ENCRYPTION AS AN OBSTACLE FOR CRIMIMANL INVESTIGATION AND EVIDENCE COLLECTION
Keywords:
criminal investigation, electronic evidence, encryption
Abstract
Encryption has become an integral part of modern life. It is without a doubt of great importance for the realization of some of the basic human rights in the ubiquitous technical environment, for the daily use of numerous online services, as well as for the functioning of the Internet in general. On the other hand, the authorities in charge of detecting and proving crime are increasingly facing obstacles when accessing encrypted content. Namely, encryption represents a kind of challenge in the implementation of both general and special evidentiary actions. This paper is dedicated to understanding the technical aspects of this challenge. The author explains the basic principles on which encryption technology is based, pointing out the difference between symmetric and asymmetric encryption, between encryption of stored data and data encryption in transit, and between server-based and user-based encryption, and its implication for investigation of crime.
References
Abelson, Harold, et. al., “Keys Under Doormats: Mandating Insecurity by Requiring Government Access to All Data and Communications”, 2015, https://183 www.schneier.com/academic/paperfiles/paper-keys-under-doormats-CSAIL.pdf;
AO 442 (Rev. 11/11) Arrest Warrant, Case 2:18mj-00095-BAT, https://regmedia.co.uk/2018/03/13/vincent-ramos-arrest.pdf;
Arora, Mohit, „How Secure Is AES Against Brute Force Attacks?“, 5.7.2012, ЕЕ Times, http://www.eetimes.com/document.asp;
Australian Government, Department of Justice, Telecommunications (Interception and Access) Act 1979 Annual Report 2018–19, https://parlinfo.aph.gov.au/parlInfo/download/publications/tabledpapers/c424e8ec-ce9a-4dc1-a53e-4047e8dc4797/upload_pdf/TIA%20Act%20Annual%20Report%202018-19%20%7BTabled%7D.pdf;fileType=application%2Fpdf#search=%22publications/tabledpapers/c424e8ec-ce9a-4dc1-a53e-4047e8dc4797%22;
Bobic, Igor, Ryan Reilly, “FBI Director James Comey 'Very Concerned' About New Apple, Google Privacy Features,” Huffington Post, 25.9.2014, http://www.huffingtonpost.com/2014/09/25/james-comey-appleencryption_n_5882874.html;
Chang, Linus, „Client-side vs. Server-side encryption – who holds the key?“, EE News, 14.5.2018, https://www.eenewseurope.com/design-center/client-side-vs-server-side-encryption-who-holds-key;
Confessore, Nicholas „Cambridge Analytica and Facebook: The Scandal and the Fallout So Far“, New York Times, 4.4.2018, https://www.nytimes.com/2018/04/04/us/politics/cambridge-analytica-scandal-fallout.html
Doffman, Zak, „New Warning Issued For All WhatsApp And iMessage Users: ‘Major Threat’ To Encryption“, Forbes, 14.3.2020, https://www.forbes.com/sites/zakdoffman/2020/03/14/new-warning-issued-for-all-whatsapp-and-imessage-users-major-threat-to-encryption/#4d4518153f59;
Dropbox Security, https://www.dropbox.com/security;
Dwiti, Pandya et al., „Brief History of Encryption“, International Journal of Computer Applications 9/2015, 28-31;
Encryption: Symmetric and Asymmetric, https://cryptobook.nakov.com/encryption-symmetric-and-asymmetric;
Evans, Јаq, What is Perfect Forward Secrecy?, https://www.extrahop.com/company/blog/2017/what-is-perfect-forward-secrecy/;
Gargiulo, Michael, “VPN Encryption: What is it? How does it work?”, VPN, 13.12.2019, https://www.vpn.com/privacy/how-does-vpn-encryption-work;
