Članak
jun 18
Nazad

ENKRIPCIJA MOBILNOG TELEFONA KAO PREPREKA OTKRIVANJU I DOKAZIVANJU KRIVIČNIH DELA – OSVRT NA UPOREDNA REŠENJA

Milana Pisarić

10.51204/Anali_PFBU_21205A
SAŽETAK /

Računarski podaci sa dokaznim potencijalom nalaze se u sve većem broju izvora, među kojima su od posebnog značaja pametni mobilni telefoni. Kada nadležni organi, za potrebe otkrivanja i dokazivanja krivičnih dela, prikupljaju iz ovog uređaja podatke, potencijalne elektronske dokaze, susreću se sa više normativnih i praktičnih izazova, a jedan od otežavajućih faktora je enkripcija celog internog skladišta podataka. Neretko oni imaju odgovarajuće ovlašćenje za ostvarivanje pristupa sadržaju mobilnog telefona, ali im nedostaju tehničke mogućnosti da, bez posedovanja ključa za dekripciju, ostvare pristup i prikupe podatke u čitljivom obliku. Iako se funkcija enkripcije ne može i ne sme zanemariti u savremenom digitalnom okruženju, ona ima opstruktivno dejstvo na krivičnu istragu. Međutim, ovu prepreku nadležni organi mogu prevazići primenom drugih odgovarajućih mera i radnji. U radu autor analizira taktike i tehnike, odnosno mere i radnje za ostvarivanje pristupa sadržaju mobilnog telefona zaštićenog enkripcijom i razmatra pravne osnove za njihovu primenu.

ČLANAK JE RASPOLOŽIV NA /
Ćirilici   Latinici  
REFERENCE /
  1. Abelson, Harold, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael Specter, Daniel J. Weitzner. 2015. Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications. Cambridge. https://doi.org/10.1093/cybsec/tyv009
  2. Arora, Mohit. 2012. How Secure Is AES Against Brute Force Attacks? EE Times. July 5. http://www.eetimes.com/document.asp, poslednji pristup 14. jula 2020.
  3. Bellovin, Steven, Matt Blaze, Sandy Clark, Susan Landau. 1/2014, Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on the Internet. Northwestern Journal of Technology and Intellectual Property 12: 1–64. https://doi.org/10.2139/ssrn.2312107
  4. Biryukov, Alex, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich, Adi Shamir. 2009. Key Recovery Attacks of Practical Complexity on AES Variants with up to 10 Rounds. 299–319. u Advances in Cryptology – EUROCRYPT 2010, ed. Henri Gilbert. Berlin, Heidelberg: Springer. https://doi.org/10.1007/978-3-642-13190-5_15
  5. Bošnjak, Leon, Boštjan Brumen. 1/2018. Rejecting the Death of Passwords: Advice for the Future. Computer Science and Information Systems 16: 313–332. https://doi.org/10.2298/CSIS180328016B
  6. Casey, Eoghan, Geoff Fellows, Matthew Geiger, Gerasimos Stellatos. 2/2011.The growing impact of full disk encryption on digital forensics. Digital Investigation 8: 129–134. https://doi.org/10.1016/j.diin.2011.09.005
  7. Gill, Lex, Tamir Israel, Christopher Parsons. 2018. Citizen Lab and the Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic: Shining a Light on the Encryption Debate: a Canadian Field Guide. Toronto.
