Article
Jun 18
Back

MOBILE PHONE ENCRYPTION AS AN OBSTACLE IN CRIMINAL INVESTIGATION – REVIEW OF COMPARATIVE SOLUTIONS

Milana Pisarić

10.51204/Anali_PFBU_21205A
ABSTRACT /

In detecting criminal offences, the police increasingly rely on electronic evidence. Due to ubiquitous digitization, data in electronic form with probative potential is found in an increasing number of sources. When the competent authorities need to collect potential electronic evidence from mobile phones, they face several normative and practical challenges. One of the important aggravating factors is the full-disk encryption of the device. Although functions of encryption cannot and must not be neglected in the modern digital environment, it has an obstructive role in criminal investigation. The competent authorities often have the appropriate authority to access the contents of a mobile phone, but they lack the technical ability to gain such access and collect data. After explaining the basic principles of encryption of mobile phones, the author analyzes the possible approaches for gaining access to a device protected by encryption, and indicates the possible legal basis for their application.

DOWNLOAD COMPLETE ARTICLE /
Serbian (cyr)   Serbian (lat)  
REFERENCES /
  1. Abelson, Harold, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael Specter, Daniel J. Weitzner. 2015. Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications. Cambridge. https://doi.org/10.1093/cybsec/tyv009
  2. Arora, Mohit. 2012. How Secure Is AES Against Brute Force Attacks? EE Times. July 5. http://www.eetimes.com/document.asp, poslednji pristup 14. jula 2020.
  3. Bellovin, Steven, Matt Blaze, Sandy Clark, Susan Landau. 1/2014, Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on the Internet. Northwestern Journal of Technology and Intellectual Property 12: 1–64. https://doi.org/10.2139/ssrn.2312107
  4. Biryukov, Alex, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich, Adi Shamir. 2009. Key Recovery Attacks of Practical Complexity on AES Variants with up to 10 Rounds. 299–319. u Advances in Cryptology – EUROCRYPT 2010, ed. Henri Gilbert. Berlin, Heidelberg: Springer. https://doi.org/10.1007/978-3-642-13190-5_15
  5. Bošnjak, Leon, Boštjan Brumen. 1/2018. Rejecting the Death of Passwords: Advice for the Future. Computer Science and Information Systems 16: 313–332. https://doi.org/10.2298/CSIS180328016B
  6. Casey, Eoghan, Geoff Fellows, Matthew Geiger, Gerasimos Stellatos. 2/2011.The growing impact of full disk encryption on digital forensics. Digital Investigation 8: 129–134. https://doi.org/10.1016/j.diin.2011.09.005
  7. Gill, Lex, Tamir Israel, Christopher Parsons. 2018. Citizen Lab and the Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic: Shining a Light on the Encryption Debate: a Canadian Field Guide. Toronto.
  8. Gomes, Lee. 4/2018. Quantum computing: Both here and not here. IEEE Spectrum: 42–47. https://doi.org/10.1109/MSPEC.2018.8322045
  9. Hennessey, Susan. 2016. Lawful hacking and the case for a strategic approach to Going Dark. Brookings. October 7. https://www.brookings.edu/research/lawful-hacking-and-the-case-for-a-strategic-approach-to-going-dark/, последњи приступ 16. јула 2020.
  10. Jonathan, Katz, Yehuda Lindell. 2015. Introduction to modern cryptography, 2nd Edition. London.
  11. Kerr, Orin, Bruce Schneier. 4/2018. Encryption Workarounds. Georgetown Law Journal 106: 989–1019.
  12. Kerr, Orin. 4/2019. Compelled Decryption and the Privilege Against Self-Incrimination. Texas Law Review 97: 767–799.
  13. Koops, Bert-Jaaps. 2010. Commanding decryption and the privilege against self-incrimination. 431–445. New trends in criminal investigation and evidence: Volume II, eds. C. M. Breur, M. M. Kommer, J. F. Nijboer, J. M. Reijntjes. Antwerpen-Groningen-Oxford: Intersentia.
  14. Lemus, Efren. 2/2017. When Fingerprints Are Key: Reinstating Privacy to the Privilege Against Self-Incrimination in Light of Fingerprint Encryption in Smartphones. SMU Law Review 70: 533–561.
  15. Pisarić, Milana. 2015. Challenges of Recovering and Analyzing Volatile Data. Thematic Conference Proceedings of International Significance Archibald Reiss Days 3: 241–245. https://doi.org/10.5937/zrpfns54-26929
  16. Pisarić, Milana. 2019. Elektronski dokazi u krivičnom postupku. Novi Sad.
  17. Pisarić, Milana. 3/2020. Enkripcija kao prepreka otkrivanju i dokazivanju krivičnih dela. Zbornik radova Pravnog fakulteta u Novom Sadu 54: 1079–1100.
  18. Pisarić, Milana. 2020. Encryption as a challenge for European law enforcement agencies. Thematic Conference Proceedings of International Significance Archibald Reiss Days 10: 611–619.
  19. Pfefferkorn, Riana. 5/2017. Everything Radiates: Does the Fourth Amendment Regulate Side-Channel Cryptanalysis?. Connecticut Law Review 49: 1393–1452.
  20. Schneier, Bruce. 2015. History of the First Crypto War. Schneier Blog. https://www.schneier.com/blog/archives/2015/06/history_of_the_.html, poslednji pristup 14. jula 2020.
  21. Swire, Peter, Kenesa Ahmad. 1/2012. Encryption and Globalization. Columbia Science and Technology Law Review 13: 416–481.
  22. Terzian, Dan. 4/2015. Forced Decryption as Equilibrium— why it’s Constitutional and how Riley Matters. Northwestern University Law Review 109: 1131–1140.
  23. Wareham, Jason. 3/2017. Cracking the Code: The Enigma of the Selfincrimination Clause and Compulsory Decryption of Encrypted Media. Georgetown Law Technology Review 1: 247–268.
  24. Winkler, Andrew. 2/2013. Password Protection and Self-Incrimination: Applying the Fifth Amendment Privilege in the Technological Era. Rutgers Computers and Technology Law Journal 39: 194–215.

