160 likes | 269 Views
From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud. Professor Peter Swire The Privacy Project – Cloud Conference April 4 , 2012. The TPP Paper. Rising adoption of encryption Declining effectiveness of traditional wiretaps
E N D
From Real-Time Interceptsto Stored Records:Why Encryption Drives the Government to Seek Access to the Cloud Professor Peter Swire The Privacy Project – Cloud Conference April 4, 2012
The TPP Paper • Rising adoption of encryption • Declining effectiveness of traditional wiretaps • Especially at local level • Technological reason for shift in lawful access to the cloud • The “haves” & “have-nots”
Encryption Adoption (Finally?) • VPNs • Blackberry • Gmail now, other webmail soon • SSL pervasive (credit card numbers) • Dropbox & many more • Facebook enables HTTPS, may shift default • Skype & other VoIP • Result – interception order at ISP or local telco often won’t work
Ways to Grab Communications • Break the encryption (if it’s weak) • Grab comms in the clear (CALEA) • Grab comms with hardware or software before or after encrypted (backdoors) • Grab stored communications, such as in the cloud • My descriptive thesis: #4 is becoming FAR more important, for global communications • Also, temptation to do more #2 and #3
Wiretap on Copper Lines 3 Phone call Alice Local switch Telecom Company Local switch Phone call WIRETAP AT a’S HOUSE OR LOCAL SWITCH Bob
Wiretap on Fiber Optic 3 CALEA in U.S. Build Wiretap ready Phone call Alice Local switch Telecom Company Local switch Voice Exception for IP Phone call Bob
Internet as Insecure Channel Hi Bob! Alice Alice ISP %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% Internet: Many Nodes between ISPs %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% Bob ISP Hi Bob! Bob
Problems with Weak Encryption • Nodes between A and B can see and copy whatever passes through • Many potential malicious nodes • Strong encryption as feasible and correct answer • US approved for global use in 1999 • India, China new restrictions on strong encryption • “Encryption and Globalization” says those restrictions are bad idea
Where are the KEYS? Hi Bob! Encrypt Bob's public key Alice Encrypted message – %!#&YJ@$ – Alice's local ISP %!#&YJ@$ – Backbone provider %!#&YJ@$ – Bob's local ISP %!#&YJ@$ Hi Bob! Decrypt Bob's private key The KEYS are with the individuals Bob
Ways to Grab Communications • Break the encryption (if it’s weak) • Grab comms in the clear (CALEA) • Grab comms with hardware or software before or after encrypted (backdoors) • Grab stored communications, such as in the cloud
Limits of CALEA • Applies to switched network & connect to that • Bad cybersecurity to have unencrypted IP go through Internet nodes • How deep to regulate IP products & services • WoW just a game? • Will all Internet hardware & software be built wiretap ready? • That would be large new regulation of the Internet • Could mobilize SOPA/PIPA coalition
Ways to Grab Communications • Break the encryption (if it’s weak) • Grab comms in the clear (CALEA) • Grab comms with hardware or software before or after encrypted (backdoors) • Grab stored communications, such as in the cloud
Governments Install Software? • Police install virus on your computer • This opens a back door, so police gain access to your computer • Good idea for the police to be hackers? • Good for cybersecurity?
Ways to Grab Communications • Break the encryption (if it’s weak) • Grab comms in the clear (CALEA) • Grab comms with hardware or software before or after encrypted (backdoors) • Grab stored communications, such as in the cloud
Stored Records: The Near Future • Global requests for stored records • Encrypted webmail, so local ISP less useful • Local switched phone network less useful • Push for “data retention”, so police can get the records after the fact • The “haves” and “have nots” • Server in your jurisdiction • Technically ahead of the curve • MLATs and other upcoming legal battles
Conclusion • Adoption of strongly encrypted communications now going through a decisive shift • Access by the cloud provider remains in many scenarios • This technological shift will put pressure to develop legal mechanisms for global access to cloud providers