  8. Gomes, Lee. 4/2018. Quantum computing: Both here and not here. IEEE Spectrum: 42–47. https://doi.org/10.1109/MSPEC.2018.8322045
  9. Hennessey, Susan. 2016. Lawful hacking and the case for a strategic approach to Going Dark. Brookings. October 7. https://www.brookings.edu/research/lawful-hacking-and-the-case-for-a-strategic-approach-to-going-dark/, poslednji pristup 16. jula 2020.
  10. Jonathan, Katz, Yehuda Lindell. 2015. Introduction to modern cryptography, 2nd Edition. London.
  11. Kerr, Orin, Bruce Schneier. 4/2018. Encryption Workarounds. Georgetown Law Journal 106: 989–1019.
  12. Kerr, Orin. 4/2019. Compelled Decryption and the Privilege Against Self-Incrimination. Texas Law Review 97: 767–799.
  13. Koops, Bert-Jaaps. 2010. Commanding decryption and the privilege against self-incrimination. 431–445. New trends in criminal investigation and evidence: Volume II, eds. C. M. Breur, M. M. Kommer, J. F. Nijboer, J. M. Reijntjes. Antwerpen-Groningen-Oxford: Intersentia.
  14. Lemus, Efren. 2/2017. When Fingerprints Are Key: Reinstating Privacy to the Privilege Against Self-Incrimination in Light of Fingerprint Encryption in Smartphones. SMU Law Review 70: 533–561.
  15. Pisarić, Milana. 2015. Challenges of Recovering and Analyzing Volatile Data. Thematic Conference Proceedings of International Significance Archibald Reiss Days 3: 241–245. https://doi.org/10.5937/zrpfns54-26929
  16. Pisarić, Milana. 2019. Elektronski dokazi u krivičnom postupku. Novi Sad.
  17. Pisarić, Milana. 3/2020. Enkripcija kao prepreka otkrivanju i dokazivanju krivičnih dela. Zbornik radova Pravnog fakulteta u Novom Sadu 54: 1079–1100.
  18. Pisarić, Milana. 2020. Encryption as a challenge for European law enforcement agencies. Thematic Conference Proceedings of International Significance Archibald Reiss Days 10: 611–619.
  19. Pfefferkorn, Riana. 5/2017. Everything Radiates: Does the Fourth Amendment Regulate Side-Channel Cryptanalysis?. Connecticut Law Review 49: 1393–1452.
  20. Schneier, Bruce. 2015. History of the First Crypto War. Schneier Blog. https://www.schneier.com/blog/archives/2015/06/history_of_the_.html, poslednji pristup 14. jula 2020.
  21. Swire, Peter, Kenesa Ahmad. 1/2012. Encryption and Globalization. Columbia Science and Technology Law Review 13: 416–481.
  22. Terzian, Dan. 4/2015. Forced Decryption as Equilibrium— why it’s Constitutional and how Riley Matters. Northwestern University Law Review 109: 1131–1140.
  23. Wareham, Jason. 3/2017. Cracking the Code: The Enigma of the Selfincrimination Clause and Compulsory Decryption of Encrypted Media. Georgetown Law Technology Review 1: 247–268.
  24. Winkler, Andrew. 2/2013. Password Protection and Self-Incrimination: Applying the Fifth Amendment Privilege in the Technological Era. Rutgers Computers and Technology Law Journal 39: 194–215.

