1 / 17

“ From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government

“ From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud ” Peter Swire Moritz College of Law Ohio State University TPRC 2012 September 22, 2012. Current Research: Crypto & De-Identification. Encryption and Globalization

overton
Download Presentation

“ From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. “From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud” Peter Swire Moritz College of Law Ohio State University TPRC 2012 September 22, 2012

  2. Current Research:Crypto & De-Identification • Encryption and Globalization • India, China, and first full legal/policy analysis since the crypto wars • Going Dark vs. a Golden Age of Surveillance • From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud (today’s paper) • Next: De-ID project with Future of Privacy Forum • Law and policy of masking technologies • The articles available online

  3. Setting the Context … • 1990’s FBI and NSA worry that encryption would block lawful surveillance • 1999 White House shift to permit strong encryption • “Why Johnny Can’t Encrypt” • Whitten & Tygar, 1999 • Low encryption adoption • Tech literature had not shifted from that view

  4. Encryption Adoption Now Widespread • VPNs • Skype & other VoIP • Blackberry email • Gmail now, other webmail soon • SSL pervasive (credit card numbers) • Dropbox & many more • Facebook enables HTTPS, may shift default • Result: interception order at ISP or local telco often won’t work What are the agencies to do?

  5. Ways to Get Communications Break the encryption Get comms in the clear (CALEA) Get comms before or after encrypted (backdoors) Get stored communications, such as in the cloud #4 is becoming FAR more important, for global communications Also, temptation to do more #2 and #3

  6. Wiretap on Copper Lines Overview Phone call Alice Local switch Telecom Company Local switch Phone call Bob WIRETAP AT alice’S HOUSE OR LOCAL SWITCH

  7. Wiretap on Fiber Optic Overview Phone call CALEA in U.S. Build Wiretap-ready Alice Local switch Telecom Company Local switch Voice Exception for IP Phone call Bob

  8. Internet as Insecure Channel Hi Bob! Alice Alice ISP %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% Many Nodes between ISPs %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% Bob ISP Hi Bob! Bob

  9. Problems with Weak Encryption Nodes between A and B can see and copy whatever passes through Many potential malicious nodes Strong encryption as feasible and correct answer When encryption adoption rises . . .

  10. Where are the KEYS? Hi Bob! Encrypt Bob's public key Alice Encrypted message – %!#&YJ@$ – Alice's local ISP %!#&YJ@$ – Backbone provider %!#&YJ@$ – Bob's local ISP %!#&YJ@$ Hi Bob! Decrypt Bob's private key The KEYS are with the individuals. Bob

  11. Ways to Grab Communications • Break the encryption: • Keys are with the individuals • Crypto today is very hard to break • Get comms in the clear • CALEA requires that for phone • FBI proposal to extend to Internet • Get comms with hardware or software before or after encrypted (backdoors) • Get stored communications, such as in the cloud

  12. Don’t Extend CALEA to Internet • Bad cybersecurity to have unencrypted IP go through Internet nodes • How deep to regulate IP products & services • WoW just a game? • Make all Internet hardware & software be built wiretap ready? • That would be large new regulation of the Internet • Could mobilize SOPA/PIPA coalition

  13. Ways to Grab Communications Break the encryption Get comms in the clear Get comms before or after encrypted (backdoors) Get stored communications, such as in the cloud

  14. Governments Install Software? Police install virus on your computer This opens a back door, so police gain access to your computer Good idea for the police to be hackers? Good for cybersecurity?

  15. Governments Install Hardware? Reports of telecom equipment that surveil communications through them Can “phone home” Good to design these vulnerabilities into the Net? “Chinese Telecoms May Be Spying on Large Numbers of Foreign Customers” [The Atlantic, 2/16/2012]

  16. Ways to Grab Communications Break the encryption (but can’t) Grab comms in the clear (but CALEA a bad idea) Grab comms before or after encrypted (but backdoors a bad idea) Therefore: New emphasis on stored communications, such as in the cloud

  17. Conclusions • Technology • Gmail & Skype can encrypt, even if Johnny can’t • Change our assumptions about adoption • Law • Important emerging debates on data retention mandates & lawful access rules • Split between “have” & “have not” jurisdictions • Industry • Cloud providers at the center of future debates on government access

More Related