About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline

106 Geo. L.J. 989 (2017-2018)
Encryption Workarounds

handle is hein.journals/glj106 and id is 1001 raw text is: 



Encryption Workarounds


ORIN S. KERR* & BRUCE SCHNEIER**


  The  widespread  use of encryption has  triggered a new step in many
criminal investigations: The encryption workaround. We define an encryption
workaround   as  any  lawful government   effort to reveal unencrypted
plaintext of a target's data that has been concealed by encryption. This
Article provides an overview  of encryption workarounds.  It begins with
a  taxonomy  of  the different ways  investigators might  try to bypass
encryption schemes.  We  classify six kinds of workarounds: find the key,
guess the key, compel the key, exploit a flaw in the encryption software,
access plaintext while the device is in use, and locate another plaintext
copy. For  each approach, we  consider the practical, technological, and
legal hurdles raised by its use.
     The  remainder  of this Article develops lessons about  encryption
workarounds   and the broader public debate about encryption in criminal
investigations. First, encryption workarounds are inherently probabilis-
tic. None work every time, and none can be categorically ruled out every
time. Second, the different resources required for different workarounds
will have  significant distributional effects on law enforcement. Some
techniques are inexpensive and  can be used often by many  law enforce-
ment  agencies; some are sophisticated or expensive and likely to be used
rarely and only by  a few. Third, the scope of legal authority to compel
third-party assistance will be a continuing challenge. And fourth, the law
governing  encryption workarounds   remains  uncertain and  underdevel-
oped.  Whether  encryption will be  a game   changer  or a speed  bump
depends  on both  technological change  and the resolution of important
legal questions that currently remain unanswered.

                           TABLE OF CONTENTS
INTRODUCTION..       ................................................... 990

  1. THE BASIC PRINCIPLES OF ENCRYPTION ........................... 993

  II. Six TYPES OF ENCRYPTION WORKAROUNDS ........................  996

  * Frances R. and John J. Duggan Distinguished Professor, University of Southern California Gould
School of Law. 0 2018, Orin S. Kerr & Bruce Schneier.
  ** Fellow, Berkman Klein Center for Internet & Society at Harvard University; Chief Technology
Officer, IBM Resilient. The authors thank Dan Richman, Catherine Crump, Andrea Roth, Holly
Doremus, Mark Rumold, Steven Bellovin, the University of California at Berkeley Law School Public
Law and Policy Colloquium, and the Privacy Law Scholars Conference for comments on an earlier
draft.


989

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Contact us for annual subscription options:

Already a HeinOnline Subscriber?

profiles profiles most