From a purely technical standpoint, it begs the question; why was Miranda carrying the password to an encrypted file? Law enforcement is well within its rights to demand the encryption keys and it shows naivety on Miranda’s part to think that he could get away with it at a time of heightened surveillance in the wake of the Edward Snowden affair.
On the other hand, a technically savvy individual carrying encrypted data is unlikely to have the keys because he or she would in all likelihood get someone else to encrypt the data and potentially put it in the cloud so it can be accessed from anywhere in the world. In such a situation, what would law enforcement achieve by detaining that individual?
In the Miranda case, it is almost a certainty that a copy of the data exists elsewhere, so seizing the data doesn’t really solve much. Or does it?
By seizing the data and destroying the equipment that carries it, law enforcement is simply tackling its physical movement. In doing so, law enforcement is making it harder for people like Miranda and Greenwald to publish it, and that is when the data becomes valuable. In reality, law enforcement and governments don’t want the information to be made public, they have access to it and are already monitoring it via initiatives such as Prism. From a whistle blower’s perspective, physically moving the data is (as yet) perhaps the only way to use it surreptitiously - without governments knowing - unless of course they are apprehended as was Miranda.
Fundamentally, this incident goes to show the complexity of cyberspace and hence the difficulty of securing it. All parties involved - governments, businesses, law enforcement, whistle blowers and cyber criminals - are trying to ‘figure it out’ as they go along. Governments are making great efforts to institute their own cyber-security laws, but the fact is that those laws are rendered null and void as cyberspace does not recognise geographical boundaries. Therein lies the challenge and it requires a whole new mind set to address it.
John Colley, Managing Director, (ISC)2 EMEA