E’ questo: 20161220EWGFINALReport (pdf)
Mi pare interessante
Le conclusioni sono condivisibili:
Encryption is inexorably tied to our national interests. It is a safeguard for our personal secrets and economic prosperity. It helps to prevent crime and protect national security. The widespread use of encryption technologies also complicates the missions of the law enforcement and intelligence communities. As described in this report, those complications cannot be ignored. This is the reality of modern society. We must strive to find common ground in our collective responsibility: to prevent crime, protect national security, and provide the best possible conditions for peace and prosperity.
That is why this can no longer be an isolated or binary debate.
There is no “us versus them,” or “pro-encryption versus law enforcement.”
This conversation implicates everyone and everything that depends on connected technologies – including our law enforcement and intelligence communities.
This is a complex challenge that will take time, patience, and cooperation to resolve.
The potential consequences of inaction – or overreaction – are too important to allow historical or ideological perspectives to stand in the way of progress.
Ecco le osservazioni generali
- Observation #1: Any measure that weakens encryption works against the national interest.
- Observation #2: Encryption technology is a global technology that is widely and increasingly available around the world.
- Observation #3: The variety of stakeholders, technologies, and other factors create different and divergent challenges with respect to encryption and the “going dark” phenomenon, and therefore there is no one-size-fits-all solution to the encryption challenge
- Observation #4: Congress should foster cooperation between the law enforcement community and technology companies
che non mi sembrano “rocket science”
Altre azioni raccomandate nel rapporto:
- Exploring tools that might help companies clarify what information is already available to law enforcement officers, and under what circumstances.
- Examining federal warrant procedures to determine whether they can be made more efficient, consistent with current constitutional standards.
- Examining federal warrant procedures to ensure that they are clear and consistent with respect to law enforcement access to digital information.
- Examining how law enforcement can better utilize existing investigative tools
Riguardo i metadati (e questa mi pare piu’ rilevante, come riflessione, dato che “tanto sono solo metadati” a quelle parti è una posizione assai comune):
Acknowledging that metadata cannot replace encrypted content in all cases, the value of this data should be explored. Questions in this area might include:
- When is law enforcement able to access certain types of metadata, what kind of metadata can they access, and from whom do they obtain this data?
- What privacy interests are implicated when law enforcement analyzes large amounts of metadata over time?
- What kind of algorithmic or other technical tools would law enforcement agencies need in order to fully leverage this data?
- What judicial and evidentiary processes around metadata currently exist, and do they limit its effectiveness or applicability in court?
- What knowledge, resource, or technical impediments exist to limit the ability of law enforcement agencies, especially at the state and local level, to more effectively leverage this information?
Circa i captatori:
Legal hacking, also known as lawful hacking, is an investigative tactic whereby a law enforcement agency exploits a vulnerability in the digital security of a device or service in order to obtain evidence of a crime.
Many stakeholders argue that, rather than building new vulnerabilities into secure products to facilitate law enforcement access, law enforcement agencies should be given the resources to exploit the flaws in secure products that already exist.
Several law enforcement agencies noted that legal hacking is a time-and resource-intensive approach, and limited to the subset of cases where the agency actually knows of a flaw to exploit. These concerns are amplified at the state and local level, where resources and technical capabilities may be even scarcer. Other stakeholders expressed concern that a legal hacking regime creates the wrong incentives for government agencies that should be working with private companies to patch vulnerabilities and improve cybersecurity. In the next Congress, the Committees might explore a legal framework under which law enforcement agencies can exploit existing flaws in digital products.
Questions in this area include, but are not limited to:
What sort of legal process, if any, is required in order to authorize a law enforcement agency to “hack?”
