In my recent post, I noted that a lot of the recent legal developments in the field of computer crime law are about responses to encryption. I thought I would expand on the theme of what I’ll call “the law of encryption workarounds.”
Here’s the idea: In the context of criminal investigations, encryption often acts as a means of blocking law enforcement access to information about suspects. It blocks that access unless the government can crack the encryption or gain access to a place where the information is available in unencrypted form. When targets use encryption to block law enforcement access to information about them, the government then looks for workarounds. In some contexts, the government looks for ways to decrypt the communications. In other contexts, the government tries to access copies of the information in unencrypted form.
Several developments in computer crime law in the past year are about the legal issues prompted by encryption workarounds. In each case, suspects used encryption to hide information that the government would have been able to access, both legally and practically, if encryption had not been used. In each case, the government tried a workaround to gain access to the information despite the use of encryption. And in each case, the debate is now about the legality of the workaround.
Consider three examples:
1. Apple v. FBI. The litigation known as “Apple v. FBI” was about an encryption workaround. The government had a suspect’s iPhone and had a warrant to search it. Without encryption, that would have been enough to search it. The government initially couldn’t access the phone, however, because the phone’s operator had used Apple’s operating system to encrypt its contents. The operator of the phone was dead, so the government couldn’t get him to decrypt it. Instead, the government tried to use the All Writs Act to force Apple to take steps to facilitate decrypting the phone. The legal issue concerned whether that was allowed. The case then became moot when the government paid an outside firm to decrypt the phone.
2. Fifth Amendment limits on decryption. Pending litigation in the Third Circuit about the Fifth Amendment limits of decryption provides another obvious example of an encryption workaround. Investigators have a warrant to search the defendant’s hard drives. The hard drives are encrypted, however, and the government doesn’t know the password needed to decrypt them. The government now has an order requiring the defendant to decrypt the drives, and he is fighting the order on Fifth Amendment grounds. The legal issue is whether and when the Fifth Amendment allows the defendant to be ordered to decrypt the hard drives.
3. The Playpen warrant. Litigation about the Playpen warrant can also be understood as being about encryption workarounds. Before Tor, if the government had control of a child pornography website and wanted to arrest its users, it could log the IP addresses of users and trace those IP addresses back. Tor hides those IP addresses and thwarts the use of surveillance tools that could reveal them so that the government generally can’t trace back connections through surveillance. (It’s not only encryption that does that, but it is part of the explanation.) The government’s workaround was to obtain a warrant authorizing the insertion of malware that could try to search visitor computers for the information Tor hides. Litigation over the Playpen warrant now concerns the legality of the warrant and the techniques it authorized.
As we see more use of encryption, we can expect to see more attempted workarounds and more litigation over their legal limits. Some of these workarounds are widely available to law enforcement if courts approve them, while others are technologically difficult or very expensive and so are likely to be used rarely, even if courts are on board. Either way, the future landscape of digital evidence investigations is likely to be shaped in substantial part by the law of encryption workarounds.