BY BOB OSGOOD, DIRECTOR, DIGITAL FORENSICS
Today, the world of digital forensics is dealing with a challenge that heretofore was an academic exercise. What if the criminal, terrorist, or spy is using a digital container that cannot be accessed by law enforcement? Or, what if some criminal or terrorist organization is using encryption to communicate, thwarting legitimate law enforcement efforts to obtain vital evidence? Even when the police have a search warrant, they are technically barred from getting into the device, meaning that a judge and jury will never see the evidence contained in the device. This phenomena is called “Going Dark.” Over the last 10 years, numerous individuals have testified before Congress about how to handle this challenge, but to date, there has been little legislative action. The challenge is complicated. On one side, the fourth amendment of the Constitution guarantees a right to a reasonable expectation of privacy. On the other side, the government has an obligation to protect its citizens. The arbiter of this balance is a judge. Going Dark reached an apex in the form of a legal battle between the FBI and Apple Computer when Apple refused to honor both a federal search warrant and a court order, stating, among other things, privacy concerns. Government agents requested Apple modify the operating system of the iPhone so they could crack the encryption on an iPhone seized during the terrorist incident in San Bernardino. Thwarting encryption is a daunting task, and very few law enforcement agencies have the resources to do so. Encryption may be beaten using one or more methods including:
- Brute force, which is putting massive amounts of processor power on the encrypted files in the hopes of guessing the encryption key
- Social engineering the passphrase or key from the user
- Obtaining the key from other digital media or recordings
- Obtaining the key through a technical exploit
Encryption is vital to both our security and privacy, but there needs to be a balance. Real-life challenges to this balance are likely to continue, and forensic specialists must be prepared to address them.