Encryption and Law Enforcement Investigations: Police Access to Encrypted Data

Posted on January 25, 2023 by Michael Lowe.

Last month, Apple announced its new end-to-end encryption for data stored by its customers in iCloud, Apple’s cloud storage service. It’s being heralded as “police-proof” in the media. Read, “Apple Set to Launch New, Police-Proof, Full End-to-End Encryption,” written by the Associated Press and published in the Daily Sabah on December 9, 2022.

Apple explains this new privacy development involves three protections that “… make Apple products the most secure on the market .. an extreme, optimal level of security for users such as journalists, human rights activists, and diplomats.”

FBI Is “Deeply Concerned”

The Justice Department’s Federal Bureau of Investigation responded. In an email statement published in the Washington Post, the FBI said federal law enforcement was “deeply concerned” with Apple’s promise of end-to-end encryption that only users can access. Not even Apple can access its new iCloud-encrypted data. Read, “Apple Says It Will Allow iCloud Backups to be Fully Encrypted,” written by Joseph Menn and published by the Washington Post on December 7, 2022.

The FBI points not only to threats to national security, like terrorism, but to criminal activity like drug trafficking, child abuse, and organized crime as being investigations that will be “hindered” by this new data protection.

What is Encryption?

Protecting proprietary information from prying eyes and keeping personal information secret has been a desire of humans for centuries, maybe since communications began. One writer points to the cyphers of 2500 years ago as an example of mankind’s attempts to protect data. Read, “What is encryption?” written by K.G. Orphanides and published by Trusted Reviews on January 31, 2022.

As to defining encryption, the author explains it as:

Encryption turns human- or computer-readable data into a string of code that’s meaningless unless you have the key required to decode it. It’s critical to online security, financial transactions, privacy, and the general operation of the internet as we know it today.

People have been using cyphers to encrypt information for at least 2500 years. Simple substitution cyphers, such as ROT-13, in which the “key” is the knowledge that every character of the Latin alphabet is moved on 13 places, are as common in games and puzzles as they are in online spoiler warnings.

End-to-End Encryption

There are several types of encryptions, such as symmetric encryption (think what is being used by your Wi-Fi router). However, end-to-end encryption is different, especially as Apple provides now.

The power of end-to-end encryption is it uses an algorithm that converts your text or images into an unreadable format so only those with your authorization can access the information, using decryption keys. Called “E2EE,” IBM explains that end-to-end encryption “…prevents unintended users, including third parties, from reading or modifying data when only the intended readers should have this access and ability.”

The Barriers to Accessing Your Encrypted Data Faced by Law Enforcement

Any law enforcement agency, state or federal, that is trying to build a case for arrest and prosecution of severe felonies will eventually want to seize and search things like tablets, computer drives, smartphones, and other storage devices for data that may lead to criminal charges. As phones have become more and more popular and powerful, they are one of the first things police or federal agents will want to explore. Several legal hurdles must be jumped from getting the phone itself to understanding the encrypted data.

Constitutional Search and Seizure: Getting the Device

Legally, there are barriers to any data-storage device being taken and combed through by law enforcement. There are constitutional protections for all governmental searches and seizures. For instance, the Fourth Amendment to the United States Constitution and article I, section 9 of the Texas Constitution both protect against unreasonable searches and seizures.

Before the phone (or another device) can be taken from its owner, these constitutional protections must be respected. There must be probable cause to justify the search and seizure. For more, read: What is Probable Cause for Police to Arrest in Texas?

Getting to the Data: Passwords

Getting the phone is just the first step. Afterward, law enforcement will also need to gain access to the data. If a security password is in place, then they will need a search warrant before they get that password to get to the phone’s stored data. Constitutional search and seizure protections will be in place for the passwords that are independent of the device itself.

Getting to the Data: Biometrics

Biometrics are being offered more and more as better security measures than simple passwords to keep phone data safe. After all, if someone steals your phone and you have biometric security features in place, then they cannot unlock that device without you being physically present. Fingerprints need your hand, for instance. Facial recognition requires you to stare at the device before it will allow access.

However, courts may be finding that it is easier to allow law enforcement access to protected data when biometrics are involved instead of passwords. The FBI may find it easier to get a judge to sign a warrant allowing access to the phone’s data with a biometric shield. For more, read the discussion provided by Above The Law in “FBI Successfully Forced A Criminal Suspect To Unlock His Wickr Account With His Face,” published July 22, 2022.

