Drive Encryption and Law Enforcement

      by Wyatt Walter

It’s no surprise (though it seems to be to some) that our obsession with privacy on the web and on our computing devices has been causing some problems for law enforcement agencies. I see tons of users in the Ubuntu forums trying to figure out how to encrypt all of their web traffic so nothing is watched by their university’s filters. The problem with this, of course, is that they still have to go out onto the public Internet at some point completely unencrypted. Silicon.com’s Nick Heath ran this article yesterday on how criminals are using the remote-wipe features of RIM’s Blackberries and Apple’s iPhones to cover up their tracks. The Washington Post talked of a case in January in which the court was unable to ask a suspect for a password to an encrypted disk which was alleged to hold child pornography. According to the article, a person can be forced to give up a key because it’s a physical device, but not forced to give up a password since it’s a piece of knowledge and considered testimonial and protected under the Fifth Amendment.

Where is our happy medium here? Certainly we can’t be giving away corporate secrets when an iPhone or Blackberry walks off, but certainly we can’t let a criminal hide potential evidence by encrypting it. Sure, we can’t force people to testify, but we also can’t allow them to destroy evidence. Our government regulations and corporate policies are lagging far behind the technologies we’re developing and it just might be catching up. Should governments be able to force us to give up passwords, or should they be left to their own vices to brute-force or otherwise break into our devices? In years past, we could just copy the drive bit-by-bit and mount the filesystems, but now data is being encrypted at the bit-level and there’s nothing that can be done.

Related Posts Related Websites

Filed under Tech Trends : Comments (0) : Sep 3rd, 2008

Leave a Reply