Assignment Details
Unit Outcomes:
Prepare a technical scenario concisely and persuasively.
Use appropriate cybersecurity terminology to meet business needs.
Course Outcomes:
Analyze technical scenario elements to determine strategy.
Scenario:
In the wake of disclosures concerning the possibility of the NSA inserting backdoors into RSA’s encryption tools, there has been a great deal of debate in cybersecurity circles concerning the importance of law enforcement’s need to access information versus the privacy and security of users. For this Assignment, choose one or the other of these positions and defend your position.
Instructions:
Writerite a 5-6-page research paper that argues whether or not law enforcement’s need to access unencrypted information when pursuing criminal or terrorist activity is more or less important than the privacy and security right of users. Be sure to expand on the ethical dilemma of inserting cryptographic backdoors, how effective federal surveillance has been in identifying criminal or terrorist activity, and the relative importance of user privacy and security when compared to the needs of law enforcement. The minimum page count is 5-6 pages (excluding cover page, etc.). If you require more pages to thoroughly defend your position, feel free to include them.
Your paper should use Times New Roman 12-point font, be double spaced, and use correct APA formatting (cover page, table of contents, abstract, and reference page). Be sure to use proper APA in-text citations that match your reference list.
A minimum of three peer-reviewed articles should be used to support your narrative in the research paper. You may also use additional material, such as trade magazine articles, but avoid Wikipedia.
Avoid large sections of direct quotes and be sure that you use APA formatting to properly cite and reference all non-original material.
No more than one figure and/or one table should be included and any figures or tables used must clearly support a specific point of the critical analysis. Any figure or table must use an APA formatted figure or table caption.
Project Requirements:
The research paper follows the Writing Guide requirements and establishes a main point or position, uses a minimum of three peer-reviewed sources in support of that position, and provides a clearly worded conclusion.
The paper is 5-6 pages of content (excluding cover sheet, etc.) and uses Times New Roman 12-point font, is double spaced, and uses correct APA formatting (cover page, table of contents, abstract, and reference page).
No more than one figure and/or table in the content.
No spelling errors.
No grammar errors.
No APA errors.
Cybersecurity
Name
Institutional Affiliation
Cybersecurity
The law enforcement agencies need to access the unencrypted information while pursuing criminal as well as terrorist activities. The process is important as compared to privacy and the security right of users. Law enforcement officials need to employ backdoor methods to get access to encrypted messages to keep the public safe from any criminal activity (Stallings, 2006). The process should be enhanced by passing laws which enables the law enforcement agencies to pursue the criminals. It is important for the law to be implemented for the companies to allow the law enforcement agencies to access the devices of the citizens and communication channels in the event of criminal or terrorism investigation related to cybercrime (Inserra, 2015). Therefore the legislators should provide the encryption backdoors as well as providing the ability of access to the backdoors through the process of obeying the court orders.
The rise of the internet of things and more devices which are connected increases the ability of the law enforcement agencies to have greater opportunities to surveil the terrorist suspects and other groups that commits cybercrime (Hauenschild, 2016). According to the report by Havard University Berkman Center, the use of the internet of things provides law enforcement officials to conduct anticipated surveillance (Hauenschild, 2016). Several devices such as the fitness trackers, baby monitors have special devices such as the microphones or cameras as well as other hardware that could be used for surveillance purposes. The report strengthens that law enforcement agencies do not necessarily need the backdoor access to electronic devices or any other method of electronic communication to facilitate their surveillance activities. However, the surveillance activities should be conducted in a free environment with little restrictions to bring help in countering the activities of the attackers. The encryption methods may be the present barrier to the surveillance processes but the process may not be impermeable due to improved laws and procedures that provide an upper hand to the surveillance activities.
The law enforcement agencies are supposed to be allowed to pursue end-to-end encryption as well as device encryption. The end-to-end encryption occurs when communication through emails or messages or phone calls can be encrypted by the sender and the recipient has the information to decrypt the communication. The communication can only be made readable by both the recipient and the sender. Therefore the third party cannot be allowed to access the information. The law enforcement agencies should be allowed to access the unencrypted messages between the sender and the receiver to counteract the security issues surrounding cybersecurity (Inserra, 2015).
On the other hand, law enforcement agencies should be allowed access to unencrypted messages under device encryption. The encryption of the devices can be evaluated under the native devices as well as through the software which is installed by the users on the devices. The process may prevent law enforcement officials and other actors such as the hackers from accessing the devices without the special key that is provided by the users (Rozenshtein, 2019). The law enforcement is supposed to be given the unique number or password for access to the devices in the event a criminal activity is detected. Any criminal activity that is related to cybercrime can be combated at earlier stages by the investigative agencies is allowed access to the devices.