Getting to the Data: Terms of Service Workaround

So how hard is it to get your data? Not so difficult. In the opinion of an expert at the Electronic Frontier Foundation’s surveillance litigation director Jennifer Lynch, “[y]our digital data is ‘pretty much all available to the government in one form or another.’ Read, ”How Can US Law Enforcement Agencies Access Your Data? Let’s Count the Ways,” written by Johana Bhuiyan and published by The Guardian on April 4, 2022.

For instance, Apple will receive an emergency legal request for data that will not require a search warrant in “exceptional situations” where (1) there is imminent and serious threat to the life or safety of an individual; (2) State security; or (3) security of critical infrastructure or installation. Apple gets to do this because you let them; it’s part of their Terms of Service. Other providers, like Google, have similar provisions in their customer agreements.

Reading Encrypted Data

Once law enforcement has obtained the phone, or other data-storage device, then the court has to approve the use of a password or biometric access to the innards of that device. Maybe there is a way to circumvent the need for a search warrant with an emergency request to the provider. No matter how access is gained, there’s still all that data stored there to be reviewed. What if it’s encrypted?

The Lawful Access Issue

From the perspective of the Justice Department, some forms of encrypted data are “warrant-proof.” This involves end-to-end encryption where the service provider cannot turn over understandable data in response to a government search warrant. In the government’s viewpoint, “… the targets of the investigation control whether or not their communications are subject to lawful surveillance.”

From the Department of Justice:

The use of widespread and increasingly sophisticated encryption technologies significantly impairs, or entirely prevents, many serious criminal and national security investigations, including those involving violent crime, drug trafficking, child exploitation, cybercrime, and domestic and international terrorism.

The Lawful Access to Encrypted Data Act of 2020

In 2020, there was a legislative attempt to allow government access to encrypted data by forcing companies like Apple and Google to have the ability to decode any encrypted data stored for their customers.

The language of the proposed 2020 Lawful Access to Encrypted Data Act provided:

This bill requires certain technology companies to ensure that they can decode encrypted information on their services and products in order to provide such information to law enforcement. It also establishes requirements and procedures for assisting law enforcement agencies in accessing encrypted data.

The bill was not successful, but efforts to pass similar legislation are expected. As the Department of Justice explains the Lawful Access issue:

Law enforcement is increasingly facing challenges due to the phenomenon of “warrant-proof” encryption. Service providers, device manufacturers, and application developers are deploying products and services with encryption that can only be decrypted by the end user or customer. Because of warrant-proof encryption, the government often cannot obtain the electronic evidence and intelligence necessary to investigate and prosecute threats to public safety and national security, even with a warrant or court order. This provides a “lawless space” that criminals, terrorists, and other bad actors can exploit for their nefarious ends.

Defenses to Law Enforcement Investigations into Encryption

Encrypted data is just one part of a sophisticated government investigation into criminal activity. An experienced criminal defense attorney will be prepared to address all aspects of the state’s actions and endeavors, from the initial targeting of the accused to the seizure of property and the arrest of the individual. See, Child Pornography: Defending Against Overreaching Investigations Using the Internet.

For searches and seizures involving data-storing devices, such as smartphones, there will likely be challenges to the probable cause affidavit provided to the court that justified getting the phone or device in the first place. In this evidentiary hearing, the defense attorney can argue for suppression and exclusion of any evidence based upon insufficiencies in the affidavit.

Even if the magistrate approved that search warrant, it does not mean that there have not been constitutional violations. “[S]earches pursuant to a warrant will rarely require any deep inquiry into reasonableness, for a warrant issued by a magistrate normally suffices to establish that a law enforcement officer has acted in good faith in conducting the search.” United States v. Leon, 468 U.S. 897, 922 (1984). Nevertheless, “[t]he reasonableness of the officer’s acts both in executing the warrant and in performing a subsequent search of seized materials remains subject to judicial review.” United States v. Hill, 459 F.3d 966, 978 (9th Cir. 2006).

For more, read:

For any situations where the government appears to have gained access to encrypted data, there will be a need for expert analysis to support the defense. Where, when, and how did the government agents get the data, and how was it decrypted? Who did it? Were any laws violated in this process?

Pursuant to the Fourth Amendment, the United States Supreme Court “…created the exclusionary rule, a deterrent sanction that bars the prosecution from introducing evidence obtained by way of a Fourth Amendment violation.” Davis v. United States, 564 U.S. 229, 231-32 (2011). “Generally, the exclusionary rule prohibits the introduction at trial of all evidence that is derivative of an illegal search, or evidence known as `fruit of the poisonous tree.’” United States v. Hernandez, 670 F.3d 616, 620 (5th Cir. 2012).

Unlawful access of encrypted data by law enforcement may be the basis of a motion to dismiss the case in all or in part. It will all be “fruit of the poisonous tree.”