OTHER SOURCES

  1. Apple, Inc. 2020a. Using USB accessories with iOS 11.4.1 and later. April 15. https://support.apple.com/en-us/HT208857, poslednji pristup 31. maja 2021.
  2. Apple, Inc. 2020b. Apple Platform Security. https://support.apple.com/guide/security/passcodes-sec20230a10d/web, poslednji pristup 31. maja 2021.
  3. Apple, Inc. 2020c. iCloud security overview. https://support.apple.com/en-us/HT202303#:~:text=Data%20security,end%2Dto%2Dend%20encryption, poslednji pristup 31. maja 2021.
  4. Apple, Inc. 2020d. Legal Process Guidelines Government & Law Enforcement outside the United States. https://www.apple.com/legal/privacy/law-enforcement-guidelines-outside-us.pdf, poslednji pristup 31. maja 2021..
  5. Apple, Inc. 2020e. Legal Process Guidelines: U. S. Law Enforcement. https://www.apple.com/legal/privacy/law-enforcement-guidelines-us.pdf, poslednji pristup 31. maja 2021.
  6. Bright, Peter. 2014. Stealing Encryption Keys Through the Power of Touch. Ars Technica. August 21. http://arstechnica.com/security/
    2014/08/stealing-encryption-keys-through-the-power-of-touch/    , poslednji pristup 31. maja 2021.
  7. Council of the European Union. 2020. Resolution on Encryption – Security through encryption and security despite encryption. 24 November 2020. https://data.consilium.europa.eu/doc/document/ST-13084–2020-REV-1/en/pdf, poslednji pristup 31. maja 2021.
  8. Eurojust. 2019. Cybercrime Judicial MonitorIssue 5. https://www.eurojust.europa.eu/sites/default/files/Publications/Reports/2019–12_CJM-5_EN.pdf, poslednji pristup 31. maja 2021.
  9. Eurojust. 2018. Cybercrime Judicial MonitorIssue 4. https://www.eurojust.europa.eu/sites/default/files/Publications/Reports/2018–12_CJM-4_EN.pdf, poslednji pristup 31. maja 2021.
  10. Eurojust. 2017. Cybercrime Judicial MonitorIssue 3. https://www.eurojust.europa.eu/sites/default/files/Publications/Reports/2017–12_CJM-3_EN.pdf, poslednji pristup 31. maja 2021.
  11. Eurojust. 2016. Cybercrime Judicial MonitorIssue 2. https://www.eurojust.europa.eu/sites/default/files/Publications/Reports/2016–11_CJM-2_EN.pdf, poslednji pristup 31. maja 2021.
  12. Five Country Ministerial. 2018. Statement of Principles on Access to Evidence and Encryption. https://www.homeaffairs.gov.au/about-us/our-portfolios/national-security/security-coordination/five-country-ministerial-2018, последњи приступ 31. маја 2021.
  13. Google. 2021. Transparency Report Help Center, Request for User Information. https://support.google.com/transparencyreport/answer/7381458?
    hl=en    , poslednji pristup 31. maja 2021.
  14. Manhattan District Attorney’s Office. 2015. Report on Smartphone encryption and Public safety. New York. https://www.manhattanda.org/wp-content/themes/dany/files/11.18.15%20Report%20on%20Smartphone%20Encryption%20and%20Public%20Safety.pdf, poslednji pristup 31. maja 2021.
