As human activity has become increasingly digital, so too have crime and criminal evidence. Criminals increasingly take advantage of widespread encryption—often available by default—to facilitate drug trafficking, online child exploitation, human trafficking, and other crimes, and to impede detection, apprehension, or prosecution. In addition, the country faces myriad national security threats from terrorist groups and foreign rivals.
This chapter explores the interplay between the needs of law enforcement to obtain plaintext and potential alternatives to plaintext if it cannot be obtained because it is encrypted. Chapter 5 looks at options for law enforcement to obtain access to plaintext that is now encrypted.
Law enforcement officials and intelligence analysts have different missions and work with different tools, legal frameworks, and norms, but both are attempting to piece together events or future plans from incomplete or fragmented information.
The role of a criminal investigator is to identify the guilty party and obtain evidence for a conviction. In some cases, this involves exoneration of previous suspects once exculpatory evidence is uncovered. An investigator generally aims to gather evidence needed to bring a successful prosecution against a person or organization responsible for a crime or
to disrupt or prevent criminal activity. In order to successfully prosecute, either by trial or through a plea deal, the investigator must supply evidence of guilty actions and intentions beyond a reasonable doubt.1 Rules derived from constitutional and statutory law as interpreted by courts govern the ways in which investigators can access evidence, how they must share the evidence they gather with the defense, and how they must prove the reliability of the evidence in order to permit it to be introduced in court.
An intelligence analyst, by contrast, has goals that are less about proving a case in court and more about gathering information for a variety of purposes, whether about a particular adversary or to describe developments to policy makers. Foreign intelligence material is gathered, analyzed, and disseminated according to a set of policies and oversight controls within each intelligence agency. The gathering itself makes use of a broad range of techniques and tools, including some not available to law enforcement agencies.2 The degree of confidence that accompanies a particular assessment will vary, and it is up to the decision maker to assess its quality. Intelligence information and the sources and methods used to gather it are kept secret, and the targets of intelligence gathering are, unlike in criminal investigations, not usually afforded notice.
The ways people communicate, engage in commerce, and otherwise live their lives create information across a wide range of networks, devices, and communications streams. For example, the Pew Foundation has reported that only 8 percent of U.S. adults were on social media in 2005, 47 percent in 2010, and 69 percent in 2016.3 As is discussed below, this has two significant consequences for investigations: (1) the role of digital information in investigations is growing, and therefore loss of access owing to encryption has a greater impact, and (2) a wider variety and volume of digital information that may not be encrypted is also becoming available.
1 Most cases in the criminal justice system are settled through plea negotiations. Nevertheless, the evidence must be sufficient to convince a defendant to accept a plea.
2 For example, U.S. intelligence agencies working outside the United States could subvert the supply chain for technology used by a foreign intelligence target or leverage skills and computing power for decryption purposes without making these available to the law enforcement community more broadly.
3 Pew Research Center, 2017, “Social Media Fact Sheet,” January 12, http://www.pewinternet.org/fact-sheet/social-media/.
The new, varied, and growing pool of relevant information that may be available to investigators has provided the government with new resources and new challenges. In some cases, law enforcement officials are able to track individual locations through tools such as cell towers, transit passes, license plate readers, and geo-coded photographs and social media postings. Metadata, information about communications, or digital files other than their content can provide valuable information in some circumstances. Many apps capture metadata that often includes the user’s location; this source of information was not available to investigators a decade ago. The widespread use of cloud storage means that law enforcement has another potential source of evidence to turn to when they do not have access to the data on devices, either because the device is unavailable or the data on the device is encrypted. Not all of this digital information will be useful, however. Because storage is cheap or even free, people keep all sorts of non-noteworthy electronic documents forever.
At the same time, some forms of evidence that were previously generated and maintained in hard copy now exist only digitally. In some instances, this means that evidence found in new technologies is not necessarily in addition to, but rather may be instead of, former sources of evidence.
Some of that information is relevant to the mission of government agencies responsible for protecting the public. In the law enforcement world, that subset is generally thought of as evidence of a crime. For intelligence agencies seeking foreign intelligence,4 it is source material for collection. In either case, any reduction in access to that pool of relevant information may reduce their effectiveness at accomplishing their mission.
Investigators and analysts are seeking access to relevant information from a range of sources. Relevant information comes in many different forms. The prevailing conceptual model divides law enforcement needs into two broad categories: evidence in motion and evidence at rest. Evidence at rest can be relevant plaintext stored on a device or relevant plaintext stored on servers operated by a service provider or other third party. Evidence in motion is the target of real-time communications or data intercepts. This can take a traditional form, such as a phone call, or a cutting-edge form, such as messages exchanged over encrypted messaging applications like Signal.
Information used in investigations is sometimes divided into content and noncontent, or metadata. Metadata is generally defined as data that provides information about other data. When the term metadata arises
4 Foreign intelligence is “information relating to the capabilities, intentions, or activities of foreign governments or elements thereof, foreign organizations, or foreign persons, or international terrorist activities” (50 U.S. Code § 303).
in the encryption debate, it has multiple related meanings that are not always carefully distinguished.
One use of the term metadata comes from electronic surveillance law, in which a distinction is drawn between the protections afforded to communications content and those afforded to the noncontent, or metadata, associated with the content. For example, information about the phone numbers of parties to a call is distinguished from recordings of the call obtained from a wiretap.5 This distinction stems from law and court cases of the telephony era, and relies in part on the third-party doctrine, which holds that people do not have a reasonable expectation of privacy in information they voluntarily provide to third parties—in this case the telephone numbers given to the carrier so that the call can be placed.
In the context of government access to encrypted information and possible alternatives, the term metadata also refers more broadly to information that is associated with content that may be accessible in an unencrypted form even if the content itself is encrypted. Not all metadata is necessarily covered by the third-party doctrine; for example, a time stamp recorded when an encrypted file is created on a computer would be considered metadata about that file but would not have been provided to a third party if the computer is owned by the target of the investigation. Finally, metadata is sometimes used to refer to any noncontent information, even if not necessarily associated with a specific piece of encrypted data, that may be useful as an alternative source of information for an investigation if the encrypted data cannot be decrypted.
In addition to the communications metadata discussed above, a number of other forms of metadata are created by computer systems, including the following:
- Event-related data associated with communications streams provides information about the time, date, payload amount, and other details about a particular communications event but not the content.
- Addressing data can often be used to identify who is communicating, where they are located, and—depending on the specificity of the address—what content they are consuming (e.g., a particular URL).
- Metadata associated with a particular digital file, like the creation date, creation device, and other information stored with the content of the file, but separate from it, can provide information about when and where activity occurred.
5 The boundary between content and noncontent is less clear for Internet protocol (IP)-based communications. See S.M. Bellovin et al., 2016, “It’s too complicated: How the Internet upends Katz, Smith, and electronic surveillance law,” Harvard Journal of Law and Technology 30(1).
- Service logs and telemetry data created in the normal course of supporting software and reporting bugs can provide information on a user’s digital activity using that software.6
Metadata may not be meaningfully available in all cases. Some metadata is ephemeral and thus not available to investigators after the fact. In other cases, metadata may exist but its existence may not be known to investigators. Also, some kinds of metadata can be altered if one has the right tools and know-how, which may reduce its evidentiary value.
Some metadata may also be encrypted by either the service provider that creates it or only available to investigators as part of a communications stream or on a storage device that is itself encrypted. Other metadata, such as routing data—Internet Protocol (IP) address, e-mail address, or phone number—cannot easily be encrypted.
Encryption has significantly reduced the amount of plaintext that investigators can access. Several factors are responsible for this. One is a desire to provide robust encryption to individuals and organizations. Another is the effort being made by some companies to reduce their ability to access customer information or encryption keys. Such moves might be made for a variety of reasons. For example, a company might wish to eliminate the possibility that an error will cause customer data to leak (and thereby to reduce liability for such a loss) or seek to gain the trust of a customer who fears the provider might snoop on the customer’s trade secrets for a business advantage.
