Lawful Hacking: Toward a Middle Ground Solution to the Going Dark Problem

Hoaithi Nguyen

EXECUTIVE SUMMARY

Since the spring of 2013, when Edward Snowden leaked classified information regarding the National Security Agency’s (NSA) covert collection of telephony metadata from major communications providers, such Internet giants as Apple and Google have rolled out end-to-end encryption on their devices. End-to-end encryption means that “only the recipient of the message can decrypt it and not anyone in between.”[1] Today, hundreds of millions of users of Apple iPhones, Google Chrome, Android, WhatsApp and many other Internet platforms and applications around the world are now enjoying end-to-end encryption. Indeed, a vast majority of technology providers have now designed the technology in such a way that they cannot access the data sought, even pursuant to a court order, because they do not hold the key.[2] The security situation is the same for data “at rest” on an electronic device or data “in motion” over electronic networks. This trend presents a unique challenge to law enforcement and intelligence communities. The hallmark of these agencies investigative tools is interception of communications that are now out of reach because of end-to-end encryption. This problem is known as the problem of “going dark.”

The intelligence and law enforcement communities have been locked in a debate with privacy advocates and the technology industry over striking the right balance between individual liberty and collective security. The rhetoric on both sides of the debate has not served to find possible solutions despite the many attempts the government made to seek cooperation from Silicon Valley.[3]

This thesis explores the historical, political, and legislative developments that contributed to the rise of encryption in recent years, as well as constitutional doctrines that may be relevant to the public debate over possible policy solutions. Two possible solutions were examined using the policy option analysis method: (1) Amending the Communication Assistance to Law Enforcement Act (CALEA) to include encrypted communication devices and communication companies not previously covered by CALEA; and (2) passing legislation that authorizes law enforcement and intelligence agencies to perform hacking under very clear and specific circumstances with minimizing procedures and lawful warrants. Each proposed solution is examined through a lens of whether it would (1) be effective in solving the going-dark problem, (2) meet legal and constitutional standards, and (3) have the potential for political acceptability by protecting American values and striking the right balance between privacy and security.

Ultimately, this thesis recommends that policymakers enact legislation that sets out a clear legal framework under which the government is authorized to hack into devices and networks using existing vulnerabilities. Under the proposed framework, hacking is only authorized in cases where all the Fourth Amendment requirements are met, in addition to specific exhaustion and minimizing requirements. It also recommends that the U.S. government initiate a public education campaign to gain public support for some form of regulation concerning encryption in the future. The fundamental issue here is not only about the tension between privacy and security. The issue is also about who should make decisions with broad implications for the collective security: elected officials or the technology industry.

References

Greenberg, Andy. “Hacker Lexicon: What Is End-to-End Encryption?.” Wired, November 25, 2014. https://www.wired.com/2014/11/hacker-lexicon-end-to-end-encryption/.

Perlroth, Nicole, and David E. Sanger. “Obama Won’t Seek Access to Encrypted User Data.” New York Times, October 10, 2015. http://www.nytimes.com/​2015/​10/​11/​us/​politics/​obama-wont-seek-access-to-encrypted-user-data.html.

 

 

[1] Andy Greenberg, “Hacker Lexicon: What Is End-to-End Encryption?,” Wired, November 25, 2014, https://‌www.wired.com/‌2014/‌11/‌‌hacker-lexicon-end-to-end-encryption/‌.

[2] Going Dark: Encryption, Technology, and the Balance Between Public Safety and Privacy: Hearing Before the Senate Judiciary Committee (July 2015) (written statement of Sally Quillian Yates, Deputy General Counsel, FBI).

[3] Nicole Perlroth and David E. Sanger, “Obama Won’t Seek Access to Encrypted User Data,” New York Times, October 10, 2015, http://‌www.nytimes.com/‌2015/‌10/‌11/‌us/‌politics/‌obama-wont-seek-access-to-encrypted-user-data.html.

No Comments

Post a Comment