Encryption Workarounds

31 Pages Posted: 22 Mar 2017 Last revised: 13 May 2018

See all articles by Orin S. Kerr

Orin S. Kerr

University of Southern California Gould School of Law

Bruce Schneier

Harvard University - Berkman Klein Center for Internet & Society; Harvard University - Harvard Kennedy School (HKS)

Date Written: March 20, 2017

Abstract

The widespread use of encryption has triggered a new step in many criminal investigations: The encryption workaround. We define an encryption workaround as any lawful government effort to reveal unencrypted plaintext of a target’s data that has been concealed by encryption. This Article provides an overview of encryption workarounds. It begins with a taxonomy of the different ways investigators might try to bypass encryption schemes. We classify six kinds of workarounds: find the key, guess the key, compel the key, exploit a flaw in the encryption software, access plaintext while the device is in use, and locate another plaintext copy. For each approach, we consider the practical, technological, and legal hurdles raised by its use.

The remainder of this Article develops lessons about encryption workarounds and the broader public debate about encryption in criminal investigations. First, encryption workarounds are inherently probabilistic. None work every time, and none can be categorically ruled out every time. Second, the different resources required for different workarounds will have significant distributional effects on law enforcement. Some techniques are inexpensive and can be used often by many law enforcement agencies; some are sophisticated or expensive and likely to be used rarely and only by a few. Third, the scope of legal authority to compel third-party assistance will be a continuing challenge. And fourth, the law governing encryption workarounds remains uncertain and underdeveloped. Whether encryption will be a game changer or a speed bump depends on both technological change and the resolution of important legal questions that currently remain unanswered.

Keywords: encryption, going dark, fifth amendment, fourth amendment, cybercrime

JEL Classification: K14, K42

Suggested Citation

Kerr, Orin S. and Schneier, Bruce, Encryption Workarounds (March 20, 2017). 106 Georgetown Law Journal 989 (2018).. Available at SSRN: https://ssrn.com/abstract=2938033 or http://dx.doi.org/10.2139/ssrn.2938033

Orin S. Kerr (Contact Author)

University of Southern California Gould School of Law ( email )

699 Exposition Boulevard
Los Angeles, CA 90089
United States

HOME PAGE: http://gould.usc.edu/faculty/?id=73523

Bruce Schneier

Harvard University - Berkman Klein Center for Internet & Society ( email )

Harvard Law School
Cambridge, MA 02138
United States

Harvard University - Harvard Kennedy School (HKS) ( email )

79 John F. Kennedy Street
Cambridge, MA 02138
United States

Register to save articles to
your library

Register

Paper statistics

Downloads
7,749
rank
628
Abstract Views
25,479
PlumX