– Executive Summary –
According to the Pew Research Center, more than 95% of adults in the United States have a cell phone.[1] Digital technology has permeated almost every facet of daily life, and electronic devices are driving this trend.[2] As biometric identification increases and payment systems like Apple Pay proliferate, it is reasonable to believe devices will soon be the proxy for those items as well. Hardware and software manufacturers are enabling encryption capabilities on many of these devices to protect information from being compromised. While this security is a benefit to many, strong device encryption poses problems for U.S. law enforcement agencies, which have come to rely on data contained on devices in their investigations. The information contained on a device is vast and can be crucial to law enforcement in their investigations. However, the inability of law enforcement to access or see the information on a device due to encryption precludes this retrieval from happening. This concept is known as “going dark.”[3]
The going dark issue is present, prevalent, and growing. In 2016, Federal Bureau of Investigation (FBI) general counsel Jim Baker said that the FBI is able to get the data it needs 87% of the time.[4] In 2017, FBI Director Christopher Wray testified this number dropped to 50% of the time in fiscal year 2017.[5] Emerging from this trend is a renewed, decades-old debate over the means by which the government accesses these encrypted devices. It is a flashpoint between those in law enforcement who generally advocate a regimented, industry-supported approach enabling ready access to encrypted data, and technologists and civil libertarians who are opposed to it. Ironically, both groups in the dispute recognize the need for encryption, as well as the need for government access. However, the two are unable to reach a consensus on reasonably meeting both requirements. While the government is locked in debate, the United States lacks a domestic solution to the issue.
This thesis examines and evaluates the primary encryption approaches of Israel and China in an effort to determine whether their respective approaches effectively and reasonably address the issue of access to encrypted devices in ways that could contribute to resolving debate in the United States. Using qualitative analysis, the thesis assesses the encryption approaches of Israel and China in terms of legality, cost, political acceptance, and potential for success for application within the United States. The Israeli model, structural in nature, focuses on the exploitation of encryption and forensic extraction of devices by the Israel Police cybercrime unit; it proved to be a reasonable and potentially effective model for the United States. The Chinese model, a legislative-based solution, compels telecommunications providers to assist with gaining access to devices; it was found to be an unreasonable and ineffective model for the United States. Based on the results of the analysis of available information, this thesis recommends implementing a new initiative in the United States based on the Israeli model.
The success Israel has in the world of encryption and device data extraction is grounded in the Israel Police’s cybercrime unit and its collaborative partnerships with the military, private sector, and academia. The unit has a centralized forensic laboratory, and a network of officers strategically located across the country who specialize in data extraction from electronic devices. The fact that encryption is inherently vulnerable is a key takeaway of this thesis, and Israel’s approach is best suited to take advantage of this weakness. While restructuring U.S. law enforcement in an identical way to Israel is unrealistic, this thesis recommends considering changes to the approach of U.S. law enforcement’s efforts consistent with characteristics of the Israeli model. The United States already has satisfactory legal authorities, with adequate oversight, within which it can leverage means like “lawful hacking” to access devices with this approach. Changes to U.S. law enforcement efforts include organizing its structure to be collectively and singularly focused on defeating device encryption, staffed with the appropriate personnel, and supported by adequate resources and external partners. This effort can be accomplished by aligning device encryption efforts under the leadership of one federal agency tasked with coordinating the work of federal, state, and local law enforcement partners operating in laboratories across the county in collaboration with partners in the private sector and academia contributing to the mission.
Tailoring the U.S. device encryption approach to implement core features of the Israeli model has the potential to bring the United States closer to a viable domestic solution. Application of the Israeli approach to device encryption issues in the United States is a reasonable solution with a strong likelihood to be effective. Above all, this thesis contributes to a growing body of academic literature supporting a view that continuing a paralytic debate on the issue serves nobody’s interests. The onus is on those who hold absolutist positions in this debate to allow a reasonable and effective solution to be implemented in the United States.
[1] “Mobile Fact Sheet,” Pew Research Center, accessed March 17, 2017, http://www.pewinternet.org/
fact-sheet/mobile/.
[2] For the purposes of this thesis, the term, “device” describes portable electronic communication devices like cellular smartphones and tablets.
[3] “Going Dark,” Federal Bureau of Investigation, accessed June 1, 2017, https://www.fbi.gov/services/
operational-technology/going-dark.
[4] Jeff John Roberts, “Locked Apple Devices Are Piling Up in Police Evidence Rooms,” Fortune, November 17, 2016, http://fortune.com/2016/11/17/locked-apple-devices-are-piling-up-in-police-evidence-rooms/.
[5] Department of Justice, Statement of Christopher A. Wray, Director, Federal Bureau of Investigation before the Committee on the Judiciary, U.S. House of Representatives at a Hearing Entitled, ‘Oversight of the Federal Bureau of Investigation’, Federal Bureau of Investigation, Presented December 7, 2017 (Washington, DC: Department of Justice, 2017), https://judiciary.house.gov/wp.content/uploads/2017/12/
Director-Wray-Testimony.pdf.
