EXPLORING ENCRYPTION
AND POTENTIAL MECHANISMS
FOR AUTHORIZED GOVERNMENT
ACCESS TO PLAINTEXT
Proceedings of a Workshop
Anne Johnson, Emily Grumbling, and Jon Eisenberg, Rapporteurs
Computer Science and Telecommunications Board
Division on Engineering and Physical Sciences
THE NATIONAL ACADEMIES PRESS
Washington, DC
www.nap.edu
THE NATIONAL ACADEMIES PRESS 500 Fifth Street, NW Washington, DC 20001
This activity was supported by the Office of the Director of National Intelligence, under Contract No. 2014-14041100003-010. Any opinions, findings, conclusions, or recommendations expressed in this publication do not necessarily reflect the views of any organization or agency that provided support for the project.
International Standard Book Number-13: 978-0-309-44740-9
International Standard Book Number-10: 0-309-44740-2
Digital Object Identifier: 10.17226/23593
Copies of this publication are available for sale from the National Academies Press, 500 Fifth Street, NW, Keck 360, Washington, DC 20001; (800) 624-6242 or (202) 334-3313; http://www.nap.edu.
Copyright 2016 by the National Academy of Sciences. All rights reserved.
Printed in the United States of America.
Suggested citation: National Academies of Sciences, Engineering, and Medicine, 2016. Exploring Encryption and Potential Mechanisms for Authorized Government Access to Plaintext: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/23593.
The National Academy of Sciences was established in 1863 by an Act of Congress, signed by President Lincoln, as a private, nongovernmental institution to advise the nation on issues related to science and technology. Members are elected by their peers for outstanding contributions to research. Dr. Marcia McNutt is president.
The National Academy of Engineering was established in 1964 under the charter of the National Academy of Sciences to bring the practices of engineering to advising the nation. Members are elected by their peers for extraordinary contributions to engineering. Dr. C. D. Mote, Jr., is president.
The National Academy of Medicine (formerly the Institute of Medicine) was established in 1970 under the charter of the National Academy of Sciences to advise the nation on medical and health issues. Members are elected by their peers for distinguished contributions to medicine and health. Dr. Victor J. Dzau is president.
The three Academies work together as the National Academies of Sciences, Engineering, and Medicine to provide independent, objective analysis and advice to the nation and conduct other activities to solve complex problems and inform public policy decisions. The Academies also encourage education and research, recognize outstanding contributions to knowledge, and increase public understanding in matters of science, engineering, and medicine.
Learn more about the National Academies of Sciences, Engineering, and Medicine at www.national-academies.org.
Reports document the evidence-based consensus of an authoring committee of experts. Reports typically include findings, conclusions, and recommendations based on information gathered by the committee and committee deliberations. Reports are peer reviewed and are approved by the National Academies of Sciences, Engineering, and Medicine.
Proceedings chronicle the presentations and discussions at a workshop, symposium, or other convening event. The statements and opinions contained in proceedings are those of the participants and have not been endorsed by other participants, the planning committee, or the National Academies of Sciences, Engineering, and Medicine.
For information about other products and activities of the Academies, please visit nationalacademies.org/whatwedo.
OTHER RECENT REPORTS OF THE COMPUTER SCIENCE AND TELECOMMUNICATIONS BOARD
Continuing Innovation in Information Technology: Workshop Report (2016)
Future Directions for NSF Advanced Computing Infrastructure to Support U.S. Science and Engineering in 2017-2020. (2016)
Privacy Research and Best Practices: Summary of a Workshop for the Intelligence Community (2016)
Bulk Collection of Signals Intelligence: Technical Options (2015)
Interim Report on 21st Century Cyber-Physical Systems Education (2015)
A Review of the Next Generation Air Transportation System: Implications and Importance of System Architecture (2015)
Telecommunications Research and Engineering at the Communications Technology Laboratory of the Department of Commerce: Meeting the Nation’s Telecommunications Needs (2015)
Telecommunications Research and Engineering at the Institute for Telecommunication Sciences of the Department of Commerce: Meeting the Nation’s Telecommunications Needs (2015)
At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues (2014)
Emerging and Readily Available Technologies and National Security: A Framework for Addressing Ethical, Legal, and Societal Issues (2014)
Future Directions for NSF Advanced Computing Infrastructure to Support U.S. Science and Engineering in 2017-2020: An Interim Report (2014)
Interim Report of a Review of the Next Generation Air Transportation System Enterprise Architecture, Software, Safety, and Human Factors (2014)
Geotargeted Alerts and Warnings: Report of a Workshop on Current Knowledge and Research Gaps (2013)
Professionalizing the Nation’s Cybersecurity Workforce? Criteria for Future Decision-Making (2013)
Public Response to Alerts and Warnings Using Social Media: Summary of a Workshop on Current Knowledge and Research Gaps (2013)
Computing Research for Sustainability (2012)
Continuing Innovation in Information Technology (2012)
The Safety Challenge and Promise of Automotive Electronics: Insights from Unintended Acceleration (2012, with the Board on Energy and Environmental Systems and the Transportation Research Board)
The Future of Computing Performance: Game Over or Next Level? (2011)
Public Response to Alerts and Warnings on Mobile Devices: Summary of a Workshop on Current Knowledge and Research Gaps (2011)
Strategies and Priorities for Information Technology at the Centers for Medicare and Medicaid Services (2011)
Wireless Technology Prospects and Policy Options (2011)
Achieving Effective Acquisition of Information Technology in the Department of Defense (2010)
Critical Code: Software Producibility for Defense (2010)
Improving State Voter Registration Databases (2010)
Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy (2010)
Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop (2010)
Limited copies of CSTB reports are available free of charge from
Computer Science and Telecommunications Board
Keck Center of the National Academies of Sciences, Engineering, and Medicine
500 Fifth Street, NW, Washington, DC 20001
(202) 334-2605/cstb@nas.edu
www.cstb.org
This page intentionally left blank.
