Wider adoption of encryption for data in motion will drive law enforcement to increasingly target data at rest, particularly in cloud environments, says an Ohio State University academic.
In a paper dated April 12, Peter Swire, a professor at Ohio State's college of law, notes that major webmail providers such as Gmail and Hotmail now automatically encrypt emails. Law enforcement has traditionally relied on intercepting communications as they transit through a network, but encryption makes that increasingly ineffective. The FBI even has a term for this phenomenon--"going dark."
Swire also notes that widespread adoption of virtual private networks and secure sockets layer for online commerce has likewise made it difficult for law enforcement to intercept Internet traffic.
But although data in transit proves more and more resistant to wiretapping, data at rest presents a target, particularly when stored in a cloud. Although the prevalence of encrypted storage is unclear, Swire says the difficulty of efficient search and retrieval of encrypted data provides significant "business and functional reasons not to store all data in encrypted form."
Also, it is extremely risky for users to store data in a cloud without having backups of encryption keys. "For that reason, cloud providers (who wish to provide assured access to the data) have a strong business reason to provide key backup," and so make the data susceptible to access by law enforcement.
The remote nature of cloud storage will nonetheless create difficulties for law enforcement, Swire says, since not all agencies will have cloud servers in their jurisdictions. Law enforcers seeking access to servers in other jurisdictions may have to rely on international agreements and "in some (or perhaps many) cases they will not be able to access records that they consider important for law enforcement or national security purposes," Swire says.
- go to the paper on the Social Science Research Network