FBI Agent: Decrypting Data 'Fundamentally Alters' Evidence

Joseph Cox, reporting for Motherboard: An FBI agent has brought up an interesting question about the nature of digital evidence: Does decrypting encrypted data "fundamentally alter" it, therefore contaminating it as forensic evidence? According to a hearing transcript filed last week, FBI Special Agent Daniel Alfin suggested just that. The hearing was related to the agency's investigation into dark web child pornography site Playpen. In February 2015, the FBI briefly assumed control of Playpen and delivered its users a network investigative technique (NIT) -- or a piece of malware -- in an attempt to identify the site's visitors. [...] According to experts called by the defense in the affected case, the fact that the data was unencrypted means there is a chance that sensitive, identifying information of people who had not been convicted of a crime was being sent over the internet, and could have been manipulated. (Alfin paints this scenario as unlikely, saying that an attacker would have to know the IP address the FBI was using, have some sort of physical access to the suspect's computer to learn his MAC address, and other variables.)

There is a point to be made here

[LichtSpektren]

Suppose the FBI* wanted to present evidence against me in court, which allegedly I transmitted over HTTP, telnet, SSL, or some other insecure protocol. Could I not validly say that the message was forged by a man-in-the-middle? Afterall, it's the digital equivalent of a postcard or billboard posting that's very easily tampered with and forged.

It seems as though the FBI should be cheering for encrypted transmission by default; it means the evidence they collect is (more provably, at least) genuine.


* Let's assume they have a valid and proper warrant here, which usually isn't the case, but let's keep this simple.

Re:"Special" Agent needs remedial forensics traini

Not necessarily disagreeing with you here, but after reading the article I could see something to the FBI's arguments.

My understanding is that in this case, the FBI took over Playpen. Let's say that you go to visit Playpen. The FBI has an encrypted record of your visit, which only it has the keys to. How can you counter the evidence supplied by the FBI? What if the FBI's "encryption" method actually spits out false data?

Not the same, and basically not any different from the FBI falsifying evidence, which has nothing to do with encryption. However, I could see, in a very vague sense, there being some legitimate legal questions about whether or the FBI encrypting something taints evidence, because they *have done something to the evidence.*

Someone else brought up the example of DNA sequencing--whether sequencing DNA alters the blood. That's different, because the original specimen is still there. With communication, everything is a copy. It's like the FBI making a copy and storing that.

Anyway, I share your general skepticism of the argument, but also think the FBI's position isn't totally ill-founded. It seems like they were trying to anticipate a nontrivial legal counter-argument that might apply to a slightly different situation.