The End of effective Law Enforcement in the Cloud? To encypt, or not to encrypt

Steven Ryder, Nhien-An Le-Khac

With an exponentially increasing usage of cloud services, the need for forensic investigations of virtual space is equally in constantly increasing demand, which includes as a very first approach, the gaining of access to it as well as the data stored. This is an aspect that faces a number of challenges, stemming not only from the technical difficulties and peculiarities, but equally covers the interaction with an emerging line of businesses offering cloud storage and services. Beyond the forensic aspects, it also covers to an ever increasing amount the non-forensic considerations, such as the availability of logs and archives, legal and data protection considerations from a global perspective and the clashes in between, as well as the ever competing interests between law enforcement to seize evidence which is non-physical, and businesses who need to be able to continue to operate and provide their hosted services, even if law enforcement seek to collect evidence. The trend post-Snowden has been unequivocally towards default encryption, and driven by market leaders such as Apple, motivated to a large extent by the perceived demands for privacy of the consumer. The central question to be explored in this paper is to what extent this trend towards default encryption will have a negative impact on law enforcement investigations and possibilities, and will at the end attempt to provide a solution, which takes into account the needs of both law enforcement, but also of the service providers. It is hoped that the recommendations from this paper will be able to have an impact in the ability for law enforcement to continue with their investigations in an efficient manner, whilst also safeguarding the ability for business to thrive and continue to develop and offer new and innovative solutions, which do not put law enforcement at risk.

Knowledge Graph



Sign up or login to leave a comment