A recent Center for Strategic and International Studies report7 observed that the share of unrecoverable encryption as a share of total message traffic is likely to grow as instant messaging becomes increasingly dominant. The report notes that 3 of the top 12 mobile messaging apps have enabled end-to-end encryption by default. It estimates that 18 percent of message traffic is encrypted today and that this will grow to 22 percent by 2019 based on projected growth in the use of instant messaging. The report also estimates that roughly 47 percent of all smartphones and tablets in the United States have full disk encryption and observes that if Android devices adopt universal disk encryption, the vast majority
6 National Academies of Sciences, Engineering, and Medicine, 2016, Exploring Encryption and Potential Mechanisms for Authorized Government Access to Plaintext: Proceedings of a Workshop, The National Academies Press, Washington D.C., p. 44.
7 J.A. Lewis, D.E. Zheng, and W.A. Carter, 2017, Effect of Encryption of Lawful Access to Communications and Data: A Report of the CSIS Technology Policy Program, https://www.csis.org/analysis/effect-encryption-lawful-access-communications-and-data.
of smartphones in the world would appear to present serious barriers to law enforcement and intelligence agencies access.
Some, but certainly not all, of the data will remain accessible because data is often stored in more than one place. For example, although someone’s Gmail messages may be inaccessible from a locked and encrypted phone, these same messages will be stored on Google’s servers. Customer data stored by U.S. providers is, however, sometimes stored outside the United States. Whether U.S. providers can be compelled by warrant under current law to provide data stored overseas is currently before the U.S. Supreme Court.8
Law enforcement agencies have been reporting they are increasingly unable to unlock encrypted phones. In November 11, 2016, testimony to this committee, then–Federal Bureau of Investigation (FBI) General Counsel James Baker reported that for fiscal year 2016, the FBI had encountered passcodes on 2,095 of the 6,814 mobile devices examined by its forensic laboratories. They were able to break into 1,210 of the locked phones, leaving 885 that could not be accessed. The information Baker presented neither addressed the nature of the crimes involved nor whether the crimes were solved using other techniques. More recent figures were provided by Deputy Attorney General Rod Rosenstein in October 10, 2017, remarks at a U.S. Naval Academy conference: “Over the past year, the FBI was unable to access about 7,500 mobile devices submitted to its Computer Analysis and Response Team, even though there was legal authority to do so.”9 Similar figures were reported by FBI director Christopher Wray in an October 22, 2017, speech to the International Association of Chiefs of Police conference in Philadelphia, Pennsylvania. He pointed to more than 6,900 devices from which federal agents were unable to access the contents. Wray described it as a “huge problem . . . that impacts investigations across the board—narcotics, human trafficking, counterterrorism, counterintelligence, gangs, organized crime, child exploitation.”10
In November 2016, the Manhattan District Attorney’s Office reported that “423 Apple iPhones and iPads lawfully seized since October 2014 remain inaccessible due to default device encryption” and that 10 percent
8United States v. Microsoft Corp., S.C. Docket No. 17-2.
9 R.J. Rosenstein, 2017, “Deputy Attorney General Rod J. Rosenstein Delivers Remarks on Encryption at the United States Naval Academy: Remarks as prepared for delivery,” October 10, https://www.justice.gov/opa/speech/deputy-attorney-general-rod-j-rosenstein-delivers-remarks-encryption-united-states-naval.
10 M. Balsamo, 2017, “FBI couldn’t access nearly 7K devices because of encryption,” Washington Post, October 22.
of these devices “pertain to homicide or attempted murder cases.”11 That report also cites data from several other states, counties, and cities on the number or rate of locked devices and locked devices that could not be opened. In November 2017, the office reported that the number of locked and encrypted smartphones received by its digital forensics unit has increased steadily since 2014, reaching over half of all devices received. In the first 10 months of 2017, 1,283 smartphones were received by the office’s forensics unit; 466 of the 665 phones running iOS were locked, and 236 of the 618 phones running Android were locked. Also, according to the 2017 report, 160 state and local law enforcement agencies from 37 states that have started to track locked devices report a total number in the thousands.12
The U.S. Department of Justice’s National Strategy on Child Exploitation Prevention and Interdiction Working Group has looked at the impact of encryption in child pornography investigations. It conducted a survey in late 2015 to early 2016 of “more than 1,000 federal, state, local, and tribal investigators; law enforcement managers; prosecutors; analysts; forensic examiners; victim service providers; and [Department of Justice] grant recipients.” In the survey, more than 30 percent of respondents reported that the use of encryption by child pornography offenders has significantly increased.13
The data cited above strongly suggest that widespread encryption is having a serious and growing negative impact on the ability of law enforcement to collect relevant plaintext.
