encryption & interception of communication

A Gift of Fire, 2ed Chapter 3: Encryption and Interception of Communications 1

Social, Legal, and Ethical Issues for Computers and the Internet

Encryption and Interception of Communications


A Gift of Fire

Encryption and Interception of Communications

Overview of the Controversies

Intercepting Communications

Cryptography and Its Uses

Encryption Policy: Access to Software, Keys, and Plaintext

Fundamental Issues


Overview of the Controversies

Communications Privacy Affected by:Interception of communications, including:

• Telephone, E-mail, and Web activity.

Restrictions on secure encryption.• Exportation of strong encryption was viewed as a threat to national

security.

CALEA (Communications Assistance for Law Enforcement Act).

• Communications technology must assist law enforcement.

Global surveillance systems.• The constitutionality of domestic systems and the necessity of

international systems are under question.



WiretappingTelephone:

• Pre-1934: used widely by government, businesses, and private sector.• 1934: the Federal Communications Act disallowed unauthorized

wiretaps; many ignored the law.• 1968: the Omnibus Crime Control and Safe Streets Act restricted

wiretapping by requiring a court order.

Q: Can law enforcement intercept communications without a court order?


…

Yes…in an emergency. A device called a “pen register” and a “trap and trace” can be used to determine the telephone numbers called or the number from which a call is made. These do not require as much court scrutiny and justification as intercepting the contents of a call.



WiretappingNew Technologies:

• 1986: Electronic Communications Privacy Act (ECPA) and its amendments restricted government interception of e-mail, cell-phones, etc..

• 2001: USA Patriot Act loosened restrictions on government wiretapping and communications interception.

Q: Does the USA Patriot Act supersede ECPAs restrictions?



Designing Communications Systems for Interception and TrackingObstacles to interception:

• Incomplete pen-registers as a result of long distance service.• Packet-mode communications (e-mail, file transfers, Internet phones).

Solutions:• CALEA: Requires telecommunications equipment be designed to

ensure interception by law enforcement (with court order).

Q: Why did privacy advocates object to CALEA?


…

Privacy advocates argued that finding packet based items allowed the government to go beyond what was necessary. They objected to the increased authority to get numbers entered after the initial phone call was made. These numbers might be account numbers, passwords, PIN’s, and so forth.



Designing Communications Systems for Interception and Tracking (cont’d)CALEA

• Costs include modified hardware, software, and overuse by authorities.(500,000,000!!!)

• Wiretappable systems vulnerable to criminal hacking, industrial spies, etc..

• Competition weakened due to restricted changes and diversities.

Q: CALEA allows for the interception of PINs. Do you support this use?



CarnivoreFBI’s system to intercept e-mail with a court order.

• Pro: Law enforcement needs this tool to fight crime.• Con: All e-mail goes through FBI’s Carnivore system.

Q: Does Carnivore violate the 4th Amendment? The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.



NSA and EchelonNSA (National Security Agency):

• Collects and analyzes communications to find threats to national security.

Echelon:• Member nations intercept communications for each other. It checks

Telephone conversations, e-mails, and downloads of targeted suspects.

Q: Should the NSA be permitted to intercept all e-mail entering and leaving the U.S.?



CryptographyDefinition:

• Hiding data in plain sight.

Terms:• Plaintext: Original, readable message or data.• Cyphertext: Modified, unreadable message or data.• Encryption: The act of converting plaintext into cyphertext.• Decryption: The act of reverting cyphertext back to readable, plaintext.

Q: Are there other ways to hide a message in plain sight?



Public Key CryptographyHow it works:

• User creates a mathematically-related key pair (public and private keys).

• Public keys are shared publicly; private keys are kept secret.• Public keys are used to encrypt message or data.• Private keys are used to decrypt message or data.

Benefits:• No secret keys need be shared or transmitted.• Very secure.

Q: How does key-size affect the ‘strength’ of encryption?


…

The larger the key size, the more possible keys there are. If a 40-bit key is used, there are 2^40, or more than a trillion possible keys. We now use 512-bit keys.



EncryptionUsed by:

• Military personnel.• Financial institutions.• Human-rights activists.• Government agencies.• Anyone wanting to keep messages or data private.

Q: Why are strong encryption tools needed by human-rights activists?


Human Rights and the use of Cryptography

`There has been no time that human rights concerns have been more visible than recent years as networks of local and international activists bring abuses to light. Global integration of telephone and fax lines are a direct cause.' (PoKempner, 1997) By providing quick and cheap communications and access to any kind of information, the Internet is the first truly interactive mass medium. It is not only used for fun and commercial purposes by the `consumers' but also used by those campaigning against human rights abuses. There are many organizations dealing with human rights abuses all around the world and these organizations do use the Internet to communicate with their members or with dissident groups. Before the governments can suppress the dissemination of critical writings, and reports, the authors can distribute their work through the Internet outside repressive regimes. It is well known that the Burmese dissidents(3) or the Mexican Zapatistas use the Internet to communicate with the rest of the world . It is critical and vital for human rights activists, political dissidents, and whistle blowers throughout the world to facilitate confidential communications free from government or any other intrusion. Strong encryption is the only answer for this problem .



SteganographyDefinition:

• Hiding data so that its existence is not known.

Examples:• Digital watermarks.• Hiding text in image files.

Used by:• Military,• Publishers,• Anyone wishing to hide messages or data.



Secrecy and Export ControlsControl of Secrecy

• The NSA designs unbreakable codes for the U.S. government.• The NSA attempts to break codes used by other governments.• In the past, the NSA also controlled the funding for and publishing of

cryptographic research.

Control of Exportation• Early U.S. policy prevented the exportation of strong encryption.• Meanwhile, foreign production and use of strong encryption negatively

impacted U.S. competition in the world market.• Cryptographic researchers, privacy advocates, and others successfully

challenged exportation restrictions.

Q: Why did the U.S. government insist on controlling export of strong crypto?


…

The government argued that the export prohibition was necessary to keep strong encryption from terrorist and enemy governments.



Domestic EncryptionKey Escrow

• Third-party (some organization other than the user) entrusted with non-public encryption keys. Problem…the government could get access with a court order.

Real-time Access to Plaintext• Immediate decryption of encrypted data.• Long-time goal of the FBI.

Key Recovery• The ability to recover encrypted files if necessary.• Used by some businesses.

Q: Should key recovery systems be voluntary or compulsory?


…

Businesses often want key recovery…if an employee is not available and someone else must read encrypted files…problem.

The government argued to make key recovery compulsory so that law enforcement agencies would be able to obtain messages and have them decoded by escrow agents by using search warrants and court orders.


Fundamental Issues

Role of SecrecyU.S. Policy Keeps Secret:

• Cryptographic research.• Wiretap ease or difficulty.• Encryption algorithms.• Software (e.g. Carnivore).• Global endeavors (e.g. Echelon).

Problems:• Secret algorithms cannot be tested by experts.• ‘Backdoors’ might exist.• NSA-influenced wiretap and encryption exportation bills.

Why? Disclosing this information can help criminals and terrorists!


Fundamental Issues

The Ever-changing Status QuoPast:

• Simple codes and cyphers.

Present:• 512-bit RSA encryption.• AES (Advanced Encryption Standard).

Future:• Quantum computing.• Quantum cryptography.

Q: Today, do coders or decoders have the upper hand?


Fundamental Issues

Trust in GovernmentAppropriate or Abusive?

• Wiretapping by FBI and local police.• Wiretapping by NSA.• Strong encryption restrictions.• Roving wiretaps.• Cell-phone tracking (and E-911).• Key logger systems.• Development of a nationwide standard for surveillance.