Exploring Encryption and Potential Mechanisms for Authorized Government Access to Plaintext Proceedings of a Workshop (2016) / Chapter Skim
Currently Skimming:
5 Session 3. Security Risks of Architectures for Enabling Government Access to Plaintext
5 Session 3. Security Risks of Architectures for Enabling Government Access to Plaintext
Pages 17-30
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 17... ...
Originally, wiretaps involved law enforcement getting access to the target's phone line and connecting a device capable of capturing the analog audio and telephone network signaling being sent over the line -- a relatively straightforward proposition. Eventually, as telephone systems became digital, the Communications Assistance for Law Enforcement Act was enacted to ensure that carriers would provide law enforcement with the necessary interface to their networks as well.
|
From page 18... ...
"We are paying that price to this day," Blaze said. Crypto War II and the Cybersecurity Crisis Blaze then turned to the current period, which he described as a time of both "Crypto War II" and a "cybersecurity crisis." The first term stems from the renewed debate over encryption spurred by comments from law enforcement and national security officials about the challenges posed by ubiquitous encryption, exemplified by an October 16, 2014, statement from Federal Bureau of Investigation (FBI)
|
From page 19... ...
Citing the report of which he is a coauthor, Keys Under Doormats: Mandating Insecurity by Requiring Government Access to All Data and Communications,2 Blaze articulated some of the ways exceptional access is at odds with the need to better protect infrastructure. He said exceptional access necessarily makes cryptography weaker, increases the difficulty of integrating cryptography securely into applications and systems, creates operational vulnerabilities, and, in many cases, can be easily bypassed.
|
From page 20... ...
benefits of an exceptional access system to law enforcement and the increased vulnerability to which such a system would expose everyone. Although exceptional access might enhance law enforcement's ability to catch the "dumb criminals" (those without the resources or knowledge necessary to procure end-to-end encryption tools)
|
From page 21... ...
Noting that companies will generally produce data that they have access to in response to law enforcement legal demands, Richard Littlehale asked why some companies are considered to provide adequate security even if they retain the ability to access encrypted data, while others argue that a total lack of access by anyone but the individual user is the only way to ensure adequate security.
|
From page 22... ...
Although we may be "going dark" in some places, we are going "brilliantly bright" in others, he argued, suggesting that abandoning our devices altogether would take a lot more evidence out of the reach of law enforcement than using fully encrypted devices would. Addressing in a broader sense the aims of law enforcement, Littlehale noted that concerns about the potential for someone to steal an escrow key or abuse exceptional access to the detriment of human rights are also concerns of the law enforcement community.
|
From page 23... ...
Burrell said that in the context of forensics, law enforcement would generally gain the most from being able to access data or communications from IoT devices at the point of data aggregation, where all of these devices are transmitting data to a cloud service or to a local hub, because direct physical access would otherwise be required. Later, Landau and Brian LaMacchia noted that in the absence of practical homomorphic encryption, data at the point of aggregation would need to be available as plaintext.
|
From page 24... ...
Picking up on this point later, Ball suggested that law enforcement would need to be held accountable for any failures that result from a key escrow system.
|
From page 25... ...
Prompted by a follow-up question from Green, Littlehale later added that if the market were to move in a direction where cloud backups are also encrypted under user control, law enforcement would consider the ability to decrypt that information a far higher priority. Picking up on this point later, Bankston suggested that approaches like that proposed in the Feinstein-Burr bill, which would require entities with the ability to encrypt to also retain the capability to decrypt, would essentially outlaw perfect forward secrecy, a technology coming into widespread use with which communications are encrypted with keys that are thrown away after use, so that if adversaries were to gain the keys for one TLS session, they would still lack the keys for other TLS sessions.
|
From page 26... ...
Lampson identified two key weaknesses in such a system: First, one must determine what the sealing keys are -- a configuration problem -- and second, one must trust the escrow agents, which requires that technical bugs be eliminated from the escrow agent computer systems and, ultimately, involves trusting the people and institutions that operate each escrow agent. While acknowledging that such a scheme undoubtedly could be compromised, Lampson argued that such risks pale in comparison to the overall context and scale of existing security problems.
|
From page 27... ...
With regard to the need for law enforcement to access information on encrypted devices, Blaze said the question becomes whether the cost of creating the infrastructure necessary for access would exceed the cost of developing other methods law enforcement could use to gain access -- for example, reverse-engineering the hardware. In this way, it becomes an economic question as well as a security question, and the economic component would be felt especially acutely by local law enforcement bodies.
|
From page 28... ...
They also considered how the technology industry and its security solutions bolster the security of the government itself as well as other ways to improve the government's access to information in the absence of an exceptional access mechanism. Donner asked whether there are sufficient skills and technical resources in the law enforcement community to make use of this approach.
|
From page 29... ...
Given that adversaries will in any case seek to bypass exceptional access mechanisms, lawful hacking will inevitably be needed even if there is a mechanism for exceptional access. If exceptional access is not given, he said, it certainly would require much greater investment by law enforcement.
|
From page 30... ...
30 EXPLORING ENCRYPTION AND POTENTIAL MECHANISMS FOR AUTHORIZED GOVERNMENT ACCESS TO PLAINTEXT Building a More Productive Conversation Even in the absence of any actual exceptional access mandate or policy, Landau noted that the government's posture toward end-to-end encryption could be affecting the technological landscape and wondered if it would be possible to work toward a different "default." For example, it is possible that government advocacy for exceptional access actually pushes the market more in the direction of user-controlled encryption. Donner pointed out that the underlying driver stems in part from the fact that the Internet is constructed out of private components and open protocols -- infrastructure the government doesn't control -- and as such, the government is limited in its ability to protect citizens from bad actors operating online.
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.