1.  This is UKERNA's written submission to the Home Affairs Committee's Inquiry into Terrorism Detention Powers. UKERNA is the not-for-profit company that manages the operation and development of the JANET computer network connecting universities, colleges, research establishments and schools to each other and to the global Internet. This submission considers only issues relating to the recovery of information from encrypted computer files and the time required to achieve this.

SUMMARY

  2.  Four different approaches to obtaining information from encrypted computer files are considered:

—  legal compulsion of the system owner or other person;

—  finding traces of decryption activities through normal forensic investigation;

—  brute-force decryption of the material; and

—  brute-force or intelligence-led attacks on decryption key passphrases.

  If the material was both encrypted and accessed by people highly skilled in the use of encryption then none of these approaches appears likely to reveal information without many years of delay; however if the encryption systems were chosen or ever used without scrupulous care then it appears likely that information would be revealed on a similar timescale to a normal digital forensic investigation.

DETAIL

  3.  There are at least four different approaches that might be taken to recover information from encrypted files on a computer. These are considered in turn.

  4.  The simplest approach is to require the owner of the computer, or some other person with access to the decryption keys, to decrypt the material or provide the key necessary to do so. Powers to require this, backed by the criminal sanction of up to two years imprisonment if a person refuses to comply, are contained in Part III of the Regulation of Investigatory Powers Act 2000, sections 49 to 56. However, despite the apparent benefits for investigating authorities, these provisions have never been brought into force.

  5.  If the encrypted file has ever been decrypted on the computer then there is a reasonable likelihood that information left over from this activity may be found by normal forensic investigation. This may include clear text versions of part or all of the file, unprotected versions of decryption keys or passphrases to unlock those keys and thereby make them available. Many of the routine processes running on a computer will cause accidental copies of this and other material to be retained, for example as deleted files, in filespace related to printing or where the content of memory has been temporarily saved to disk. Well written encryption tools will try to reduce the likelihood of this happening, or to remove such traces when they do occur, however these also require scrupulous care by the operator to ensure that they do not accidentally create additional saved information.

  6.  Probably the hardest method is to attempt a direct decryption of the material by guessing the cryptographic key. Using encryption products generally available at present it is likely to take decades or centuries to blindly guess and test a significant fraction of the possible keys, and no algorithmic methods have been published that would significantly reduce this time.

  7.  A more productive approach is likely to be to attempt to defeat the protection applied to the decryption key. In most encryption systems the key used for decryption is much too long for a person to remember. This key is therefore usually stored as a computer file, itself protected by a further layer of encryption whose key can be remembered. This protection key is often expressed as a password or passphrase which may be guessed; the difficulty of doing this will depend on the training, skill and care of the person who created it and the person who must remember and use it. Guesses may be based either on computer algorithms generating large numbers of possible passphrases, or on information known about the person or found on the computer. In theory a good passphrase will be as hard to guess as the key it protects and therefore either approach will still take many years to have a likelihood of success. In practice the passwords and passphrases chosen by people are much easier to guess than this - it is common for more than half of the login passwords chosen by users of any computer system to be guessed by a computer program running for an hour or so. Clearly a skilled user should be able to choose a much better passphrase than this, and these could take years to defeat.

19 January 2006