The Challenge Encryption Poses in Multiple Mediums
Today, the vast majority of communications are digital, and as a result the use of bulk encryption is now widespread—more sophisticated and harder to penetrate than ever.
The situation has created an interesting dichotomy between law enforcement, user privacy and exceptions to the rules. While encryption ensures the protection of national security (protecting content from being accessed or understood should it fall into nefarious hands), the widespread use of robust non-key recovery encryption has made the ability to track the criminal activity of gangs, drug lords and even terrorists, extremely challenging—and in some cases, impossible.
Matters came to a very public head in December 2015 following the San Bernadino shooting. The FBI was unable to access the iPhone content of the shooter due to its advanced security features, including encryption of user data. The FBI first asked the National Security Agency (NSA) to break into the phone but they were unable to. At that point the FBI asked Apple to create new software that would enable the FBI to unlock an iPhone. Apple declined to do so.
In a similar case in Brazil, a court decreed a nationwide outage of Whatsapp for non-cooperation with an investigation into a bank robbery gang.
The reality is that today’s law enforcement has increasing difficulty accessing smartphone content without a password as a result of full device encryption. So how can law enforcement access communications content as part of an investigation and what are the encryption challenges?
1. Legally warranted search and seizure of the device—whether a computer, smartphone or tablet.
The technology used to extract communications depends on the channel used (SMS, email, social network, etc.) but in general is based on accessing the conversation history. Almost all such channels store conversation data in historical databases for the convenience of the user. In most applications, this history is stored in the device for performance reasons. In addition, this communication history is usually organized in some form of database format specified by its application engineering. The application’s engineering can also implement security measures for cases where a device falls into the wrong hands.
For SMS/instant messaging, different applications have different philosophies for handling historical conversation content. As of 2016, Whatsapp for example decided to adopt an end-to-end encryption method whereby it claims it can no longer access its users’ communications content in the interest of ensuring privacy.
2. Monitoring conversations and the device via spy software
A more aggressive way to monitor communications is via spy software, which allows law enforcement to monitor and capture conversation content as it is being created or read by the suspect. Hacking Team, an Italian company, sold a spy software package called Galileo to governments and police forces around the world that delivered, among other features, the content of text message conversations including WhatsApp. This type of technique is challenging to implement as it depends on successful installation of the spy software on the device in use by the suspect.
3. Accessing data in transit via warrant served to a telephone system operator
The sampling of data in transit on a telephone operator’s system is known as ‘telematics interception’. All traffic that is sent and received by a target mobile device via the carrier's telephone network is saved in a file— this makes a database of all the ‘packets’ (the smallest set of addressable data between the mobile device and the antenna carrier) creating the traffic. An analyst uses specialized software for both telematics interception and easy interpretation of the packets. If, however, the endpoints (sender and receiver) are employing encryption before being sent over the telephone operator’s network, then the data would be inaccessible.
4. Accessing data on servers via warrant served to the parenting company
In a scenario where an instant messaging service uses a server to which both the sender and receiver of messages need to connect, it is typical to store both of these messages either in unstructured formats (simply known as ‘log files’) or in a structured database. Content can be easily retrieved in this situation.
As the demands of law enforcement grow, so do the concerns of privacy and consumer activists. Companies like Google, Facebook and others have so far proven themselves to be firmly on the side of their customers, deploying ever more sophisticated encryption methods to keep information secure.