Embed Size (px)
Citation preview
Conflicting Privacy Regimes:(1) Encryption and (2) Access to Cloud Records
Peter SwireOhio State University
Future of Privacy ForumIAPP Global Summit 2012
Washington, D.C. March 6, 2012
Overview
• Part I: Encryption and globalization– Brief history of wiretaps– Encryption on the Internet• Crypto Wars of 1990s• India and China today
• Part II: Emerging battles on access to the Cloud– Where will law enforcement get communications?– Encryption– CALEA-type laws– Seize before/after encryption– The cloud
Relevant Background
• Chair, White House Working Group on Encryption, 1999
• Chair, White House Working Group on updating wiretap laws for the Internet, 2000
• Current project at Future of Privacy Forum on government access to data in global setting
Are These Good Ideas?
• India: maximum crypto key length of 40 bits• China: require use of Chinese-created
cryptosystems, prohibit use of global standards
Local switch
Local switch
Wiretap on Copper LinesPhone
call
Phone call
Telecom Company
WIRETAP AT A’S HOUSE OR LOCAL SWITCH
3
Alice
Bob
Local switch
Local switch
Wiretap on Fiber OpticPhone
call
Phone call
Telecom Company
WIRETAP ONLY AT LOCAL SWITCH
3
Alice
Bob
VOICE, NOT DATAMOBILE & LAND
HQ gets downloads
CALEA in U.S.WIRETAP READY
Bob ISP
Alice ISP
%!#&*YJ#$&#
^@%
%!#&*YJ#$&#
^@%
INTERNET AS INSECURE CHANNEL
Hi Bob!
Hi Bob!
Internet: Many Nodes between ISPs
Nodes: many, unknown, potentially maliciousWEAK ENCRYPTION = MANY INTERCEPTS
Alice
Bob
%!#&*YJ#$&#
^@%
%!#&*YJ#$&#
^@%
%!#&*YJ#$&#
^@%
%!#&*YJ#$&#
^@%
%!#&*YJ#$&#
^@%
%!#&*YJ#$&#
^@%
%!#&*YJ#$&#
^@%
%!#&*YJ#$&#
^@%
Problems with Weak Encryption
• Nodes between A and B can see and copy whatever passes through
• From a few telcos to many millions of nodes on the Internet – Hackers & criminals– Foreign governments– Amateurs
• Strong encryption as feasible and correct answer– US approved for global use in 1999, after the “crypto wars”– India, China new restrictions on strong encryption– “Encryption and Globalization” says those restrictions are
bad idea, at http://ssrn.com/abstract=1960602
India
• Since 1990s, law on book: 40 bit legal limit on key length
• No enforcement then• Mumbai attack, 2008• RIM and newly vigorous enforcement• Key escrow proposal 2011 (blocked)• Security agencies insist on ability to wiretap in real
time– Didn’t like the new technical reality
Encrypt
Encrypted message –
Where are the KEYS?Hi Bob!
The KEYS are with the INDIVIDUALS
Alice Bob's public key
Bob's private key
– Alice's local ISP
%!#&YJ@$
%!#&YJ@$
Decrypt Hi Bob!
%!#&YJ@$
%!#&YJ@$
– Bob's local ISP
– Backbone provider
Bob
Encrypt
Encrypted message –
Where are the KEYS?Hi Fred!
The KEYS are with the CORPORATIONS
Jill at Corporation A, Tata
Public key of Corporation B – Reliance
Private key of Corporation B,
Reliance
– Corporation A's ISP
%!#&YJ@$
%!#&YJ@$
Decrypt Hi Fred!
%!#&YJ@$
%!#&YJ@$
– Corporation B's ISP
– Backbone provider
Fred at Corporation BReliance.
Lawful process:(1) Ask Tata before
encryption(2) Ask Reliance after
decryption
India
• RIM enforcement– Threaten import controls if no cooperation– RIM announces server in India – Nokia announces server there as well
• Ban SSL, VPNs, and all the other crypto?– Still have old law – 40 bit limit– Big gap between law and reality– Not clear how India will use its leverage going
forward
China – Its Apparent Goals
• Internal surveillance– General limits on effective crypto
• Trade promotion– Indigenous Innovation Policy• To sell in China, make in China• Give them your IP
– Use non-standard crypto-systems• If make in China and export, their system
spreads
China
• 1999 law generally prohibits commercial crypto, and requires license for import or domestic use of crypto
• Later soft law that no need for license except where “core function” is encryption– Microprocessors, PCs, mobile phones OK– VPNs are not OK, “core function” is crypto– Great uncertainty about meaning of “core
function”, where you need their license
China
• License requires use of non-standard crypto– Algorithms were provided only to Chinese
companies– In 2011, public release of 3 algorithms• Testing from non-Chinese has begun• Chinese algorithms/cryptosystems robust?• Problems of interoperability with global
standards– Additional limits on sales to state sector, which is
large
What’s Chinese Strategy?
• Surveillance– “Air gap” at border, plaintext there
• International standards– Support Chinese standards
• Trade promotion– Spread Chinese standards
• BUT– Threat to interoperability– Threat to end-to-end cybersecurity– No effective peer review of Chinese crypto
Why Crypto Matters
• Crypto central to computing & thus cybersecurity • Crypto deeply embedded in modern computing:– SSL, HTTPS, VPNs, Skype/VOIP, Blackberry – Offense is ahead of the defense– The world is our bad neighborhood– Defense and the weakest link problem– Crypto as perhaps the largest category for effective
defensive – Don’t play cybersecurity with two hands tied behind your
back
The Least Trusted Country Problem
• 1990’s Clipper chip debate– Many expressed lack of trust in government access to the
keys• Globalization and today’s encryption debate– What if a dozen or 50 countries with the keys, or enforced
crypto limits?– What if your communications in the hands of your least
trusted country?• India/Pakistan; China/Taiwan; Israel/Iran
– Don’t create security holes in global Internet
Wrap-Up on Part I
• Strong crypto crucial to your cybersecurity• Are you implementing VPNs and other crypto
globally? (I hope so)• If so, legal risks in any of your countries?• Should your organization get more involved in
assuring secure computing and communications?
Part II:
The Cloud
International Conflicts to Come
Law Enforcement Perspective
• You’re the police – how do you wiretap communications on the Internet?– 9/11, Mumbai bombing– Want to implement lawful court order– Want to get content• In the clear (not encrypted)• In real time (the attack may be soon!)
• BUT (finally) voice and e-mail are being encrypted
Ways to Grab Communications
1. Break the encryption (if it’s weak)2. Grab comms in the clear (CALEA)3. Grab comms with hardware or software before or
after encrypted (backdoors)4. Grab stored communications, such as in the cloud
• My thesis: #4 is becoming FAR more important, for global communications
• Global rules for the “front doors” of cloud providers become far more important
Break the Crypto?
• Just analyzed why crypto is pervasive and strong• India limits unlikely to work• Chinese standards might work, breaking
cybersecurity– How much of the rest of standard Web technology
will they refuse?
Ways to Grab Communications
1. Break the encryption (if it’s weak)2. Grab comms in the clear (CALEA)3. Grab comms with hardware or software before or
after encrypted (backdoors)4. Grab stored communications, such as in the cloud
Local switch
Local switch
Wiretap on Fiber OpticPhone
call
Phone call
Telecom Company
WIRETAP ONLY AT LOCAL SWITCH
3
Alice
Bob
FROM VOICE TO VOIP(1) IF LINK TO SWITCHED(2) VPNS & IF DON’T LINK
CALEA in U.S.BUILD WIRETAP
READY
Bob ISP
Alice ISP
%!#&*YJ#$&#
^@%
%!#&*YJ#$&#
^@%
INTERNET AS INSECURE CHANNEL -- VOIP INSECURE?
Hi Bob!
Hi Bob!
Internet: Many Nodes between ISPs
Alice
Bob
%!#&*YJ#$&#
^@%
%!#&*YJ#$&#
^@%
%!#&*YJ#$&#
^@%
%!#&*YJ#$&#
^@%
%!#&*YJ#$&#
^@%
%!#&*YJ#$&#
^@%
%!#&*YJ#$&#
^@%
%!#&*YJ#$&#
^@%
Limits of CALEA
• Very bad security to have unencrypted IP go through those web nodes
• Skype and VOIP pervasive• How deep to regulate IP products & services?– WOW just a game?– Pre-clearance for IP communications?– FBI’s “going dark” argument has serious flaws and
will face opposition in the IP space
Ways to Grab Communications
1. Break the encryption (if it’s weak)2. Grab comms in the clear (CALEA)3. Grab comms with hardware or software before or
after encrypted (backdoors)4. Grab stored communications, such as in the cloud
Governments Install Software?
• Police install virus on your computer
• This opens a back door, so police gain access to your computer
• Good idea for the police to be hackers?
• Good for cybersecurity?
Governments Install Hardware?
• Reports of telecom equipment that surveil communications through them
• Can “phone home”• Good to design these
vulnerabilities into the Net?
• 2/16/2012, The Atlantic:
• “Chinese Telecoms May Be Spying on Large Numbers of Foreign Customers”
Ways to Grab Communications
1. Break the encryption (if it’s weak)2. Grab comms in the clear (CALEA)3. Grab comms with hardware or software before or
after encrypted (backdoors)4. Grab stored communications, such as in the cloud
The New Emphasis on Stored Records
• Strong crypto now widely deployed for email & web– Webmail using SSL, so local ISPs go dark
• From switched voice to VOIP & other IP– CALEA less effective at the tower/local switch
Stored Records: The Near Future
• Growth of the cloud• Global requests for stored records– Encrypted webmail, so local ISP less useful– VOIP, so local switched phone network less useful
• If no Magic Lantern, then police go to stored records• Push for “data retention”, so police can get the
records after the fact
Wrap Up on Part II
• If you are in law enforcement or national security, new emphasis on access to stored records– If in country with cloud server, local service– If stored elsewhere, big new obstacle
• Copyright holders want stored records, too• Stronger communication encryption• But new battles about stored record security– Many knocks on the front doors of cloud providers
and other record holders
For Your Organization
• How respond to records requests in-country?• How respond to records requests from other
countries?– Internal procedures– Lawyers– Want to cooperate with lawful access– Want your brand to say that records are stored
securely• Worth a review for the coming requests?
Sources
• Swire & Ahmad, “Encryption and Globalization”, at http://ssrn.com/abstract=1960602
• “Going Dark vs. A Golden Age of Encryption”, https://www.cdt.org/blogs/2811going-dark-versus-golden-age-surveillance
• www.peterswire.net