PLANNING COMMITTEE FOR A WORKSHOP ON ENCRYPTION AND MECHANISMS FOR AUTHORIZED GOVERNMENT ACCESS TO PLAINTEXT
FRED H. CATE, Indiana University, Chair
DAN BONEH, Stanford University
FREDERICK R. CHANG, Southern Methodist University
ORIN KERR, George Washington University
SUSAN LANDAU, Worcester Polytechnic Institute
Staff
EMILY GRUMBLING, Program Officer, Computer Science and Telecommunications Board (CSTB)
JON EISENBERG, Director, CSTB
SHENAE BRADLEY, Administrative Assistant, CSTB
RENEE HAWKINS, Financial Manager, CSTB
COMPUTER SCIENCE AND TELECOMMUNICATIONS BOARD
FARNAM JAHANIAN, Carnegie Mellon University, Chair
LUIZ ANDRÉ BARROSO, Google, Inc.
STEVEN M. BELLOVIN, Columbia University
ROBERT F. BRAMMER, Brammer Technology, LLC
EDWARD FRANK, Brilliant Cloud & Lime Parity
SEYMOUR E. GOODMAN, Georgia Institute of Technology
LAURA HAAS, IBM Corporation
MARK HOROWITZ, Stanford University
MICHAEL KEARNS, University of Pennsylvania
ROBERT KRAUT, Carnegie Mellon University
SUSAN LANDAU, Worcester Polytechnic Institute
PETER LEE, Microsoft Corporation
DAVID E. LIDDLE, US Venture Partners
FRED B. SCHNEIDER, Cornell University
ROBERT F. SPROULL, University of Massachusetts, Amherst
JOHN STANKOVIC, University of Virginia
JOHN A. SWAINSON, Dell, Inc.
ERNEST J. WILSON, University of Southern California
KATHERINE YELICK, University of California, Berkeley
Staff
JON EISENBERG, Director
LYNETTE I. MILLETT, Associate Director
VIRGINIA BACON TALATI, Program Officer
SHENAE BRADLEY, Administrative Assistant
JANEL DEAR, Senior Program Assistant
EMILY GRUMBLING, Program Officer
RENEE HAWKINS, Financial and Administrative Manager
HERBERT S. LIN, Chief Scientist (emeritus)
For more information on CSTB, see its website http://www.cstb.org, write to CSTB at
National Academies of Sciences, Engineering, and Medicine, 500 Fifth Street, NW, Washington, DC 20001,
call (202) 334-2605, or email the CSTB at cstb@nas.edu.
Acknowledgment of Reviewers
This workshop proceedings has been reviewed in draft form by individuals chosen for their diverse perspectives and technical expertise. The purpose of this independent review is to provide candid and critical comments that will assist the institution in making its published workshop proceedings as sound as possible and to ensure that it meets institutional standards for objectivity, evidence, and responsiveness to the project’s charge. The review comments and draft manuscript remain confidential to protect the integrity of the study process. We wish to thank the following individuals for their review of this workshop proceedings:
Dan Boneh, Stanford University,
Shafrira Goldwasser, Massachusetts Institute of Technology,
David S. Kris, Intellectual Ventures,
Brian A. LaMacchia, Microsoft Research,
Richard W. Littlehale, Tennessee Bureau of Investigation,
Kate Martin, Center for American Progress, and
Radia J. Perlman, EMC Corporation.
Although the reviewers listed above have provided many constructive comments and suggestions, they were not asked to endorse the views presented at the workshop, nor did they see the final draft of the workshop proceedings before its release. The review of this workshop proceedings was overseen by Samuel H. Fuller, Analog Devices, Inc., who was responsible for making certain that an independent examination of this proceedings was carried out in accordance with institutional procedures and that all review comments were carefully considered. Responsibility for the final content of this proceedings rests entirely with the authors and the institution.
This page intentionally left blank.
Contents
3 SESSION 1. THE CURRENT ENCRYPTION LANDSCAPE
Introductory Remarks by Chris Inglis
Introductory Remarks by Patrick Ball
Introductory Remarks by James Baker
Law Enforcement Capabilities and the Costs of Encryption
Do We Have More Data, or Less?
Which Tools Should We Entrust to the Government?
Dealing with Encryption in an International Context
Context Dependence of Government Needs and Obligations
4 SESSION 2. USE CASES AND THE FEASIBILITY OF SEGMENTING ENCRYPTION POLICIES
5 SESSION 3. SECURITY RISKS OF ARCHITECTURES FOR ENABLING GOVERNMENT ACCESS TO PLAINTEXT
Crypto War II and the Cybersecurity Crisis
Fundamentals of the Current Cybersecurity Landscape
Exceptional Access: Considerations and Challenges
Requirements for an Exceptional Access System
Exploring a “k out of n” Solution
The Feasibility of Segmenting by User
The Government’s Technical Resources: Lawful Hacking and Other Considerations
Building a More Productive Conversation
6 SESSION 4. TECHNICAL AND POLICY MITIGATIONS FOR INACCESSIBLE PLAINTEXT
Unintended Outcomes and the Balance Between Legal and Technical Protections
Exploring Divergent Perspectives on Metadata
Phone-Based Authentication: Strengths and Weaknesses
The Government’s Responsibilities When Vulnerabilities Are Exposed
Global Dimensions of Encryption and Access Mechanisms
Closing Remarks from the Workshop Chair: Technology as Part of a System
C Biographical Sketches of Workshop Planning Committee and Staff