LAW ENFORCEMENT ACCESS TO ENCRYPTED DATA: LEGISLATIVE RESPONSES AND THE CHARTER.

• Date: 01 December 2017
• Author: Penney, Steven

In our digital age, encryption represents both a tremendous social benefit and a significant threat to public safety. While it provides the confidence and trust essential for digital communications and transactions, wrongdoers can also use it to shield incriminating evidence from law enforcement, potentially in perpetuity. There are two main legal reforms that have been proposed to address this conundrum: requiring encryption providers to give police "exceptional access" to decrypted data, and empowering police to compel individuals decrypt their own data.

This article evaluates each of these alternatives in the context of policy and constitutional law. We conclude that exceptional access, though very likely constitutional, creates too great a risk of data insecurity to justify its benefits to law enforcement and public safety. Compelled decryption, in contrast, would provide at least a partial solution without unduly compromising data security. And while it would inevitably attract constitutional scrutiny, it could be readily designed to comply with the Charter. By requiring warrants to compel users to decrypt and giving evidentiary immunity to the act of decryption, our proposal would prevent inquisitorial fishing expeditions yet allow the decrypted information itself to be used for investigative and prosecutorial purposes.

A l'ere du numerique, la cryptographie represente a la fois un avantage social considerable et une menace importante a la securite publique. Bien que cet outil assure la confiance essentielle a l'integrite des communications et transactions numeriques, des malfaiteurs peuvent egalement sen servir pour dissimuler des preuves incriminantes des forces de l'ordre. Deux reformes juridiques ont ete principalement proposees pour remedier a cette problematique: obliger les fournisseurs de systemes cryptographiques a ofErir a la police un << acces exceptionnel>> aux donnees decryptees et a leur donner le pouvoir d'obliger les particuliers a decrypter leurs propres donnees.

Cet article evalue ees deux options dans le contexte de politiques publiques et du droit constitutionnel. Nous concluons que l'option de l'acces exceptionnel, bien que tres probablement constitutionnelle, genere un risque d'insecurite trop important pour en justifier les avantages qu'il peut offrir aux forces de l'ordre et a la securite publique. Le dechiffrement force, en revanche, proposerait au moins une solution partielle a la problematique, sans compromettre indument la securite des donnees visees. Et bien que cela attirerait inevitablement un examen constitutionnel, cela pourrait etre facilement concu pour se conformer a la Charte. En exigeant des mandats pour obliger les utilisateurs a decrypter leurs donnees et en donnant l'immunite en matiere de preuve a l'acte de decryptage, notre proposition empecherait les expeditions de peche inquisitoriales tout en permettant l'utilisation des informations dechiffrees a des fins d'enquete et de poursuite.

Introduction I. Existing Methods of Defeating Encryption A. Traditional Investigative Methods B. Third-Party Assistance C. Exploiting Vulnerabilities D. Guessing the Password II. Legislative Responses A. Exceptional Access 1. Policy 2. Privacy and Section 8 of the Charter 3. Freedom of Expression and Section 2(b) of the Charter B. Compelled Disclosure 1. Policy 2. Self-incrimination and Section 7 of the Charter 3. Privacy and Section 8 of the Charter Conclusion Introduction

Encryption is one of the most important technologies of the digital age. It provides individuals and organizations with the confidence and trust necessary for a myriad of socially productive transactions, including e-commerce, personal and business communications, and the provision of government services. (1) It also facilitates the expression of ideas and opinion and pursuit of fulfilling lifestyle choices essential to a free and liberal society. (2)

But encryption also poses a tangible threat to public safety. Criminals and other wrongdoers use it to shield incriminating evidence from law enforcement. In response, police have had to find ways to circumvent it. Current methods are limited, however, and their success often depends on variables outside of law enforcement's control. To the extent that evidence of crime is increasingly in digital, encrypted form, it will often be either unavailable to police or require costly measures to access. This situation has no analogue in the pre-digital world: no safe or lock could permanently prevent police from lawfully obtaining incriminating documents or records stored within. (3) Encryption technology thus threatens to impede the detection and deterrence of crime and cause significant harm to society. [4]

Legislative responses to this conundrum may be grouped into three categories. The first is to do nothing, relying on existing and future investigative and technical methods to lawfully access as much encrypted data as possible. Whether this is a tenable situation for society involves many difficult empirical and policy questions that we do not attempt to answer in this article. (5)

Should Parliament decide to act, two approaches present themselves. First, Parliament could choose to regulate the production and use of encryption technologies to enhance law enforcement's lawful access to unencrypted information. Such an "exceptional access" regime would compel encryption providers to give police "backdoor" access to decrypted data. The second approach would empower police to compel individuals--by imposing sanctions for refusal--to decrypt their own data. This could be achieved by compelling users to give police passwords, encryption keys, biometric identifiers, or the unencrypted data itself. (6)

Both of these legislative solutions raise concerns. Exceptional access presents technical challenges, including the risk that malicious actors will exploit security vulnerabilities intended only for legitimate law-enforcement purposes. (7) Compelled decryption avoids this risk, but raises concerns relating to privacy and self-incrimination. (8)

This article evaluates each of these alternatives in the context of policy and constitutional law. We conclude that exceptional access, though very likely constitutional, creates too great a risk of data insecurity to justify its benefits to law enforcement and public safety. Compelled decryption, in contrast, would provide at least a partial solution to the encryption problem without unduly compromising data security. And while it would inevitably attract constitutional scrutiny, it could be readily designed to cohere with the Canadian Charter of Rights and Freedoms. (9) By requiring warrants to compel users to decrypt their data, and by giving evidentiary immunity to the act of decryption, our proposal would prevent inquisitorial fishing expeditions yet allow the decrypted information to be used for investigative and prosecutorial purposes.

The article proceeds as follows. Part I outlines existing methods for circumventing encryption and their limitations. Part II discusses the legal and policy issues surrounding the exceptional access and compelled disclosure alternatives. We argue that the latter is the more viable policy option, can be designed to comply with the Charter's self-incrimination and privacy protections, and would maintain the contemporary balance between liberty and crime control interests. (10)

1. Existing Methods of Defeating Encryption

   Encryption uses the process of cryptography to transform ordinary information, or plaintext, into unintelligible ciphertext. Persons who possesses the encrypted ciphertext cannot recover the plaintext information unless they know both the algorithm used to perform the transformation and an additional piece of information called the encryption key. (11) In effect, this allows encryption to hide information from anyone not authorized to view it.

   The theoretical security of an encryption system is determined by considering whether it can be broken using a reasonable amount of time and computing power. While any encryption can be defeated by trying every possible key, any algorithm that requires an unreasonable amount of time and resources to break is considered computationally secure. (12)

   Even computationally secure encryption, however, may be vulnerable to attack. The encryption algorithm and keys are part of a larger security system that may contain weaknesses. (13) Depending on the algorithm used, the device it operates on, and decisions made by the user, police may be able to recover the plaintext information without acquiring the encryption key. Moreover, many systems derive the key from a user-selected password. (14) In such instances, the encryption is only as strong as the user's choice of password.

   As mentioned, police do currently have methods of accessing encrypted data. These may be grouped into four categories: (i) traditional investigative methods; (ii) third party assistance; (iii) exploiting vulnerabilities; and (iv) guessing the password. (15) As detailed below, however, each has significant limitations. Without exceptional access or compelled disclosure, law-enforcement will continue to be prevented from accessing information that they are legally entitled to obtain.

   1. Traditional Investigative Methods

      Police may use several traditional investigative techniques to obtain plaintext from encrypted data, most commonly through surveillance, search and seizure, and questioning. (16) As its name implies, surveillance involves surreptitiously observing suspects to capture passwords, encryption keys, or plaintext before it is encrypted. Hidden video cameras, for example, may record suspects' encryption keys or passwords as they are inputted into the device. In addition, if suspects share passwords over unencrypted channels, police can potentially intercept them in transit. And most effectively, police can obtain keys or plaintext by surreptitiously installing...