AH Malware encryption data theft virus

New York District Attorney Release Encryption Paper

November 23, 2015 - Written By David Steele

The New York District Attorney’s Office have released a document detailing how the changes in device full disk encryption has changed the landscape when it comes to retrieving information from suspects relating to crimes. The introduction to the document explains how forensic scientists have been able to recover text messages between human traffickers and a video of a murder taking place from criminals’ smartphones, although no details are provided as to the number of data retrievals that provide critical evidence in a case in the context of data recovery operations that do not help a case. Instead, the document states: “It is the rare case in which information from a smartphone is not useful; rather, it is often crucial.” The dossier concerns how both Apple and Google have enabled full disc encryption from iOS 8 and Android 5.0, although the document does concede that Google have relaxed the requirements for device manufacturers and not all new devices running Android 5.0 or later must use full disk encryption as stock. The headline statistic is that some 23% of Android devices in use today run Android 5.0 Lollipop or later and the implication is that these devices cannot be hacked by law enforcement authorities – but the true statistic will be different. The document goes into some detail of the background and technology used by both Apple and Google.

The document also details that Google are able to reset passcodes and PIN codes for unencrypted devices, where compelled by a court order, but once the device has full disk encryption there is nothing they (Google) or the manufacturer is able to do in order to allow access to the underlying data on the device. It explains that even where the law authorities are able to compel a suspect into providing his or her unlock code, which requires jumping through some legal hoops, the suspect may well decline to provide the code or unlock the device. Brute force techniques – that is, trying a large number of combinations – could be unsuccessful if the device is set to destroy all data on repeated attempts to gain access. The report contains details as to the types of information that may only be recovered from the device itself rather than the companion iCloud and Google Drive accounts, or from the cell ‘phone company.

The issue is a complicated one, trying to balance customers’ desire and legal right for privacy with the onerous-sounding requirement to keep the population safe. The New York Attorney’s Office document is an interesting introduction into the technologies used and some of the difficulties experienced by law enforcement officers, and some of the ideas they have to compel software designers to build in security back doors. The argument will rumble on for some considerable time yet.