•  
  •  
 

Abstract

The debate on government access to encrypted data, popularly known as the “going dark” debate, has intensified over the years. On the one hand, law enforcement authorities have been pushing for mandatory exceptional access mechanisms on encryption systems in order to enable criminal investigations of both data in transit and at rest. On the other hand, both technical and industry experts argue that this solution compromises the security of encrypted systems and, thus, the privacy of their users. Some claim that other means of investigation could provide the information authorities seek without weakening encryption, with lawful hacking being one of the most suggested alternatives. “Lawful hacking,” also known as “government hacking,” consists in the deployment, by investigative authorities, of tools that allow for the intrusion into computer systems, enabling access to its contents. Although this form of investigation seems to be essential in an increasingly connected society, it is important to understand security and privacy risks of different lawful hacking regulatory approaches. Considering that some countries are already enacting legal frameworks related to it, I aim to highlight the issues that should be properly addressed in order to position lawful hacking as one of the viable answers to the “going dark” debate.

Share

COinS