Microsoft Helps Law Enforcement Get Around Encryption
Law School Fellow Chris Ridder at the Center for Internet and Society is quoted in PC World about how Microsoft is helping law enforcement with access to encrypted files and preserve the integrity of those files:
"Any time you're touching a live computer you're changing it in some way," said Chris Ridder, a residential fellow at the Stanford Center for Internet and Society.
One reason some agents prefer to take the computer back to the lab and create an exact image of it is because they can later compare that image to the actual computer. "You've got the original computer locked away in an evidence safe somewhere, so if someone questions the integrity of the image you can verify it against the original," he said.
Agents can't compare data that they collect on a live machine at a crime scene with the computer later because the act of powering down the machine changes it, he said.
Ridder, who was not familiar with COFEE specifically, also worries that any forensic software is vulnerable to hacking. "A forensic software maker needs to be very careful to make their software as resistant to tampering as possible," he said. He wrote a paper last year about vulnerabilities in forensic software.
Rather than take the risk of tainting evidence by using products like COFEE, authorities have alternatives. They can get court orders permitting them to hack into a password-protected file or they may be able to convince a defendant to disclose the password, Ridder said.Microsoft's Fung said the use of software like COFEE depends on the laws and regulations of countries that may forbid its use. "It's based on their principles and what is required from the court," he said.
Ridder finds it ironic that Microsoft built BitLocker and is now providing law enforcement agents with ways to get around it. "Maybe Microsoft should spend its efforts making BitLocker more secure," he said. For example, maybe users should have the option of requiring a password that allows access to a USB drive. While some users might find that onerous, others might like to have the option, he said.
He also suggested that BitLocker and other encryption products probably aren't as widely used as Fung suggests -- by cyber criminals or honest computer users. Many people are reluctant to use them because they can slow down a computer or because they worry they might forget their passwords. "My sense is it's not nearly as big a threat as they would suggest," he said.