One of the hottest topics currently is the FBI vs Apple battle over encryption, in that the FBI wants Apple to rewrite their operating system in order for law enforcement to bypass Apple’s encryption. The arguments on both sides are strong. Law enforcement must have the ability to bypass encryption in the name of national security. Conversely, consumers (in the USA at least) are afforded protections in the Constitution against unreasonable search and seizure. The third part of this argument is security and safety of ALL electronic data. If the legal argument stands that encryption is outlawed, that puts all data at risk of being compromised by criminals, disgruntled employees, and lackadaisical custodians of data.
Apple Fights Order to Unlock San Bernardino Gunman's iPhone - New York Times
http://news.google.com Thu, 18 Feb 2016 02:59:37 GMT
New York TimesApple Fights Order to Unlock San Bernardino Gunman's iPhoneNew York TimesApple executives had hoped to resolve the impasse without having to rewrite their own encryption software. They were frustrated that the Justice Department had aired its demand in public, according to an industry executive with knowledge of the case ...Google's CEO just sided with Apple in the encryption debateThe VergeOn Apple, the FBI, encryption, and why you should be worriedVentureBeatApple, The FBI And iP ...
Encryption does not explicitly have to be banned to outlaw encryption. Once a legal requirement of encryption having backdoors is created, encryption is effectively outlawed.
But I’m not writing about the legalities of encryption, nor the Constitutional protections of being secure in your home and possessions. There are many others debating those issues. I’m writing about the practical law enforcement investigative efforts with encryption being a small sliver of the topic. By the way, much of the 'encryption protections' marketed by providers such as Apple is pure marketing...access already exists in many instances.
Apple can read your iMessages despite them being encrypted - SC Magazine
http://news.google.com Wed, 27 Jan 2016 16:30:40 GMT
SC MagazineApple can read your iMessages despite them being encryptedSC MagazineDespite Apple taking a pro-encryption stance, with its CEO Tim Cook insisting that iMessages are safely encrypted, it turns out that if users backup data using iCloud Backup, they need to be aware that although Apple stores the backup in encrypted form ...
For example, law enforcement receives an abundance of training on an annual and ongoing basis for an entire career. This training covers everything from blood borne pathogens to the application of deadly force. Investigators receive so much training in how to conduct investigations that range from a broad overview of criminal investigations to specific courses on blood spatter patterns, that any investigator can probably be considered an expert in their respective fields. I stopped counting my formal training hours after it went well over 2,000 hours. That’s 2,000 hours of formalized, in the classroom training. I’d guess I have close to 3,000 hours now. Investigators know how to do an investigation and do not need to bend Constitional Rights to do an investigation. The ends do not justify the means.
So consider the amount of training law enforcement receives. Encryption is one small sliver. It is so small that investigators don’t even take training in it unless they are dedicated digital forensic analysts. Encryption is such a small concern in most cases that encrypted files are many times ignored in the investigations simply because there is so much more overwhelming evidence to make the case that fighting with an encrypted file or system isn’t worth the effort without knowing how long it will take to crack it (if ever).
And that is my point, or at least one of my points.
To be fair, I am not discounting the importance that encrypted files and systems can give to an investigation. But at the same time, I personally know of cases were suspects have purposely created thousands of encrypted files on storage media that contained meaningless data for the sole purpose of making an investigator’s job difficult.
My point is that investigators have such an array of investigative tools that they do not need to dip into areas where a person’s possessions and papers are no longer secure. Although television’s CSI typically exaggerates the tools and capabilities available, there are some neat things that do some neat stuff that you can’t buy off the shelf at Radio Shack. To the extent the government wants backdoors in encryption, they may as well as for a masterkey for every safe made...just in case they can't force open a safe. Would you ever purchase a safe knowing that someone (or many people) have a master key to your safe?
In the area of providing backdoors in encrypted devices, I am on the edge of saying that if anything, this leans in the area of laziness. I have seen only ONE case where the only evidence was on one laptop which was encrypted. All other evidence was circumstantial and would have made a difficult trial. That laptop, to this day and my knowledge, sits encrypted in evidence after years collecting dust. The suspect walked away, no charges. Highly frustrating.
But that was the only case that I am personally aware. I don’t know how many more are similar, but my guess is that the ratio is about the same. But even if there were dozens of cases, I do not believe that waiving personal protections is worth those cases. In those cases, investigators need to do more work to find evidence NOT stored in the device. Yes, that means getting out of the office.
Not that I disagree with the ‘easy way’, but I do believe that some things must be done the ‘hard way’. That is just the way it is. I started in law enforcement before the Internet took off for the average consumer and I left law enforcement when the Internet became what it is today. I have seen investigators sit at their computers on a daily basis and leaving the office usually meant grabbing a cup of coffee at Starbucks. Long term surveillance became a thing of the past for many. Surveillance sometimes was not even on some investigators’ mind at all! The entire tradition of being a gumshoe detective has been lost on so many. About the only thing to get some detectives out of the office was the promise of overtime.
