OpsLens

How Digital Encryption is Getting in the Way of Law Enforcement

In what may likely be a first in the history of U.S. law enforcement, the FBI has forced a suspect to unlock a personal device with a facial ID feature. The incident reportedly went down last month, when federal agents in Columbus, Ohio entered the home of Grant Michalski. According to court documents, 28-year-old Michalski was suspected of child abuse. The investigators presented him with a warrant requiring him to unlock his iPhone X, the eleventh generation device equipped with Apple’s Face ID. They were then able to freely search for his photos, chats and any other potential evidence implicating him in criminal activity.

Law Enforcement’s Technology Hurdle

The common encryption technology accessible to any user who can pay for it is becoming stronger by the day.

This reality, while providing more security and protection for people’s personal data, has created a serious challenge to law enforcement seeking to uncover information on suspects.

Since the world has gone digital, information storage on computers is no longer limited to companies and other organizations. Individuals in the developed world today almost exclusively keep all their important records, whether they be text documents or photographs, in some form of electronic storage. This is typically done on the small but highly efficient supercomputers we keep in our pockets. Of course, the race within the tech industry to build the next bigger and better device hasn’t been limited to more camera pixels and faster processors. Security has become a major demand from consumers. And manufacturers have responded in kind.

The facts in the Michalski case highlight the problem this trend has created for cops and other criminal investigators.

The FBI started investigating Michalski after discovering his ad on Craigslist titled “taboo.” Later, agents identified emails in which he discussed incest and sex with minors with another suspect, William Weekly. Reportedly, they also discussed sexual acts with an individual that Weekly identified in the emails as his own daughter. If there were any more explicit indications of wrongdoing, whether in the form of written communications, photographs, or video, they would likely be on Michalski’s phone.

In this case the FBI actually got lucky in a way. Features like Face ID and other biometrics are easier to obtain from a legal perspective. While passwords are technically protected by the Fifth Amendment, physical features of a suspect are not—hence the ability for the police to take mug shots. The only problem was that Michalski’s face only gave the FBI temporary access to his iPhone. Eventually the security settings on the phone required the entering of a pin number which Michalski has not given up (shocker).

We’ve Been Here Before

This is not the first time attempts by law enforcement to overcome encryption made headlines. It will probably not be the last.

In November of last year, the FBI attempted to access the iPhone of Texas church shooting perpetrator Devin Kelley. Agents apparently hoped to gain insight into Kelley’s background and motivations based on data in the device. Apple on its part had offered assistance to the Bureau in advising them on how to use Kelley’s fingerprints to unlock the phone, but that window closed shortly after the investigation opened—the fingerprint ID feature ceases to operate after 48 hours of not being used.

Perhaps the most famous episode of law enforcement trying to overcome digital encryption came in 2015 in the wake of the San Bernardino shootings, in which two ISIS-inspired attackers shot and killed 14 people at an employee gathering at the city’s Inland Regional Center. After the FBI failed to unlock the iPhone belonging to one of the shooters, it turned to Apple for assistance. The tech giant refused, claiming that such an action would create a bad precedent, and undermine its commitment to customer’s privacy. The government promptly sued the company for obstructing their investigation. No legal conclusion was ever reached at that time, as the FBI withdrew their request after it managed to hack the iPhone with the help of mysterious outside parties (likely Israeli cyber firm Cellebrite). Thus there was left the lingering question: What are the rights of government investigators when it comes to breaking through encryption from the private sector?

Over the past couple of years, both lawmakers and officials, including Attorney General Jeff Sessions, have been leading the crusade to institute policies that will help law enforcement with this problem in the future. Sessions has repeatedly bashed big tech for impeding investigations. He once claimed in a press conference that the FBI has been locked out of thousands of devices belonging to suspects in recent years. Sessions and others would like to see a world in which manufacturers are obligated to help investigators gain access to a device, and failing to do so would be obstruction of justice.

This is not an easy issue to work out. Concerns of private companies are well founded. First is the simple issue of trust. Criminals routinely target government cyber secrets for theft. Sometimes they succeed. The NSA’s cache of cyber weapons was allegedly stolen by hackers last year. More broadly speaking, is it really the government’s prerogative to force companies to hand over their technology, even if in the interests of a criminal investigation?

The fact is, this problem is not going away. It will only become more severe as encryption technology become more sophisticated. Eventually clear policies will have to be laid out on how to address this growing challenge for law enforcement.