Nicholas Weaver is a computer security researcher at the International Computer Science Institute in Berkeley, Calif.
If the FBI’s reports are correct, encryption technology is making the world “go dark”: making it difficult for its agents to collect information on potential criminals. But does this technology really have such a significant effect, or does the addition of cryptography just add a small cloud to an otherwise sunny day?
Just as the Fourth Amendment makes work more difficult for the police by protecting the innocent and guilty alike, cryptography does the same thing. Encryption protects information from unauthorized access while device encryption blocks those without a password from accessing data while encrypted communication prevents eavesdroppers from listening in. It doesn’t matter if the eavesdropper is a criminal, a spy, a jealous spouse or a criminal investigator, good encryption systems should block them all.
Practically every expert agrees that cryptographic backdoors imperil security, and no amount of “cybering harder” will change this. Yet even though encryption technology can be used to deny an investigator’s access to a suspect’s information, its existence doesn’t mean that police forces are powerless.
Let’s examine a hypothetical investigation into Johnny Badguy. To plan and execute his crimes, Johnny uses an iPhone with encrypted features — such as disk encryption that prevents anyone without the pass code from accessing the data and iMessage which encrypts messages in transit — that have drawn the ire of FBI Director James Comey.
Suppose that FBI investigators know Johnny’s phone number and have sufficient probable cause for a wiretap, a lesser warrant or subpoena. The cryptography on iMessage prevents the investigator from reading Johnny’s messages, but the metadata — a record of each message sent — still creates a picture of when, how much and with whom Johnny uses his phone to communicate. In a day with 109 encrypted messages with another known bad guy, the encryption never hid the most important message: that Johnny actively communicated 109 messages with the other known suspect. This represents just the start of an investigation to create a “pattern of life” picture of Johnny’s behavior. If the investigator knows everything Johnny does, everyone he talks to and everywhere he goes, how much does it matter that the investigator doesn’t know what Johnny says?
The information that Apple has to provide to the FBI in response to their warrant doesn’t just include metadata: unless Johnny explicitly disables iCloud backup, it also includes a copy of all undeleted messages, all his contacts, his email accounts and his photographs. Even without iCloud backup, the warrant to Apple will likely identify Johnny’s Google account as well as his most likely “recovery email.”
Google can provide even more information once the investigator identifies Johnny’s account: Every IP address used to log into the Google account can recreate Johnny’s movements — the same information used by the FBI to unmask former CIA head David Petraeus’s affair. If Johnny stays logged into Google through his browser, investigators have access to Johnny’s search history and, thanks to how the Google+ button operates, a large number of the pages Johnny has viewed.
A warrant served to Johnny’s phone company will give FBI investigators the movements of the phone itself, as every call, text or push notification records at least the cell tower and sector, which says Johnny was in a particular wedge-shaped location occupying a few square miles.
This warrant can also request that the cellular carrier turn on E-911 tracking, following the phone’s movement in real time. Finally investigators can ask for a “tower dump,” giving a list of all other phones in the area to identify Johnny’s co-conspirators when they meet. Even the CIA can’t reliably evade the power of cellphone tracking, as both Italy and Greece used cellular tracking to identify the CIA agents who acted without permission to kidnap an individual in Italy and wiretap the Greek government.
Taken together, and further combined with other sources (such as the near-ubiquitous license plate readers and toll-tags), investigators have a nearly complete picture of Johnny’s behavior, movements and associates without having to ever worry about the effects of cryptography.
The only way for Johnny to evade this dragnet is not encryption technology, but old-fashioned behavior designed to thwart any potential surveillance by separating out Johnny’s criminal identity from his everyday identity. That includes using of multiple “burner” phones, having face-to-face meetings, coding language and other related techniques well known in the criminal and terrorist underworld. These are tools that don’t rely on sophisticated technology but instead time and discipline.
As a final task, investigators will probably need to defeat Johnny’s phone’s encryption when arresting him, in order to gain real evidence of his crimes. But they could very well engineer a lucky break: All the cryptography in the world will do no good if the phone is already unlocked. By waiting until Johnny unlocks his phone and then immediately pouncing to arrest, an investigator can bypass all the cryptography protecting the phone itself.
The end result? The FBI is still capable of tracking their subject and making an arrest. While Johnny’s encryption did limit the investigation, it would have been much more limited if Johnny didn’t have a cellphone in the first place. Encryption or not, Johnny goes through life leaving a thousand traces for an investigator to follow.
Over the past two decades the world has not “gone dark,” but continues to grow brighter — our everyday use of technology provides an immense pool of data for investigators. If cryptography remains ubiquitous, they may have a harder time obtaining some information. However, that loss may not be worth compromising the rest of our security: There is near universal agreement that it is practically impossible to add in a “lawful access” backdoor without weakening every user’s security. The government has powerful tools already at its disposal. Do we need to provide it with more?
Explore these other perspectives: