Monday, 20 March 2017

The FBI Says It Doesn’t Need Encryption for Unclassified Evidence

Encryption can protect data from all sorts of threats: it can stop sensitive information from being read after it is intercepted, or may thwart attackers from getting at data stored on a device.

But according to a procurement document published by the FBI, the agency says it doesn't need to use encryption for protecting unclassified audio or video evidence.

The snippet is included in a 2016 document laying out the technical requirements for a smartphone recording app that the FBI requested be developed. According to the document, the app would allow both overt and covert recording and streaming.

As the agency points out, any evidence that is then going to be presented in court will need to have a traceable "chain of custody;" that is, parties can verify the route a piece of evidence has taken, from collection onwards, that the data has not been tampered with in any way.

The smartphone app would do this, in part, by using a hash. A hash is a cryptographic representation of a file or piece of data―if someone has fiddled with the data, the hash will change too, setting off alarm bells. But the app doesn't need to encrypt data, the document continues, meaning that it may still be open to tampering in the first place.

"The app shall contain technical safeguards designed to protect stored evidence. While authentication hash is required, encryption is not necessary, as the recorders do not store classified information," it reads. It's not totally clear if this is concerning encryption designed to protect the data in transit, or if it concerns data at rest on the device: although the phrasing seems to imply the latter, the smartphone app would also need to send recordings to a remote server, according to the document. (A later part of the document does ask for encryption when transferring files, but only when an agent transit the files themselves via USB onto a computer).

This stance is generally consistent with previous FBI comments on encryption and evidence, though. In a case involving a piece of FBI malware, Special Agent Dan Alfin argued that decrypting data "fundamentally alters" evidence. Jonathan Zdziarski, a forensics expert who has recently gone to work at Apple, previously told Motherboard he disagreed with this position, saying it held "no water at all."

from The FBI Says It Doesn’t Need Encryption for Unclassified Evidence

No comments:

Post a Comment