Although Director Wray provided a broad characterization of the crimes whose investigation is being impeded, and one can make assumptions about the nature of the cases being pursued by the Child Exploitation Prevention and Interdiction Working Group, there remains a lack of specific data about what kinds of investigations are being impeded and the extent to which investigations were successful by pursuing other routes.
The Administrative Office of the U.S. Courts reports annually on the number of federal and state wiretaps and the number of times that encryption is encountered. The 2016 report indicates that of the 3,168 state and federal wiretaps authorized that year, encryption was encountered in 57 state wiretaps and 68 federal wiretaps. Officials were unable to deci-
11 Manhattan District Attorney’s Office, 2016, Report of the Manhattan District Attorney’s Office on Smartphone Encryption and Public Safety: An Update to the November 2015 Report, November, http://manhattanda.org/smartphone-encryption.
12 Manhattan District Attorney’s Office, 2017, Third Report of the Manhattan District Attorney’s Office on Smartphone Encryption and Public Safety, New York, N.Y., November.
pher messages in 48 of the state and 53 of the federal wiretaps.14 It cannot be discerned from this information how often a wiretap was not sought because the data being sought was known to be encrypted nor what impact the inability to decrypt messages had on investigations. Finally, it is worth noting that a comparison of the number of wiretaps reported in the U.S. courts reports and those reported by service providers in their transparency reports suggests that the number of wiretaps (and thus, potentially, the number of instances where encryption was encountered) may be underreported by more than a factor of 2.15
Unfortunately, there are not more comprehensive and systemic data on the incidence and impact of encryption. Although existing data clearly show that encryption is being encountered with increasing frequency, the figures above do not give a clear picture of how frequently an inability to access information seriously hinders investigations and prosecutions. It is not straightforward to collect such data: it is time consuming, assessments of impact are inherently subjective, data sources are highly distributed, and there is no formal infrastructure in place for collection or reporting, especially at the state and local levels.
Statistics tell only one part of the story. The Manhattan District Attorney’s Office report describes how it is working with federal, state, and local partners to collect case-related information. The report cites examples collected by National Domestic Communications Assistance Center (NDCAC) of cases that could not be solved, including a violent home invasion in Louisiana; homicides in Massachusetts, Missouri, and New Jersey; identity theft and fraud in Missouri; a violent street gang investigation in Minnesota; and a child sexual assault in Tennessee.
To illustrate the national security challenges posed by encryption, 2015 testimony to the Senate Judiciary Committee by then–FBI Director James Comey and then–Deputy Attorney General Sally Quillian Yates described how encryption is used when recruiting terrorists:
With the widespread horizontal distribution of social media, terrorists can spot, assess, recruit, and radicalize vulnerable individuals of all ages in the United States either to travel or to conduct a homeland attack. As a result, foreign terrorist organizations now have direct access into the United States like never before. For example, in recent arrests, a group of individuals was contacted by a known ISIL supporter who had already successfully traveled to Syria and encouraged them to do the same. Some of these conversations occur in publicly accessed social networking sites,
14 Administrative Office of the U.S. Courts, 2016, Wiretap Report 2016, December 31, http://www.uscourts.gov/statistics-reports/wiretap-report-2016.
15 A. Gidari, 2017, “Just Security,” July 6, https://www.justsecurity.org/24427/wiretap-numbers-add.
but others take place via private messaging platforms. These encrypted direct messaging platforms are tremendously problematic when used by terrorist plotters.16
The timeliness of plaintext recovery matters. The extent to which it matters will differ depending on the nature of the investigation. For example, information is, generally speaking, needed more urgently in an investigation intended to prevent a crime than one collecting evidence after the fact. Similarly, it may be critical in some cases to collect evidence quickly to identify and apprehend a suspect, while in others, the goal may be to gather evidence to support a prosecution after a suspect has been identified.
