From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud

Privacy and Security, Networks, the Internet, and Cloud Computing and Cloud Computing

Article Snapshot

Author(s)

Peter Swire

Source

in Bulk Collection: Systematic Government Access to Private-Sector Data, Fred H. Cate and James X. Dempsey, eds., Oxford University Press, 2017, pp. 409-420

Summary

As strong encryption becomes more common for data and voice messages, traditional wiretaps become less effective. Law enforcement agencies have shifted from seeking local real-time access to messages to seeking remote access to stored messages, which are often unencrypted.

Policy Relevance

In some jurisdictions, police have little access to stored data and must ask other jurisdictions to provide such access.

Main Points

  • A traditional wiretap would be placed on copper telephone lines near the home of a surveillance target to listen to the conversations of the target in real time.
     
  • Over time, copper lines were replaced with fiber optics, and analog processing was replaced by digital processing; the Communications Assistance for Law Enforcement Act (CALEA) requires telecommunications companies to help law enforcement access these more complex communications.
     
  • Today, services such as Gmail automatically encrypt email messages in transit; however, the messages are not strongly encrypted while they are stored on the service's servers so law enforcement can use an access order to read the email content.
     
  • Strong encryption has been adopted by many other online messaging systems and services, including corporate virtual private networks (VPNs), electronic commerce, Facebook, Dropbox, Skype, and game chat channels.
     
  • Law enforcement seeks access to stored decrypted communications, especially those stored in the cloud, as other methods of obtaining the content of messages are problematic.
     
    • Few agencies can easily break strong encryption.
       
    • Bugging the homes and offices of surveillance targets is costly and risky.
       
    • The complexity of communications complicates efforts to access messages in real time under CALEA.
       
  • Communications held in storage are often not encrypted, because it is hard to search and retrieve encrypted data.
     
  • In some areas, “have-not” agencies have little access to stored data and must request cooperation from jurisdictions with access under mutual legal assistance agreements.
     

 

Get The Article

Find the full article online

Search for Full Article

Share