Gill, Lex, Tamir Israel, Christopher Parsons, Citizen Lab and the Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic: Shining a Light on the Encryption Debate: a Canadian Field Guide, Toronto 2018;
Google Cloud Help – Security, https://cloud.google.com/security;
Google Privacy Policy, https://policies.google.com/privacy;
Hancock, Bill, „Appeals-court panel says export ban on encryption software is unlawful“, Computers & Security 4/1999, 278-279;
Hargreaves, Christopher James , Howard Chivers, „Recovery of encryption keys from memory using a linear Scan“, Proceedings of the 2008 Third International Conference on Availability, Reliability and Security. IEEE Computer Society, 1369 – 1376;
Hoboken, Joris van, Human rights and encryption, Paris 2016;
How does TOR browser work?, https://www.quora.com/How-does-TOR-browser-work;
iCloud security overview, https://support.apple.com/en-us/HT202303#:~:text=Data%20security,end%2Dto%2Dend%20encryption;
Hymas, Charles, „Facebook is threatening to hinder police by increasing encryption, warns Priti Patel“, Telegraph, 30.7.2019, https://www.telegraph.co.uk/politics/2019/07/30/facebook-threatening-hinder-police-increasing-encryption-warns/;
Internet Engineering Task Force, PKCS #5: Password-Based Key Derivation Function 2 (PBKDF2) Test Vectors, 2011, https://11 tools.ietf.org/html/rfc6070;
Levy, Steven, „Battle of the Clipper Chip“, New York Times, 12.6.1994, https://www.nytimes.com/1994/06/12/magazine/battle-of-the-clipper-chip.html?pagewanted=all;
Leyden, John, „Russian doll steganography allow users to mask covert drives“, The Daily Swig, 10.12. 2018, https://portswigger.net/daily-swig/russian-doll-steganography-allows-users-to-mask-covert-drives;
Li, Shujun, New information hiding technology to be commercialised by Crossword Cybersecurity, 5.03.2016, https://blogs.surrey.ac.uk/sccs/2016/03/05/new-information-hiding-technology-to-be-commercialised-by-crossword-cybersecurity/;
McMillan, Robert, „Facebook’s WhatsApp Launches ‘End-to-End’ Encryption“, WSJ, 5.4.2016, https://www.wsj.com/articles/facebooks-whatsapp-turns-on-encryption-by-default-1459869097;
Menn, Joseph, „Exclusive: Apple dropped plan for encrypting backups after FBI complained – sources“, Reuters, 21.1.2020, https://www.reuters.com/article/us-apple-fbi-icloud-exclusive/exclusive-apple-dropped-plan-for-encrypting-backups-after-fbi-complained-sources-idUSKBN1ZK1CT;
Microsoft, Description of Symmetric and Asymmetric Encryption, https://support.microsoft.com/en-us/help/246071/description-of-symmetric-andasymmetric-encryption;
Miller, Joe, “Google and Apple to introduce default encryption“, BBC, 19.9.2014, https://www.bbc.com/news/technology-29276955;
National Institute of Standards and Technology, Recommendation for Password-Based Key Derivation, 2010, http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf;
OECD Council Recommendation Concerning Guidelines for Cryptography Policy, C(97)62/FINAL, 27.3.1997, https://www.oecd.org/sti/ieconomy/guidelinesforcryptographypolicy.htm;
Писарић, Милана, Електронски докази у кривичном поступку, Нови Сад 2019;
ProtonMail, What is encrypted?, https://protonmail.com/support/knowledge-base/what-is-encrypted/;
Quinlan, Sayako Andi Wilson Thompson, A Brief History of Law Enforcement Hacking in the United States, 2016, https://www.newamerica.org/cybersecurity-initiative/policy-papers/brief-history-law-enforcement-hacking-united-states/;
Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, 2015, http://daccess-dds-ny.un.org/doc/UNDOC/GEN/G15/095/85/PDF/G1509585.pdf?OpenElement15;
Saunders, Kurt, „The Regulation of the Internet Encryption Technologies: Separating the Wheat from the Chaf“, John Marshall Journal of Information Technology and Privacy Law 3/1999, 945- 960;
Schneier, Bruce, History of the First Crypto War, 2015, https://www.schneier.com/blog/archives/2015/06/history_of_the_.html;
Schneier, Bruce, Applied Cryptography, Second Edition: Protocols, Algorithms, and Source Code in C (cloth), Indianapolis 2015;
Schwartzbeck, Michael, The Evolution of US Government Restrictions on Using and Exporting Encryption Technologies, 2014, https://www.cia.gov/library/readingroom/docs/DOC_0006231614.pdf;
Signal Terms & Privacy Policy, https://signal.org/legal;
Sloan, Robert, Richard Warner, „The Self, the Stasi, the NSA: Privacy, Knowledge, and Complicity in the Surveillance State“, Minnesota Journal of Law, Science & Technology 1/2016, 347-408;
Special Rapporteur of United Nations on the promotion and protection of the right to freedom of opinion and expression, Research paper on Encryption and Anonymity, 2018, https://www.ohchr.org/Documents/Issues/Opinion/EncryptionAnonymityFollowUpReport.pdf;
Swire, Peter, Kenesa Ahmad, “Encryption and Globalization”, Columbia Science and Technology Law Review 1/2012, 416-481;
Swire, Peter, Going Dark: Encryption, Technology, and the Balance Between Public Safety and Privacy, 2015, https://www.hsdl.org/?view&did=794328;
Telegram Privacy Policy, https://telegram.org/privacy;
Van De Zande, Paul, The Day DES Died, https://www.sans.org/reading-room/whitepapers/vpns/daydes-died-722;
Vaas, Lisa, „Five Eyes nations demand access to encrypted messaging“, Naked security, 1.8.2019, https://nakedsecurity.sophos.com/2019/08/01/five-eyes-nations-demand-access-to-encrypted-messaging/;
Vance, Cyrus, “Apple and Google Threaten Public Safety with Default Smartphone Encryption,” The Washington Post, 26.9.2014, https://www.washingtonpost.com/opinions/apple-and-googlethreaten-public-safety-with-default-smartphone-encryption/2014/09/25/43af9bf0-44ab-11e4-b4371a7368204804_story.html;
Villanueva, John Carl, Symmetric vs Asymmetric Encryption, Jscape, 15.3.2015, https://www.jscape.com/blog/bid/84422/Symmetric-vs-Asymmetric-Encryption;
What is off-the-record messaging (OTR)?, https://www.expressvpn.com/internet-privacy/guides/otr/.
AO 442 (Rev. 11/11) Arrest Warrant, Case 2:18mj-00095-BAT, https://regmedia.co.uk/2018/03/13/vincent-ramos-arrest.pdf;
Arora, Mohit, „How Secure Is AES Against Brute Force Attacks?“, 5.7.2012, ЕЕ Times, http://www.eetimes.com/document.asp;
Australian Government, Department of Justice, Telecommunications (Interception and Access) Act 1979 Annual Report 2018–19, https://parlinfo.aph.gov.au/parlInfo/download/publications/tabledpapers/c424e8ec-ce9a-4dc1-a53e-4047e8dc4797/upload_pdf/TIA%20Act%20Annual%20Report%202018-19%20%7BTabled%7D.pdf;fileType=application%2Fpdf#search=%22publications/tabledpapers/c424e8ec-ce9a-4dc1-a53e-4047e8dc4797%22;
Bobic, Igor, Ryan Reilly, “FBI Director James Comey 'Very Concerned' About New Apple, Google Privacy Features,” Huffington Post, 25.9.2014, http://www.huffingtonpost.com/2014/09/25/james-comey-appleencryption_n_5882874.html;
Chang, Linus, „Client-side vs. Server-side encryption – who holds the key?“, EE News, 14.5.2018, https://www.eenewseurope.com/design-center/client-side-vs-server-side-encryption-who-holds-key;