Further, information is not fungible. It is not always possible to accomplish a particular aim with different information, either content or metadata, from another source. Location information and other metadata are extremely useful for understanding patterns and networks of people, but less so for motivations and plans. Location information or metadata would be very useful if the government’s object were to determine where a particular exchange of packages occurred, for example, but would be less useful in determining what was in the packages. The law enforcement community thus argues that it is more difficult to convince a jury of criminal intent using metadata evidence than with content evidence.
It is unclear how manageable the loss of access to information owing to encryption is for the intelligence community, but it is likely to be less of a game-changer for a variety of reasons. At least with regard to nation-state targets, the intelligence community has long been confronted by the use of encryption. The intelligence community has substantially more resources and can develop highly specialized solutions that do not need to be scalable. The intelligence community also typically operates outside the United States and thus under more permissive rules than those that govern domestic law enforcement activities. Finally, intelligence analysis is often based on inferred conclusions and is not held to a standard of beyond a reasonable doubt.
Encryption is not the only impediment to law enforcement use of relevant plaintext; there are significant training, resource, capacity, and technology barriers to digital evidence-gathering. The challenge will grow as new technologies, and thus sources of information, are introduced. In addition, law enforcement must deal with a wide array of firms that may hold data relevant to an investigation and the diverse range of procedures
16 J. Comey, 2015, “Going Dark: Encryption, Technology, and the Balances Between Public Safety and Privacy: Joint Statement with Deputy Attorney General Sally Quillian Yates Before the Senate Judiciary Committee,” Federal Bureau of Investigation, July 8, https://www.fbi.gov/news/testimony/going-dark-encryption-technology-and-the-balances-between-public-safety-and-privacy.
these firms will put in place for working with law enforcement. A related challenge is that the novelty of the technology and associated legal issues means that both law enforcement agencies and companies are likely to encounter unsettled law—the resolution of which can delay the government’s access to data. Finally, companies are increasingly distributing data across multinational networks—for example, to store data closer to where it is used. As a result, some relevant plaintext in domestic cases is accessible only through international legal mechanisms that may be slow and cumbersome, as well as unfamiliar to most state and local law enforcement investigators. See the introduction to Chapter 6.
As investigators and analysts lose access to some relevant plaintext because of encryption, they will look to alternative ways to accomplish their goals. Put another way, the real issue for investigators is not whether they can obtain needed information from a particular source but whether they can obtain the needed information from some source in a sufficiently reliable, timely, and scalable manner. In some cases, this will be traditional sources like witness interviews, physical surveillance, or biological evidence. In other cases, investigators turn to other sectors of the digital world. Even as encryption hampers access to some evidence, new sources of evidence are becoming available. At the same time, some forms of evidence that were previously generated and maintained in hard copy now exist only digitally. One key issue is how useful the new forms of evidence are. Another is how the costs and benefits of exploiting those new sources compare to those from compelled decryption through an exceptional access mechanism. Finally, in some cases, technology enables law enforcement to gather and utilize evidence far more cheaply and efficiently than has been possible in the past.17
17 See, for example, Justice Samuel Alito’s concurring opinion in United States v. Jones, 132 S.Ct. 945 (2012):
Traditional surveillance for any extended period of time was difficult and costly and therefore rarely undertaken. The surveillance at issue in this case—constant monitoring of the location of a vehicle for four weeks—would have required a large team of agents, multiple vehicles, and perhaps aerial assistance.
An estimate of such costs by Bankston and Soltani, which looked at the cost of acquiring location information (but not analyzing it), shows that the cost of tracking a suspect has dropped dramatically as a result of communications technology. They estimate that tracking using a team of plainclothes police and unmarked cars would be about $275 an hour. A GPS device placed on a suspect’s car would cost only $10 an hour (but note that a search warrant is required to do this), while tracking a suspect using their cell phone signal would
Broadly, the new sources of digital information potentially useful for law enforcement fall into three categories: (1) gaining access to content using new techniques, (2) exploiting new sources for content that might supplement or substitute for plaintext, and (3) using metadata.
