Feds Employ Multiple Encryption Bypass Techniques

Wednesday, February 23, 2011



Law enforcement officials are facing ever more sophisticated digital encryption security in the course of their investigations, making evidence recovery increasingly challenging.

"On a regular basis, the government is unable to obtain communications and related data," FBI general counsel Valerie Caproni told a congressional committee last week.

A major obstacle is the inability of prosecutors to force defendants to reveal passwords to unlock encrypted material.

"We believe we don't have the legal authority to force you to turn over your password unless we already know what the data is. It's a form of compulsory testimony that we can't do... Compelling people to turn over their passwords for the most part is a non-starter," said Howard Cox, assistant deputy chief for the Justice Department's Computer Crime and Intellectual Property Section at the RSA Conference in San Francisco last week.

One solution: Cox indicated that agencies are seeking assistance from encryption software manufacturers to gain access to the information sought in investigations.

Critics counter that encryption backdoors leave data equally susceptible to criminal hackers, and undermine the effectiveness of encryption as a security measure.

Another solution: employing the methods commonly used by white hat penetration testers and criminal hackers to access the information, such as brute-force techniques and keystroke loggers.

U.S. Secret Service agent Stuart Van Buren stated at the RSA conference that computer forensics is part of the standard training curriculum now. "Every new agent who goes to the Secret Service academy goes through a week of training."

A third solution: ask the courts to compel Internet service providers to provide access to account information.

"Sometimes if we can go in and find one of those passwords, or two or three, I can start to figure out that in every password, you use the No. 3," Van Buren said. "There are a lot of things we can find..."

Agents at the Drug Enforcement Administration have also previously secured court approval to install key-logging software on a suspect's computer in order to crack PGP encrypted documents.

"There are times when the government tries to use keystroke loggers," Van Buren stated.

Source:  http://news.cnet.com/8301-31921_3-20035168-281.html

Possibly Related Articles:
Encryption Legal RSA PGP Headlines Investigation backdoor
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.