Confessore, Nicholas „Cambridge Analytica and Facebook: The Scandal and the Fallout So Far“, New York Times, 4.4.2018, https://www.nytimes.com/2018/04/04/us/politics/cambridge-analytica-scandal-fallout.html
Doffman, Zak, „New Warning Issued For All WhatsApp And iMessage Users: ‘Major Threat’ To Encryption“, Forbes, 14.3.2020, https://www.forbes.com/sites/zakdoffman/2020/03/14/new-warning-issued-for-all-whatsapp-and-imessage-users-major-threat-to-encryption/#4d4518153f59;
Dropbox Security, https://www.dropbox.com/security;
Dwiti, Pandya et al., „Brief History of Encryption“, International Journal of Computer Applications 9/2015, 28-31;
Encryption: Symmetric and Asymmetric, https://cryptobook.nakov.com/encryption-symmetric-and-asymmetric;
Evans, Јаq, What is Perfect Forward Secrecy?, https://www.extrahop.com/company/blog/2017/what-is-perfect-forward-secrecy/;
Gargiulo, Michael, “VPN Encryption: What is it? How does it work?”, VPN, 13.12.2019, https://www.vpn.com/privacy/how-does-vpn-encryption-work;
Gill, Lex, Tamir Israel, Christopher Parsons, Citizen Lab and the Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic: Shining a Light on the Encryption Debate: a Canadian Field Guide, Toronto 2018;
Google Cloud Help – Security, https://cloud.google.com/security;
Google Privacy Policy, https://policies.google.com/privacy;
Hancock, Bill, „Appeals-court panel says export ban on encryption software is unlawful“, Computers & Security 4/1999, 278-279;
Hargreaves, Christopher James , Howard Chivers, „Recovery of encryption keys from memory using a linear Scan“, Proceedings of the 2008 Third International Conference on Availability, Reliability and Security. IEEE Computer Society, 1369 – 1376;
Hoboken, Joris van, Human rights and encryption, Paris 2016;
How does TOR browser work?, https://www.quora.com/How-does-TOR-browser-work;
iCloud security overview, https://support.apple.com/en-us/HT202303#:~:text=Data%20security,end%2Dto%2Dend%20encryption;
Hymas, Charles, „Facebook is threatening to hinder police by increasing encryption, warns Priti Patel“, Telegraph, 30.7.2019, https://www.telegraph.co.uk/politics/2019/07/30/facebook-threatening-hinder-police-increasing-encryption-warns/;
Internet Engineering Task Force, PKCS #5: Password-Based Key Derivation Function 2 (PBKDF2) Test Vectors, 2011, https://11 tools.ietf.org/html/rfc6070;
Levy, Steven, „Battle of the Clipper Chip“, New York Times, 12.6.1994, https://www.nytimes.com/1994/06/12/magazine/battle-of-the-clipper-chip.html?pagewanted=all;
Leyden, John, „Russian doll steganography allow users to mask covert drives“, The Daily Swig, 10.12. 2018, https://portswigger.net/daily-swig/russian-doll-steganography-allows-users-to-mask-covert-drives;
Li, Shujun, New information hiding technology to be commercialised by Crossword Cybersecurity, 5.03.2016, https://blogs.surrey.ac.uk/sccs/2016/03/05/new-information-hiding-technology-to-be-commercialised-by-crossword-cybersecurity/;
McMillan, Robert, „Facebook’s WhatsApp Launches ‘End-to-End’ Encryption“, WSJ, 5.4.2016, https://www.wsj.com/articles/facebooks-whatsapp-turns-on-encryption-by-default-1459869097;
Menn, Joseph, „Exclusive: Apple dropped plan for encrypting backups after FBI complained – sources“, Reuters, 21.1.2020, https://www.reuters.com/article/us-apple-fbi-icloud-exclusive/exclusive-apple-dropped-plan-for-encrypting-backups-after-fbi-complained-sources-idUSKBN1ZK1CT;