If access to content is hampered by encryption, investigators can attempt to gain access without the cooperation of the manufacturer or service provider by intruding into a system where plaintext is resident, but proper legal authority and oversight is necessary. Such “lawful hacking” has a range of benefits and challenges on its own—in particular, it tends not to be scalable and is best applied to a small number of targeted devices. See the section “Legal Aspects of Lawful Hacking” in Chapter 5 for more discussion.
Current and emerging technologies offer potential new sources for content and metadata. Some alternative sources of plaintext as well as kinds and sources of metadata are enumerated below with the objective of giving the reader an understanding of the alternatives and their utility. Application of the framework proposed by the committee will involve deeper examination of specific solutions. Some possible alternative sources include the following:
- Many devices and operating systems provide for online or cloud storage of some customer information. Provided there are business reasons to keep content unencrypted or business requirements or customer demand to recover data when passwords are forgotten, much of this data should be available with appropriate legal demands. Of course, the cloud data is not always complete or current, and its presence or absence will depend on what backup features have been implemented and what options the device owner has selected. Moreover, it is technically possible for providers to implement encryption so that they do not have access to decryption keys, and some services provide this option.
- Stored e-mail, photos, and social network posts can all provide information on interests, intentions, activities, and intentions. Their availability to investigators will depend on the data-retention policies of the service providers.
- The location history of mobile phone users can be obtained from cell service providers. In addition, many smartphone applications themselves capture location information and transmit it to the providers of services associated with those applications.
- Smartphones often synchronize contacts and other data with auto
be even cheaper. See K.S. Bankston and A. Soltani, 2013, “Tiny constables and the cost of surveillance: Making cents out of United States v. Jones,” Yale Law Journal Forum 123:335.
mobile infotainment systems and telematics systems. These systems also store information about vehicle usage.
- “Connected homes” contain data on smart thermostats and appliances. Many devices in the home, such as smart televisions and personal assistants, continuously listen for and respond to voice commands and may retain buffered information about the user’s activity. Service providers are adopting technical measures to limit data retention to protect user privacy and have asserted constitutional defenses to producing such data, however, and its future utility is not certain.
- Worn or implanted technology, such as fitness monitors and pacemakers and insulin pumps controlled from smartphones, provide information about the activities of their users and may produce useful evidence in some cases.18
Of course companies could choose to limit the collection of such information if, for example, customers express concerns about privacy or the ability of the government to obtain this information and assuming it is not necessary for their service or business model.
As discussed above, metadata is another alternative to content that at present is not usually encrypted. It is especially valuable for providing information about “who,” “where,” and “when.” For example, “to” and “from” Internet protocol addresses can be used to map criminal networks. Without access to the content of messages and stored data, one cannot directly determine “what”—such as the plans and intentions of criminals—although this information can sometimes be inferred from metadata.
In each instance where an alternative source of evidence is identified, then, it is reasonable to ask (1) the extent to which it can meet law enforcement needs and (2) how much additional effort, training, or cost it will take to gather the alternative evidence as compared to exceptional access to plaintext.
One issue that arises in comparing alternatives is the appropriate baseline. One view is to ask to what extent alternative sources can replace plaintext now inaccessible owing to encryption. Another is to take into account the recent growth of opportunities for government surveillance—such as widespread adoption of cellphones in the 1990s and smartphones a decade later—that may help offset information lost to encryption. A third perspective is to consider the growing importance of digital evidence in all investigations. Beyond these points, many, if not all, of the questions
18 G. Ballenger, 2017, “New form of law enforcement investigation hits close to the heart,” Slate, July 19, http://www.slate.com/blogs/future_tense/2017/07/19/a_man_s_pacemaker_data_will_be_used_against_him_in_court.html.
in the framework set forth in Chapter 7 are relevant to evaluating the net costs and benefits of proposed alternatives to accessing encrypted content.
Whatever the baseline, it will be important to rigorously evaluate the impacts of encryption, proposed approaches for exceptional access, and the utility and cost of proposed alternatives. Such an effort would be facilitated by more rigorous data collection about the impact of encryption on federal, state, and local law enforcement and the effectiveness and costs of alternatives.