1 / 11

Encryption and Globalization

Encryption and Globalization. Professor Peter Swire IP Scholars Conference Chicago August 11, 2011. Overview. Task : Update and explain why good encryption law/policy matters, 12 years after U.S. crypto wars ended Outline of paper: India and China update From wiretaps to the Internet

pepin
Download Presentation

Encryption and Globalization

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Encryption and Globalization Professor Peter Swire IP Scholars Conference Chicago August 11, 2011

  2. Overview • Task: Update and explain why good encryption law/policy matters, 12 years after U.S. crypto wars ended • Outline of paper: • India and China update • From wiretaps to the Internet • Importance of strong crypto to the Internet • 2 arguments for strong crypto in globalized setting • Crypto helps cybersecurity • Least trusted country problem • Answer 3 objections made by those who oppose strong crypto • A proposed way to reconcile CALEA (foster wiretaps) and strong crypto (limits effectiveness of wiretaps)

  3. India • 40 bit legal limit on key length, since 90s • Mumbai attack, 2008 • RIM and newly vigorous enforcement • Security agencies insist on ability to wiretap in real time • Waiting for new policy • Maybe key escrow • Maybe new import license restrictions

  4. China • Encourage domestic crypto • Soft law that encryption ok only if it is not the “core function” • Microprocessors, PCs, mobile phones OK • VPNs are not OK, “core function” is crypto • Great uncertainty about meaning of “core function” • China is trying to require home-grown encryption for hardware and software • Lack of peer review to date of their algorithms • A goal appears to be to spread those algorithms throughout China and then into global supply chain

  5. Background Part of Paper • Paper gives background for those new to the debate: • Intro to wiretaps, for phone and online • Intro to encryption • Categories of attacks/vulnerabilities • History of crypto wars in the 1990s • Administration changed position in 1999, can export strong crypto • Lessons learned, apply to the globalized debate today

  6. Internet as Insecure Channel Hi Bob! Alice Alice ISP %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% Internet: Many Nodes between ISPs %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% Bob ISP Hi Bob! Nodes: many, unknown, potentially malicious Weak encryption = many intercepts Bob

  7. Problems with Weak Encryption • Nodes between A and B can see and copy whatever passes through • Brute force attacks became more effective due to Moore’s Law; 40 bits was already breakable in mid-90’s • From a few telcos to many millions of nodes on the Internet • Hackers • Criminals • Foreign governments • Amateurs • Strong encryption as feasible and correct answer • Scaled well for many applications (SSL, HTTPS, in chips) as Internet users went over one billion

  8. I. Crypto Essential to Cybersecurity • Public awareness of cybersecurity grown a lot since 1999 • Increasing importance of computing & thus cybersecurity • Crypto deeply embedded in modern computing: • SSL, HTTPS, VPNs, Skype/VOIP, Bitlocker, etc. • Offense is ahead of the defense • The world is our bad neighborhood • Defense and the weakest link problem • Crypto as perhaps the largest category for effective defensive • Don’t play cybersecurity with two hands tied behind your back

  9. II. The Least Trusted Country Problem • 1990’s Clipper chip debate • Many expressed lack of trust in government access to the keys • Globalization and today’s encryption debate • What if a dozen or 50 countries with the keys, or enforced crypto limits? • What if your communications in the hands of your least trusted country? • India/Pakistan; China/Taiwan; Israel/Iran • Don’t create security holes in global Internet, especially for billions of people

  10. Responses to Common Concerns • “They” have a backdoor • “Going dark” vs. “golden age of encryption” • Paper concludes the latter is more accurate • Trade policy and domestic industry

  11. Possible Topics for Questions/Discussion • Lessons from the Crypto wars of the 1990’s • Strong crypto and insecure channel of the Internet • Crypto as important to cybersecurity • Least trusted country problem • Backdoors to “them” as excuse for limits on encryption • Going dark vs. modern surveillance advantages • Others?

More Related