Microsoft, Description of Symmetric and Asymmetric Encryption, https://support.microsoft.com/en-us/help/246071/description-of-symmetric-andasymmetric-encryption;
Miller, Joe, “Google and Apple to introduce default encryption“, BBC, 19.9.2014, https://www.bbc.com/news/technology-29276955;
National Institute of Standards and Technology, Recommendation for Password-Based Key Derivation, 2010, http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf;
OECD Council Recommendation Concerning Guidelines for Cryptography Policy, C(97)62/FINAL, 27.3.1997, https://www.oecd.org/sti/ieconomy/guidelinesforcryptographypolicy.htm;
Писарић, Милана, Електронски докази у кривичном поступку, Нови Сад 2019;
ProtonMail, What is encrypted?, https://protonmail.com/support/knowledge-base/what-is-encrypted/;
Quinlan, Sayako Andi Wilson Thompson, A Brief History of Law Enforcement Hacking in the United States, 2016, https://www.newamerica.org/cybersecurity-initiative/policy-papers/brief-history-law-enforcement-hacking-united-states/;
Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, 2015, http://daccess-dds-ny.un.org/doc/UNDOC/GEN/G15/095/85/PDF/G1509585.pdf?OpenElement15;
Saunders, Kurt, „The Regulation of the Internet Encryption Technologies: Separating the Wheat from the Chaf“, John Marshall Journal of Information Technology and Privacy Law 3/1999, 945- 960;
Schneier, Bruce, History of the First Crypto War, 2015, https://www.schneier.com/blog/archives/2015/06/history_of_the_.html;
Schneier, Bruce, Applied Cryptography, Second Edition: Protocols, Algorithms, and Source Code in C (cloth), Indianapolis 2015;
Schwartzbeck, Michael, The Evolution of US Government Restrictions on Using and Exporting Encryption Technologies, 2014, https://www.cia.gov/library/readingroom/docs/DOC_0006231614.pdf;
Signal Terms & Privacy Policy, https://signal.org/legal;
Sloan, Robert, Richard Warner, „The Self, the Stasi, the NSA: Privacy, Knowledge, and Complicity in the Surveillance State“, Minnesota Journal of Law, Science & Technology 1/2016, 347-408;
Special Rapporteur of United Nations on the promotion and protection of the right to freedom of opinion and expression, Research paper on Encryption and Anonymity, 2018, https://www.ohchr.org/Documents/Issues/Opinion/EncryptionAnonymityFollowUpReport.pdf;
Swire, Peter, Kenesa Ahmad, “Encryption and Globalization”, Columbia Science and Technology Law Review 1/2012, 416-481;
Swire, Peter, Going Dark: Encryption, Technology, and the Balance Between Public Safety and Privacy, 2015, https://www.hsdl.org/?view&did=794328;
Telegram Privacy Policy, https://telegram.org/privacy;
Van De Zande, Paul, The Day DES Died, https://www.sans.org/reading-room/whitepapers/vpns/daydes-died-722;
Vaas, Lisa, „Five Eyes nations demand access to encrypted messaging“, Naked security, 1.8.2019, https://nakedsecurity.sophos.com/2019/08/01/five-eyes-nations-demand-access-to-encrypted-messaging/;
Vance, Cyrus, “Apple and Google Threaten Public Safety with Default Smartphone Encryption,” The Washington Post, 26.9.2014, https://www.washingtonpost.com/opinions/apple-and-googlethreaten-public-safety-with-default-smartphone-encryption/2014/09/25/43af9bf0-44ab-11e4-b4371a7368204804_story.html;
Villanueva, John Carl, Symmetric vs Asymmetric Encryption, Jscape, 15.3.2015, https://www.jscape.com/blog/bid/84422/Symmetric-vs-Asymmetric-Encryption;
What is off-the-record messaging (OTR)?, https://www.expressvpn.com/internet-privacy/guides/otr/.
Published
2021/02/25
Section
Original Scientific Paper