In the blog post Smartphone Encryption is a Red Herring, I pointed out the folly of requiring an encryption backdoor for the Good Guys to use. So the question arises- “What can be done? If we don’t want a global encryption backdoor that can be used by anyone, can we still track the Bad Guys?”
The answer is yes. There are plenty of options that don’t require a global backdoor. I’m not passing judgment on whether these are inherently good or bad options, just that they are available when there is a reason to track a Bad Guy.
A keylogger is used to track everything someone types. They come in both software and hardware varieties. Once installed, they can provide regular data about passwords and other communications the Bad Guy is making. Some store the data for later retrieval, while others broadcast it on a regular basis. They exist in varieties for both computers and cell phones.
Online Man in the Middle
With proper authorization, the Good Guys can stand between the Bad Guys and common online services they might be using. Working with their internet provider, they can gather data similar to keyloggers by intercepting and relaying data back and forth.
Digital Evidence Collection
When a warrant is served and computers or mobile devices are retrieved for analysis, gathering evidence quickly is paramount. The Bad Guys may have countermeasures installed on their devices, so being able to copy data from hard drives and other storage mediums across platforms while they are still online is important. Once images of the data are created, the evidence can be safely analyzed without being concerned about time bombs or other countermeasures. Xojo has been used to create tools that are used for both digital evidence collection and analysis. Being a cross platform tool is a particular advantage in this scenario.
None of the above options require a global backdoor, and they can all be limited to just the Bad Guys in question when surveillance is warranted. A recently released Harvard study has similar findings. Some options are better than others depending on the region in the world and the technical prowess of the Bad Guys. Smartphone Encryption is a Red Herring, but the Good Guys have other options. We don’t need universal backdoors.