Encryption Should not Trump Law Enforcement

TL;DR: Law Enforcement should be able to access individual encrypted devices when properly authorized by court order, as long as the devices are physically in their possession via normal search and seizure.

Encryption has long been used to secure communications over public networks, from government secrets to email and commerce. While technological advances provide more privacy to users, Law Enforcement (LE) must be afforded some access to secured devices when authorized by a court. Without this capability, LE becomes incapable of their job.

If we say that privacy is more important than the law, and build systems that LE cannot gain access to, then we allow the builder to be above the law. Instead of judicial processes, which come with due process and oversight, we get an organization that can allow or deny access according to its whims. Without a change to their mandate, LE will want to move to a persistent surveillance model since they are not allowed to obtain information after the fact. For this they will receive public support and massive resources as most people will vote to clamp down on criminals rather than let them run free.

Conversely, if we create systems where LE is allowed unfettered, unauthorized access, we create an environment ripe for abuse and without judicial oversight. No longer is probable cause or a court order needed to access someone’s private records. When such surveillance is authorized not by the normal courts, but by an executive branch entity such as the FISC, then oversight is gone as no one has standing to obtain records or sue. In addition, the immense database of private information is ripe for other abuses such as blackmail or extortion.

Encryption, simply put, should not override the law. If a call from a known criminal is traced to a suspects phone, the suspect should not be able to say “haha phone is encrypted, tough luck!” With many crimes being committed electronically, the only records available are the IP addresses of the attackers, insufficient evidence to convict. Should LE physically apprehend the suspect, a locked computer should not be able to halt the investigation. Such a legal environment would allow anyone with decent opsec to perform electronic theft with little fear of consequence if they keep all of their data and communications encrypted.

This is not to say that it is appropriate to ban encryption, compel encryption vendors to provide master keys, or require backdoors. Instead, LE simply requires the same level of physical access as they have now; if they have acquired a device pursuant to a court ordered investigation, they should be able to extract the contents. Perhaps the encryption key is physically readable from a chip on the board. If this is made complicated or costly enough, criminal use will be limited, and would still require physical access to the device. Such an approach would ensure that no master keys are created and a device cannot be remotely monitored. LE then requires separate probable cause and court orders for each device they have obtained.

Posted in General | 3 Comments

3 Responses to Encryption Should not Trump Law Enforcement

  1. Anonymous says:

    Guns Should not Trump Law Enforcement.

  2. righteous indignation says:

    Intelligence Should Not Trump Law Enforcement

  3. Robbin Hood says:

    Politicians Should Not Trump Law Enforcement

Leave a Reply

Your email address will not be published.