On the other hand, end-to-end encryption may act as a barrier for law enforcement agencies to access communication or any other related data. The data embedded in the end-to-end encryption can Help the security agencies in acquiring prior information before the attackers commit their criminal activities. Despite the security measures under, end-to-end encryption, it cannot prevent the law enforcement agencies from accessing the information entirely (Rozenshtein, 2019). The security apparatus can still access the communications that are necessary for detecting or investigating criminal activity or any other form of terrorism. The report further cites that most of the companies are not implementing the end to end encryption mechanisms to allow the law enforcement agencies to access to some critical information for combating crimes.
The report further focuses on the ability of the companies to put in place the unencrypted information. There is a need for the unencrypted data to drive the revenue that is generated through the target market. The barriers of widespread adoption of the unencrypted messages should also be addressed to increase the convenience (Hauenschild, 2016).
Access to unencrypted messages helps to counteract darkness during crime investigations. According to the Scholars strategy Networks, law enforcement agencies such as FBI have raised concerns about companies such as Apple for encrypting the iPhone information thus preventing them from perusing the perpetrators. The investigations are hindered because the evidence that is needed to provide critical information is encrypted. Most companies, for instance, Apple’s iOS have their communication messages through WhatsApp channel automatically encrypted which prevents agencies and companies from accessing it (Rozenshtein, 2019). However, there are barriers that prevent law enforcement agencies from accessing the information even under court orders. The law enforcement agencies have been finding it difficult to access crucial information because of the increasing number of encryption devices. Most of the products are designed in a way that they cannot allow the third parties to get access to information. The tools for accessing the unencrypted messages have been rendered expensive especially among the local police who investigate most of the cybercrimes. Due to the growth of concern about the encryption of devices and messages, the law enforcement agencies are calling for the legislation to compel the design companies to design their devices in a way to allow the third party to access the information.
On the other hand, as much as the law enforcement agencies should be allowed to access the information, more focus should be based on the privacy and ethical issues involved. There exist concerns that unencrypted information could harm the public. Encryption of messages safeguards the privacy and personal information which allows the people to communicate securely with others. Encryption of messages enables both online and offline communication activity (Merkel, 2018). Therefore if there are more entities to decrypt the data then there is more likelihood of creating more opportunities for the hackers and other bad actors to access the data. On the other hand, the system that allows the third party to access the data is even more complex and uneasy to control than the system which does not.
Allowing full access of the encrypted messages by the law enforcement agencies could create more vulnerability and multiple access points for the attackers to initiate their crimes. The information which is decrypted is less secured as compared to the encrypted one. It is not easy to design a system which has decrypted information and limited to a specific country (Merkel, 2018). For instance, it is not easy to create systems that would allow the law enforcement agencies of a particular country to access to information and prevent the other country.
The privacy of individual data is more important as compared to the needs of law enforcement agencies. Legislation should be implemented to protect the privacy of the data in cases where the law enforcement agencies need to access the data. The best methodology is the retention of the metadata. The telecommunication companies are required to be given the authority to retain the metadata for a given period of time. The process allows the law enforcement agencies to have full access to the data without interfering with the content of the data (Merkel, 2018).
Conclusion
In conclusion, allowing access to data by law enforcement agencies is the best approach to dealing with cybercrime issues and other related crimes. The law enforcement agencies have made significant steps by pursuing crimes through backdoor access to information. The best proposal that can guide the process is to put in place the laws that will control the process of accessing the data. Privacy of the data is even more crucial as compared to the mission of the law enforcement agencies in combating the crimes. Privacy can be strengthened by limiting the amount of data that should be accessed through the introduction of the metadata. The metadata allows companies to control the type of information that can be accessed by a given security agency. The state should also enact more laws to control the legislative process especially in controlling the access to encrypted messages. There is a need for a collaborative approach between the service providers companies and the government providing the best mechanisms for the access of the encrypted data.
References
Hauenschild, J. (2016, February 05). Encryption is Not Preventing Law Enforcement from Investigating Crime. Retrieved from https://www.alec.org/article/encryption-is-not-preventing-law-enforcement-from-investigating-crime/
Inserra, D. (2015). Encryption and Law Enforcement Special Access: The U.S. Should Err on the Side of Stronger Encryption. Retrieved from https://www.heritage.org/defense/report/encryption-and-law-enforcement-special-access-the-us-should-err-the-side-stronger
Merkel, R. (2018, December 07). The government’s encryption laws finally passed despite concerns over security. Retrieved from https://theconversation.com/the-governments-encryption-laws-finally-passed-despite-concerns-over-security-108409
Rozenshtein, A. Z. (2019). How to Think about Access by Law Enforcement to Encrypted Electronic Data. Retrieved from https://scholars.org/contribution/how-think-about-access-law-enforcement-encrypted-electronic-data
Stallings, W. (2006). Cryptography and network security, 4/E. Pearson Education India.