Back to the encryption issue. First, be prepared for analogy after analogy about how we should (and should not) have back doors in encryption. Remember, any backdoor requirement negates the encryption, as in, it will no longer be encryption when anyone can have the key to access it. Analogies don’t always work well, but they are already being used to argue for (or against) backdoors. Probably the best analogy in this encryption issue is that the government is simply asking you to give them a key to the backdoor of your home, and they are asking you to trust they will only use it when and if they need it. That completely negates the security of your home.
Second, be prepared to hear that terrorists will not be found and criminals will go free. Well, that is true, always has been, and always will be. The government is restrained by the Constitution. But even with the restraints, you have no idea of the absolute power a search warrant gives law enforcement until you have held one in your hands, forced your way into a person’s abode, and looked into every nook and cranny with unfettered access. To say law enforcement needs more power than that is to say we don’t need protections against unreasonable searches and seizures.
I have also read comments where people have said, “I have nothing to hide, go ahead and look at what you want.” I totally support that argument. Anyone can waive their individual rights whenever they want. I’ve read Miranda Warnings more times than I can count and asked every person if they wanted to waive their rights. Most did. I wouldn't. Speaking of Miranda warnings, when the warnings were required to be given (if the suspect was in custody and being questioned), I can imagine the investigators crying over how cases will never be solved because we are telling criminals to not talk. Well...that didn't pan out. They still talk and will always talk and always confess. Some never will, regardless if they are given Miranda warnings, but the point remains that investigators must, and do, work within legal limits.
Where I diverge on a person waiving their rights is where everyone must be forced to waive their rights by having all their electronic devices and data accessible by law enforcement. Again, once there is cause (probably cause), law enforcement can get pretty much anything they want, from kicking down a door to seizing all the funds in a bank account. If technology eventually allows access into highly encrypted files, then they can have that too. You don't have to open your door for the police, but if they have a warrant (or other authority, such as exigent circumstances), they will open the door.
As much as I would hate to see Apple close its doors, I would hope that if they lose the encryption battle, Apple simply shuts down in protest. Consumers are already suspicious of companies that have covertly cooperated, without warrants, to capture and analyze data, and snoop everyone’s phone calls regardless if any individual was suspected of a crime. It’s not that you don’t have something to hide, you just don’t want someone from the government watching you in your home through a compromised webcam to make sure you aren’t doing something wrong.
The last point to make is that banning encryption is like banning anything. It doesn’t work. Banning something only makes new criminals out of non-criminals, allows criminals the only people to possess the banned things, and creates a black market. If guns are banned, criminals will still have guns. Citizens who refuse to turn in their guns…they become criminals. And guns will still be available on the black market. This is the same for encryption. It will still be available and still used by criminals and terrorists. The only people who won’t use encryption (or who agree to allow backdoors) are those who wouldn’t be using it illegally anyway.
I feel for any investigator fighting an encrypted device for file (been there, done it, still doing it). But a backdoor will not fix the problem. If Apple folds like a cheap card table and builds a backdoor, guess who won’t be using Apple products…criminals and terrorists… They will find something else, which leaves everyone else using an Apple product to know the security has been compromised. The problem is not solved, it is multiplied.
I’m not bashing law enforcement, but I am saying to them that rather than trying to make laws and force private companies to do their bidding, get out of the office and work. Follow suspects around. Dig through garbage in trash runs. Interview witnesses. Develop informants. Work undercover. Build cases. You don’t need 100% into everything from your desktop to build a case.
As far as the criminals and terrorists go…it does not matter how much they know about the limitations and extent of authority law enforcement has, because a good investigator can make a good case on any criminal or terrorist. I mean it. There is not a criminal alive that can remain at large if a good investigator puts a case on him (or her). Encryption? So what. Find evidence elsewhere, because if the only evidence you have is an encrypted device or file, you really don’t have much of a case. Dig and you will find.
Dear God do I applaud this post!!!! I'm going to have to share this. I spoke with a Apple programmer yesterday and they told me that Apple's encryption algorithms are already public. If that is so.. Why isn't the Govt already decrypting the data? Or finding someone who can? I think you hit the proverbial 'nail on the head' when you stated the word "Laziness" Well Done!
Awesome, Brett! Makes me feel good to know that you and I are on the same side of this issue...you're just a heck of a lot smarter and more articulate about it than I am!
By accepting you will be accessing a service provided by a third-party external to https://brettshavers.com/
Be sure to check out my DFIR Training website for practically the best resources for all things Digital Forensics/Incident Response related.
© 2023 Brett Shavers