  15. Manhattan District Attorney’s Office. 2016. Report on Smartphone encryption and Public safety, An update to the November 2015 Report. New York. https://www.manhattanda.org/wp-content/themes/dany/files/Report%20on%20Smartphone%20Encryption%20and%20Public%20Safety:%20An%20Update.pdf, poslednji pristup 31. maja 2021.
  16. Manhattan District Attorney’s Office. 2017. Third Report on Smartphone encryption and Public safety. New York. https://www.manhattanda.org/wp-content/themes/dany/files/2017%20Report%20of%20the%20Manhattan%20District%20Attorney%27s%20Office%20on%20Smartphone%20Encryption.pdf, poslednji pristup 31. maja 2021.
  17. Manhattan District Attorney’s Office. 2018. Report on Smartphone encryption and Public safety, An update to the November 2017 Report. New York. https://www.manhattanda.org/wp-content/uploads/2018/11/2018-Report-of-the-Manhattan-District-Attorney27s-Office-on-Smartphone-En….pdf, poslednji pristup 31. maja 2021.
  18. Manhattan District Attorney’s Office. 2019. Report on Smartphone encryption and Public safety, An update to the November 2018 Report. New York. https://www.manhattanda.org/wp-content/uploads/2019
    /10/2019-Report-on-Smartphone-Encryption-and-Public-Safety.pdf    , poslednji pristup 31. maja 2021.
  19. Mullin, Joe. 2015. Sunk: How Ross Ulbricht ended up in prison for life. Ars Technica. May 29. https://arstechnica.com/tech-policy/2015/05/sunk-how-ross-ulbricht-ended-up-in-prison-for-life/, poslednji pristup 31. maja 2021.
  20. National Cyber Security Center. 2019. Most hacked passwords revealed as UK cyber survey exposes gaps in online security. April 21. https://www.ncsc.gov.uk/news/most-hacked-passwords-revealed-as-uk-cyber-survey-exposes-gaps-in-online-security, poslednji pristup 31. maja 2021.
  21. National Institute of Standards and Technology. 2006. Glossary of Key Information Security Terms. April 25. https://www.govinfo.gov/content/pkg/GOVPUB-C13-b1ff2496095efdbb0a71d72f6b607595/pdf/GOVPUB-C13-b1ff2496095efdbb0a71d72f6b607595.pdf, poslednji pristup 31. maja 2021.
  22. National Institute of Standards and Technology. 2019. Test Result for Mobile Device Acqusition Tool: UFED InField Kiosk v7.5.0.875. September 27. https://www.dhs.gov/sites/default/files/publications/testresultsnistmobiledeviceacquisitiontool-ufedinfieldkiosk_v7.5.0.875.pdf, poslednji pristup 31. maja 2021.
  23. Office of the United Nations High Commissioner for Human Rights. 2018.  Report of the United Nations High Commissioner for Human Rights: The Right to Privacy in the Digital Age, https://documents-dds-ny.un.org/doc/UNDOC/GEN/G18/239/58/PDF/G1823958.pdf?OpenElement, poslednji pristup 31. maja 2021.