The PRISM scandal took another twist at the beginning of the week, after it emerged that the partner of Guardian journalist Glenn Greenwald - who has worked closely with whistle blower Edward Snowden in exposing NSA and GCHQ spying – was detained by British authorities at Heathrow airport, with all his electronic devices taken away for examination.
While much of the subsequent debate has entertained the rights and wrongs of David Miranda being held for nine hours under anti-terrorism laws, the technical implications of Miranda’s devices ending up in the hands of the authorities has also stirred discussion, particularly in cyber-security circles.
For Snowden associates and supporters, alarm bells would have been ringing when Miranda detailed the seizure, given his relationship with Greenwald and the likelihood of him encountering highly sensitive information regarding PRISM and Snowden. The police seemed thorough in their electronics asset-strip too. "They took my computer, video game, mobile phone, my memory cards, everything," Miranda said.
But Greenwald is adamant the authorities will not actually be able to access valuable data from the devices, insisting that encryption technology deployed by him and Miranda will safely protect the necessary information.
“We both now typically and automatically encrypt all documents and work we carry – not just for the NSA stories,” Greenwald said in an email to Forbes. “So everything he had – for his personal use and everything else – was heavily encrypted, and I’m not worried at all that they can break that.”
Assessments within the information security industry, however, suggest Greenwald’s confidence may be misplaced. In fact, when Conrad Constantine, a research team engineer at AlienVault, was asked what information the authorities may be able to glean from Miranda’s devices, “The short answer," he said, "is whatever they want.”
In Constantine’s view, British jurisdiction could render the encryption worthless as Miranda may ultimately be forced to reveal the keys to the protected data.
“Encryption doesn't matter,” he says. “The UK became a police state back in 1994 [as a result of the Criminal Justice Bill] and 2000 [Regulation of Investigatory Powers Act].
“The Criminal Justice Bill stated there is no right to silence - refusal to speak when questioned may be filed as admission of guilt. The Regulation of Investigatory Powers Act states there is no equivalent to the 5th amendment now - refusal to disclose encryption keys may be interpreted by a court as obstruction and admission of guilt.”
Industry peer Robert Hansen, technical evangelist at WhiteHat Security, provides Miranda and Greenwald (right) with grounds for optimism, claiming that modern encryption is capable of preventing access no matter how well equipped the interrogators are, but supports Consatntine’s view that legal issues may override the power of the security tech.
“Often people will encrypt files with a secret key that is complex enough that even the government is better off getting access to it rather than attempting to perform cryptanalysis," Hansen said.
"Mr Snowden is in a unique position to know which encryption technology and techniques are best suited to slow down cryptanalysis and it's plausible that he shared this information with Mr Greenwald.
“Alternatively, the UK government may have believed that Mr. Miranda may have simply had an unencrypted backup, which would have been bad for Mr. Miranda as being in possession of classified materials could have caused further detention or even prosecution. I think people are rightfully shocked by this, but as far as what has come out thus far, the government was well within its legal rights in this case - however, perhaps the laws themselves don't make sense, and we should revisit them.”
Government attempts to stem the outpouring of its snooping strategy have also seen GCHQ agents raid The Guardian and destroy the publication's hard drives, which James Laird discussed earlier today.