Companies and governmental agencies must deal with the conflicting objectives of ensuring that data is kept secure and private, and ensuring that data is available for inspection to comply with legal, regulatory, and litigation requirements. Common data protection techniques include encryption, which complicates the process of timely data delivery needed to support eDiscovery demands. The collection and processing of Electronically Stored Information (ESI) must include methods to deal with encrypted data, and this often results in significant delays in an organization's ability to complete investigations.
The most common sources of ESI for eDiscovery processing are electronic mail (email) and common industry formats of computer data files. With encryption becoming a more common technique to secure electronic communications and data stored electronically, additional eDiscovery processes must be in place to deal with encrypted data.
Some eDiscovery tools perform indexing of message content to support search capabilities, and some organizations index all content in anticipation of search requirements. The features of these eDiscovery products exclude all encrypted (e.g., undecrypted) content from indexing routines, dramatically reducing the effectiveness of eDiscovery search operations.
The technology industry's most common standard for securing email communications through encryption is S/MIME (Secure Multipurpose Internet Mail Extensions). Many organizations have adopted S/MIME, and as a result must deal with the obstacles to their search requirements for eDiscovery. Other industry standards for encryption formatting are available.
Known commercially available tools and products capable of providing decryption under the conditions that services the specified private keys for decrypting the data are directly available. These private keys are most often retrieved and copied manually during the decryption process, which adds enormous manual burden on the person performing the decryption. In addition, known methods can specify that the private key, which is highly sensitive, be provided to the end user in the process, which raises the potential of unauthorized information exposure and misuse of the private key.
With the introduction of the U.S. Government Homeland Security Presidential Directive 12 (HSPD-12) in 2004, and the implementation of the Personal Identity Verification (PIV) technology which stores digital certificates in smart card devices, the cyber security industry has seen a rapid increase in smart card adoption. This dramatically increases the complexity in encryption and decryption services. For example, while escorting a soft copy of a private key through the decryption process supports the use of current commercially available decryption tools, escorting a smart card protected private key represents a huge challenge. Smart card protected private keys can call for much stricter compliance standards, such as with the Federal Information Processing Standards (FIPS-2) when used for U.S. Government applications. These compliance specifications provide for the increased protection of private keys stored on hardware models.