Exploring Encryption and Potential Mechanisms for Authorized Government Access to Plaintext Proceedings of a Workshop (2016) / Chapter Skim
Currently Skimming:
6 Session 4. Technical and Policy Mitigations for Inaccessible Plaintext
6 Session 4. Technical and Policy Mitigations for Inaccessible Plaintext
Pages 31-38
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 31... ...
THE THREAT OF CYBERCRIME Landau noted that cybercrime has topped the U.S. Worldwide Threat Assessment list in both 2015 and 2016.1 Although domestic cyberattacks from international actors are not common currently, she cautioned that they could increase.
|
From page 32... ...
The increasing rate of state and local wiretap requests is significant, Landau noted, because those agencies have very different needs and resources than the federal agencies. Landau referred to James Burrell's statements concerning the FBI's Operational Technology Division (responsible for digital forensics, tactical operations, and other functions)
|
From page 33... ...
Landau wondered how local police might handle a fully encrypted phone today, given the technological changes of the past 5 years. LAWFUL HACKING Citing a paper she coauthored,3 Landau turned to the topic of lawful hacking.
|
From page 34... ...
Marshals Service an average of 44 days to track fugitives, Landau noted that with cell phone surveillance, now it takes only 2 days. Landau provided another example from 2009, when Boston police were able to catch the "Craigslist killer" after analyzing closed-circuit television images and cell phone records from the hotel where the murder occurred.
|
From page 35... ...
If technology weakens data security, the courts tend to step in to increase legal protections. In the current encryption landscape, he argued that that the technological protection will likely grow, and so the courts will give technology less legal protection.
|
From page 36... ...
Gillmor argued that targets of investigations should be notified when the government breaks into their software or device through lawful hacking. Taking a lesson from wiretapping procedure, Landau replied that the law requires that a person wiretapped in a law enforcement investigation be notified 90 days after the tap has ended.9 For an intelligence wiretap, the target is notified only if content from it is used in court.
|
From page 37... ...
Gillmor then questioned whether Kerr's balance theory is right, noting that he has not seen an increase in legal protections for metadata even as people develop more technologies to curtail it. In response, Kerr noted some examples of protection of metadata, such as the California Electronic Consumer Protection Act, which requires a warrant for pursuing electronic surveillance and metadata warrant protections (several courts have stated that metadata are protected by the Fourth Amendment)
|
From page 38... ...
One caveat, as mentioned in the lawful hacking paper cited above,12 is that the obligation for immediate disclosure might be stronger in the context of law enforcement than in the context of national security, she said. This is because law-enforcement investigations are generally within the United States; therefore, a vulnerability that works for accessing one criminal's phone is likely to also be present in many other phones in use by legitimate users in the United States, she explained.
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.