For more, read:

Electronic Surveillance Under Federal Law: Criminal Defense Considerations in 2021

Child Pornography: Defending Against Overreaching Investigations Using the Internet

When Police Enter Your Home (Or the FBI and ICE) Here in Texas

Encounters with Law Enforcement: A Criminal Defense Perspective.

Effective and aggressive criminal defense strategies in today’s felony cases in both state and federal court must include (1) an understanding of the criminal laws and their corresponding court case precedent; (2) the detailed factual circumstances underlying each criminal count; and (3) technological knowledge of current encryption technology, data security, and accessibility whenever data becomes a part of the prosecution’s case. Evolving encryption protocols add another layer of complexity to many complicated felony representations for today’s experienced criminal defense lawyers.

______________________

For more information, check out our web resources, read Michael Lowe’s Case Results, and read The Importance of a Probable Cause Affidavit in Texas Criminal Defense.

Posted on January 25, 2023 by Michael Lowe , on Child Pornography Charges, Drug Crimes, Evidence, InDepth Articles, Search and Seizures, Sex Crimes, Trafficking Charges, Weapons Charges

View More Case Results

Comments are welcomed here and I will respond to you -- but please, no requests for personal legal advice here and nothing that's promoting your business or product. Comments are moderated and these will not be published.

About Michael Lowe

Find Him On:

With more than 150 jury trials under his belt, Michael Lowe has strong and varied courtroom experience.

View His Biography

R R 2 months ago

My special needs families, listen up! If you find yourself in the shocking and surreal world where your adult child's behaviors related to IDD and mental health trauma are treated as criminal, Michael Lowe is who you call. When I was calling around initially, I found so few lawyers who understood or even cared to try to understand my son's disability and I felt so uneasy talking to them. I can not put into words the level of panic and fear racing through me during this time of utter shock and bewilderment as to the fact it was even happening! But then I spoke to Michael, and I immediately felt peace and knew by his kindness that he understood and I finally felt heard, and I felt hope. Our first meeting with Michael, he put my son with Down syndrome at ease and assured him everything would work out. As a single mom, his empathy and compassion towards my finances were also appreciated as he charged me a flat fee only, and our case took 2.5 years to complete. The goal was always to have the case dismissed and Michael accomplished that goal. My son has now been treated for his mental health, is healing from his trauma and is leading the life he was meant to have. We could not be be more grateful to Michael for his genuine compassion, generosity, gifted strategy and brilliant efforts in insuring this outcome. I never in a million years thought my family would go through something like this, and I had zero awareness until now that our special needs community needed an advocate for our adult kids who suddenly land in the criminal justice system. Since this experience, I have met other families in similar situations with less favorable outcomes and realized even more so how not only valuable, but imperative Michael Lowe and his services are to our community. I hope by writing this review, other families are able to get the help and successful outcome that we did from having Michael Lowe in our corner.

...

Cesar Ruiz 2 months ago

This guy went above and beyond my expectations. I was burnt out from 2 previous lawyers before him who only sweet talked me and didn’t do a single thing for me. Michael did the opposite, he under promised and over delivered!!! He helped me on a case that very few lawyers had hope for! Words can’t explain the level of gratitude I have for this man. He truly is one of the best in his field. I have so much respect and love for this man now! Thank you Michael!

...

Rogue Print 5 months ago

I had a complex legal question crossing two State's and Federal jurisdictions.

I contacted 11 Lawyers in two states for help. Some of the Lawyers specifically said they dealt with these situations on their website. 10 of those Lawyers would not even consider the case.

Michael Lowe took up the issue and PROMPTLY provided real legal advise for my circumstance. He researched and personally advised me with the applicable law and appropriate course of action. Even though he could not be retained and get paid, because he does not practice where I have to file, This Man helped out of the goodness of his heart, He did not have to. He got nothing out of it. But he did it anyway. There are so few people out there that are willing to help someone else.
I am so very grateful for him!

...

Liosvel Vazquez 6 months ago

Mr Lowe is the best on what he is doing.. he resolved my case really fast. Super thankful.

...

Sales M7 7 months ago

Michael represented me on a federal case. I came to Michael at the lowest point in life after removing my previous counsel. Michael & I met for an hour and it kind of felt as a good fit from the beginning hence I retained his services. He was empathetic and listened.

During representation we spent countless hours talking about my case to fine tune our strategy and were able to find a solution. He spent all this extra time without asking for any extra fees. I will always be thankful and grateful for what he has done for me. He really went above and beyond to help me.

Thank you, Michael!

...