to Stored Records Why Encryption Drives the Government to Seek Access to the Cloud Professor Peter Swire The Privacy Project Cloud Conference April 4 2012 The TPP Paper ID: 629627
Download Presentation The PPT/PDF document "From Real-Time Intercepts" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
From Real-Time Intercepts to Stored Records:Why Encryption Drives the Government to Seek Access to the Cloud
Professor
Peter Swire
The Privacy Project – Cloud Conference
April 4
,
2012Slide2
The TPP PaperRising adoption of encryptionDeclining effectiveness of traditional wiretapsEspecially at local levelTechnological reason for shift in lawful access to the cloudThe “haves” & “have-nots”Slide3
Encryption Adoption (Finally?)VPNsBlackberryGmail now, other webmail soonSSL pervasive (credit card numbers)Dropbox & many more
Facebook enables HTTPS, may shift default
Skype & other VoIP
Result – interception order at ISP or local
telco
often won’t workSlide4
Ways to Grab CommunicationsBreak the encryption (if it’s weak)Grab comms in the clear (CALEA)Grab
comms
with hardware or software before or after encrypted (backdoors)
Grab stored communications, such as in the cloud
My descriptive thesis: #4 is becoming FAR more important, for global communications
Also, temptation to do more #2 and #3Slide5
Local switch
Local switch
Wiretap on Copper Lines
Phone call
Phone call
Telecom Company
WIRETAP AT
a’S
HOUSE OR LOCAL SWITCH
3
Alice
BobSlide6
Local switch
Local switch
Wiretap on Fiber Optic
Phone call
Phone call
Telecom Company
3
Alice
Bob
Voice
Exception for IP
CALEA in U.S.
Build Wiretap readySlide7
Bob ISP
Alice ISP
%!#&*YJ#$&#^@%
%!#&*YJ#$&#^@%
Internet as Insecure Channel
Hi Bob!
Hi Bob!
Internet: Many Nodes between ISPs
Alice
Bob
%!#&*YJ#$&#^@%
%!#&*YJ#$&#^@%
%!#&*YJ#$&#^@%
%!#&*YJ#$&#^@%
%!#&*YJ#$&#^@%
%!#&*YJ#$&#^@%
%!#&*YJ#$&#^@%
%!#&*YJ#$&#^@%Slide8
Problems with Weak EncryptionNodes between A and B can see and copy whatever passes throughMany potential malicious nodesStrong encryption as feasible and correct answerUS approved for global use in 1999India, China new restrictions on strong encryption
“Encryption and Globalization” says those restrictions are bad ideaSlide9
Encrypt
Encrypted message –
Where are the
KEYS?
Hi Bob!
The
KEYS
a
re with the
individuals
Alice
Bob's public
k
ey
Bob's private key
– Alice's local ISP
%!#&YJ@$
%!#&YJ@$
Decrypt
Hi Bob!
%!#&YJ@$
%!#&YJ@$
– Bob's local ISP
– Backbone provider
BobSlide10
Ways to Grab CommunicationsBreak the encryption (if it’s weak)Grab comms in the clear (CALEA)
Grab
comms
with hardware or software before or after encrypted (backdoors)
Grab stored communications, such as in the cloudSlide11
Limits of CALEA Applies to switched network & connect to thatBad cybersecurity to have unencrypted IP go through Internet nodesHow deep to regulate IP products & servicesWoW just a game?Will all Internet hardware & software be built wiretap ready?
That would be
large
new regulation of the Internet
Could mobilize SOPA/PIPA coalitionSlide12
Ways to Grab CommunicationsBreak the encryption (if it’s weak)Grab comms in the clear (CALEA)Grab
comms
with hardware or software before or after encrypted (backdoors)
Grab stored communications, such as in the cloudSlide13
Governments Install Software?Police install virus on your computerThis opens a back door, so police gain access to your computerGood idea for the police to be hackers?Good for cybersecurity?Slide14
Ways to Grab CommunicationsBreak the encryption (if it’s weak)Grab comms in the clear (CALEA)Grab
comms
with hardware or software before or after encrypted (backdoors)
Grab stored communications, such as in the cloudSlide15
Stored Records: The Near FutureGlobal requests for stored recordsEncrypted webmail, so local ISP less usefulLocal switched phone network less usefulPush for “data retention”, so police can get the records after the factThe “haves” and “have nots”
Server in your jurisdiction
Technically ahead of the curve
MLATs and other upcoming legal battlesSlide16
Conclusion Adoption of strongly encrypted communications now going through a decisive shiftAccess by the cloud provider remains in many scenariosThis technological shift will put pressure to develop legal mechanisms for global access to cloud providers