaldwellAppleGooglesecuritylegalgovernment

More about AppleDepartment of JusticeDOJFBIGoogleIDGNational Security AgencyNewsTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts