With the recent clipping of the NSA’s wings by the USA Freedom Act, and the encouragement of tech companies for users to employ encryption (also due to the NSA), law enforcement is currently in a bind as it’s more difficult to monitor encrypted communications than ordinary ones. If ordinary users can easily use encrypted communications as peddled by tech companies, criminals can too. It will be tougher for law enforcement to track illegal drug traffickers, gun runners, online pimps and human traffickers. In fact, they could be using Snapchat right now, automatically dissolving vital communication evidence. But since news came out that the popular online messaging service was actually keeping the data, the best move criminals can take is to use other means, like encryption.
So what’s law enforcement to do if it can no longer monitor everybody? The answer is to monitor or focus on known somebodies and wait for them to slip. But they can’t do that if all they see is garbage resulting from encryption; encryption meant to be used by ordinary people. In the UK, legislation is being prepared to force companies to hand over keys to encrypted transmission, but since legislation takes ages, police is eying the use of computer network exploitation (CNE) in layman’s terms, hacking. Since intelligence agencies already have their hands full trying to monitor and intercept terrorism, law enforcement is coming up shorthanded when it comes to other forms of cybercrime. Police departments are therefore considering training themselves in the art of CNE. Instead of waiting for other intelligence agencies to decipher encrypted criminal messages, police can try to do it themselves.
Only two thing stands in the way of this important, well-meaning but intrusive component in law-enforcement. Privacy issues and ethics. Police cannot just barge into someone’s home without a search warrant and the same goes when hacking into someone’s computer whether he/she is a criminal or not. The difference between white hat hackers and black hats is that white hats are paid to do it by the same people they hack into in order to find vulnerabilities in the system, patch them and make them more secure. Black hats do it for attention, vengeance, principle and/or personal gain. Everyone is still presumed innocent until proven guilty so unless there’s enough reason to be suspected, authorities are still required to issue search warrants in search of evidence.
Of course the intrusive nature of hacking, again leads to the question of privacy. The possibility of abuse of CNE cannot be discounted. Without a sufficient legal framework, police can hack into anyone they deem as a suspect to a crime. They can hack into anyone just for kicks or they’d just become extra arms of the supposedly crippled intelligence agencies for mass surveillance. So like the legislation for the surrender of cryptography codes that needs to be prepared, legislation and guidelines for the safe and fair use of CNE by police should be prepared as well.
It’s not a bad idea letting the police take a crack at cracking since everyone is getting savvier and savvier with current technologies including criminal elements that can use encryption in hiding their activities. The use of encryption standards is completely legal, breaking them without a warrant to do so is not. Authorities can only work within the confines of the law, therefore a law that balances law enforcement and privacy concerns need to be made first before nerds in uniform can become regular fixtures in any police department.