OSTALI IZVORI

  1. Apple, Inc. 2020a. Using USB accessories with iOS 11.4.1 and later. April 15. https://support.apple.com/en-us/HT208857, poslednji pristup 31. maja 2021.
  2. Apple, Inc. 2020b. Apple Platform Security. https://support.apple.com/guide/security/passcodes-sec20230a10d/web, poslednji pristup 31. maja 2021.
  3. Apple, Inc. 2020c. iCloud security overview. https://support.apple.com/en-us/HT202303#:~:text=Data%20security,end%2Dto%2Dend%20encryption, poslednji pristup 31. maja 2021.
  4. Apple, Inc. 2020d. Legal Process Guidelines Government & Law Enforcement outside the United States. https://www.apple.com/legal/privacy/law-enforcement-guidelines-outside-us.pdf, poslednji pristup 31. maja 2021.
  5. Apple, Inc. 2020e. Legal Process Guidelines: U. S. Law Enforcement. https://www.apple.com/legal/privacy/law-enforcement-guidelines-us.pdf, poslednji pristup 31. maja 2021.
  6. Bright, Peter. 2014. Stealing Encryption Keys Through the Power of Touch. Ars Technica. August 21. http://arstechnica.com/security/
    2014/08/stealing-encryption-keys-through-the-power-of-touch/    , poslednji pristup 31. maja 2021.
  7. Council of the European Union. 2020. Resolution on Encryption – Security through encryption and security despite encryption. 24 November 2020. https://data.consilium.europa.eu/doc/document/ST-13084–2020-REV-1/en/pdf, poslednji pristup 31. maja 2021.
  8. Eurojust. 2019. Cybercrime Judicial MonitorIssue 5. https://www.eurojust.europa.eu/sites/default/files/Publications/Reports/2019–12_CJM-5_EN.pdf, poslednji pristup 31. maja 2021.
  9. Eurojust. 2018. Cybercrime Judicial MonitorIssue 4. https://www.eurojust.europa.eu/sites/default/files/Publications/Reports/2018–12_CJM-4_EN.pdf, poslednji pristup 31. maja 2021.
  10. Eurojust. 2017. Cybercrime Judicial MonitorIssue 3. https://www.eurojust.europa.eu/sites/default/files/Publications/Reports/2017–12_CJM-3_EN.pdf, poslednji pristup 31. maja 2021.
  11. Eurojust. 2016. Cybercrime Judicial MonitorIssue 2. https://www.eurojust.europa.eu/sites/default/files/Publications/Reports/2016–11_CJM-2_EN.pdf, poslednji pristup 31. maja 2021.
  12. Five Country Ministerial. 2018. Statement of Principles on Access to Evidence and Encryption. https://www.homeaffairs.gov.au/about-us/our-portfolios/national-security/security-coordination/five-country-ministerial-2018, poslednji pristup 31. maja 2021.
  13. Google. 2021. Transparency Report Help Center, Request for User Information. https://support.google.com/transparencyreport/answer/7381458?
    hl=en    , poslednji pristup 31. maja 2021.
  14. Manhattan District Attorney’s Office. 2015. Report on Smartphone encryption and Public safety. New York. https://www.manhattanda.org/wp-content/themes/dany/files/11.18.15%20Report%20on%20Smartphone%20Encryption%20and%20Public%20Safety.pdf, poslednji pristup 31. maja 2021.
  15. Manhattan District Attorney’s Office. 2016. Report on Smartphone encryption and Public safety, An update to the November 2015 Report. New York. https://www.manhattanda.org/wp-content/themes/dany/files/Report%20on%20Smartphone%20Encryption%20and%20Public%20Safety:%20An%20Update.pdf, poslednji pristup 31. maja 2021.
  16. Manhattan District Attorney’s Office. 2017. Third Report on Smartphone encryption and Public safety. New York. https://www.manhattanda.org/wp-content/themes/dany/files/2017%20Report%20of%20the%20Manhattan%20District%20Attorney%27s%20Office%20on%20Smartphone%20Encryption.pdf, poslednji pristup 31. maja 2021.
  17. Manhattan District Attorney’s Office. 2018. Report on Smartphone encryption and Public safety, An update to the November 2017 Report. New York. https://www.manhattanda.org/wp-content/uploads/2018/11/2018-Report-of-the-Manhattan-District-Attorney27s-Office-on-Smartphone-En….pdf, poslednji pristup 31. maja 2021.
  18. Manhattan District Attorney’s Office. 2019. Report on Smartphone encryption and Public safety, An update to the November 2018 Report. New York. https://www.manhattanda.org/wp-content/uploads/2019
    /10/2019-Report-on-Smartphone-Encryption-and-Public-Safety.pdf    , poslednji pristup 31. maja 2021.
  19. Mullin, Joe. 2015. Sunk: How Ross Ulbricht ended up in prison for life. Ars Technica. May 29. https://arstechnica.com/tech-policy/2015/05/sunk-how-ross-ulbricht-ended-up-in-prison-for-life/, poslednji pristup 31. maja 2021.
  20. National Cyber Security Center. 2019. Most hacked passwords revealed as UK cyber survey exposes gaps in online security. April 21. https://www.ncsc.gov.uk/news/most-hacked-passwords-revealed-as-uk-cyber-survey-exposes-gaps-in-online-security, poslednji pristup 31. maja 2021.
  21. National Institute of Standards and Technology. 2006. Glossary of Key Information Security Terms. April 25. https://www.govinfo.gov/content/pkg/GOVPUB-C13-b1ff2496095efdbb0a71d72f6b607595/pdf/GOVPUB-C13-b1ff2496095efdbb0a71d72f6b607595.pdf, poslednji pristup 31. maja 2021.
  22. National Institute of Standards and Technology. 2019. Test Result for Mobile Device Acqusition Tool: UFED InField Kiosk v7.5.0.875. September 27. https://www.dhs.gov/sites/default/files/publications/testresultsnistmobiledeviceacquisitiontool-ufedinfieldkiosk_v7.5.0.875.pdf, poslednji pristup 31. maja 2021.
  23. Office of the United Nations High Commissioner for Human Rights. 2018.  Report of the United Nations High Commissioner for Human Rights: The Right to Privacy in the Digital Age, https://documents-dds-ny.un.org/doc/UNDOC/GEN/G18/239/58/PDF/G1823958.pdf?OpenElement, poslednji pristup 31. maja 2021.