Law in the Internet Society

Fixing the Fourth Amendment from Inside the Fence: Ephemeral Encryption

-- By KaitlinMorrison - 20 Oct 2014


I recently attended a lecture by Orin Kerr on the Fourth Amendment in the digital era. The entry point was whether the search incident to arrest exception to the warrant requirement should include small computers (cell phones). The meaning of the Fourth Amendment has shifted over time in response to changes in technology, from the car to the computer. Kerr calls this equilibrium-shifting, and characterizes it as an attempt to protect the original level of privacy the founders sought to safeguard, even if that means shifting legal rules. He advocates broadly for different Fourth Amendment rules for digital and physical evidence, and specifically, that a warrant should be required before searching a cell phone seized during arrest.

Forced Decryption

Where the discussion began to falter was around encryption. While Kerr believed a warrant was necessary, the perceived wisdom is that the phone should be simply be seized, placed in an RF-shielded baggie, and a warrant acquired. The purpose of the baggie is to prevent remote wipes, perhaps most epically portrayed in the season five premiere of Breaking Bad. But what if the data on the phone is encrypted, and no one has the encryption key other than the suspect? Post-Snowden, Apple is beginning to sell products that claim to allow this kind of encryption, though how much we should trust this claim is questionable. Snapchat claimed photos sent over the app weren't stored until it was proven otherwise, and companies generally only care if you believe their security claims long enough to buy and use the product.

Should suspects be compelled to decrypt data, despite the Fifth Amendment right against self-incrimination? One option would be a separate penalty for failure to decrypt – let's say, ten years. Is this self-incrimination, or something more like being required to allow police into your home when they have a valid warrant. It's not quite the same, however, because police can break down a door without your assistance, but strong encryption can be practically impenetrable.

Ephemeral Encryption

This self-incrimination issue will soon be moot if we take encryption one step further, and imagine data that is not stored and thus unavailable for decryption; data that simply self-destructs. Off-the-record (OTR) encryption does just that. OTR allows for a conversation to happen in real time, and during the conversation both sides can read the conversation and no one else can. When the conversation starts, the two parties agree on a random and temporary, let's say ephemeral, encryption key unique to the conversation. After the conversation, both parties immediately discard the key. Following the conversation, no one can read the conversation, including the two parties involved. There is nothing stored or saved to be disclosed after the fact. When agreed upon by both parties, the conversation simply vanishes at it's completion, like a voice fading in the air.

This is not a correct description of what happens in OTR-encrypted chat. The parties to the conversation will be using whatever chat client they are using that includes OTR encryption support. Their clients may be logging the chat, and if so they will be logging it unencrypted. There is nothing ephemeral whatever about the conversation. OTR is simply providing end-to-end encryption that prevents midpoints, including the chat server(s) in between the chatting parties, from seeing the content of the conversation.

Who has knowledge of this conversation? The participants still know what was said, the same as it ever was. What is eliminated is the unnecessary, unwanted, seeing and storing of the conversation by various entities in between. This scheme grants the privacy and ephemerality of an in-person conversation to all those who would wish to communicate with each other in the way it is done now – digitally. If we have the right to speech, the right to communicate, and communication is now done primarily by bits and bytes, why should I not have the right to to a digital whisper?

But this is about end-to-end encryption of any sort: PGP-encrypted email, exchanges of encrypted files, use of VPNs, etc.

Protecting the Right to Whisper By Self-Help

The tone of the Kerr talk was that perhaps something should be done about this whole encryption thing, lest law enforcement be thwarted in their duties. But we have always had fastidious criminals. This would not render crimes unsolvable. Those involved still have the information, and can be witnesses. Other acts have likely occurred outside of emails to commit the crime. Targeted surveillance based on probable cause may still be undertaken. What ephemeral encryption prevents is the dragnet of mundane, non-targeted surveillance that erodes all privacy.

Suppressing the right of individuals to encrypt seems tantamount to suppressing speech in the digital era. You can choose to speak and be recorded, or you can choose not to speak at all. What kind of choice is that? The idea that ephemeral encryption is an individual right can be distinguished when speaking about highly regulated companies, such as banks. It is reasonable to imagine that they might be required to keep records of internal communications.

Ephemeral encryption is a means of shoring up the Fourth Amendment from the other side of the fence, through self-help by the communicator. Rather than relying on a ponderously shifting understanding of the Fourth-Amendment, why don't we make our digital data as ephemeral as the physical evidence the Fourth Amendment was intended to protect?

Widespread Adoption

Part of acceptance/normalizing of encryption must be widespread adoption, whether that is due to regulation or individual choice. However, it is precisely the premise of this essay that we use encryption as self help, as opposed to government intervention, given the current political climate. In an ideal world, encryption would be an of element of communication that is at times required by law. . Snowden may have heightened interest in privacy, but most still label those who insist on privacy or even show any concern for it as crackpots and criminals. There is a widely held idea that those with nothing to hide should not care about privacy. The converse is those who use encryption have something to hide. One can imagine a penalizing statue like the one for refusal to decrypt in an ephemeral encryption scenario: encryption with intent to commit a crime. With widespread use, this mens rea element is dashed. I didn't use encryption with the intent to commit a crime, it is simply the default. I just happened to also commit a crime, just as those who communicate in person sometimes commit crimes.

Widespread adoption, however, is precisely the stumbling block of the free software movement. Why should people take the slightly harder road for a gain that feels illusory to them? Mass adoption would require that encryption be just as easy to use as nonencryption, the default option. Most would not otherwise be motivated to abandon something that 'works,' while perhaps not entirely for them, for something that they must work on, and thus maintain their precious – wait why why was this important again? - privacy and autonomy.

I'll discuss the Fourth Amendment issues directly in the spring term offering. I'm not any happier with the Oren Kerr approaches than you are, for somewhat different reasons I will try to make clear.

I agree with the general proposition that defaulting to more secure technologies is necessary, but I don't understand why you think that has to be a matter of individual initiative: if seat belts had never been mandated we would lose 100,000 more lives a year in the US alone in automobile accidents. Should that too be outside the scope of regulation?

Nor do I understand why from your point of view this is primarily a Fourth Amendment issue. Law enforcement gets most of its data these days from third parties who respond to subpoenas, not to search warrants, and who neither can nor do raise Fourth Amendment objections when in rare cases they object at all. If people used technologies that stored their communications and the traces of their web activity in their own computers, located in their own homes or businesses (which is technologically feasible, and is indeed what some of us do), then the Fourth Amendment would naturally resume its intended function, would it not?

I don't disagree, I just find it to be outside the scope of this essay. I think there are benefits to be gained from pooling resources, such as server space, and that would be my main critique of everyone storing everything at home on their own servers.

It appeared that you wanted this paper to be private, but you didn't quite achieve that, so I did it for you. If you want the paper to be public, just remove the two "Set" lines above.

I did not intend for it to be private - I just thought I was deleting the unneeded stuff at the end.


Webs Webs

r4 - 02 Apr 2015 - 01:29:34 - KaitlinMorrison
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM