Download presentation
Presentation is loading. Please wait.
Published bySteven Daniels Modified over 8 years ago
1
Backdoors: How Will Government Agencies Adapt to Cybersecurity on the Internet? Professor Peter Swire Ohio State University Internet Law Scholars WIP New York Law School March 23, 2012
2
The Research Project Future of Privacy Forum – Government Access to Personal Information – New facts -- much higher adoption of encryption – Puts pressure on government agencies, globally – Description - how will they react? (today’s talk) What else follows? – Prescription – what should law & policy be for lawful access? – What other implications from high crypto adoption?
3
Encryption Adoption VPNs Blackberry Gmail & Hotmail SSL pervasive (credit card numbers) – Dropbox & many more Facebook enables HTTPS, may shift default Skype & other VoIP Result – interception order at ISP or local telco often won’t work
4
Ways to Grab Communications 1.Break the encryption (if it’s weak) 2.Grab comms in the clear (CALEA) 3.Grab comms with hardware or software before or after encrypted (backdoors) 4.Grab stored communications, such as in the cloud My descriptive thesis: #4 is becoming FAR more important, for global communications Also, temptation to do more #2 and #3
5
Local switch Phone call Telecom Company 3 Alice Bob
6
Local switch Phone call Telecom Company 3 Alice Bob
7
Bob ISP Alice ISP %!#&*YJ#$ &#^@% Hi Bob! Internet: Many Nodes between ISPs Alice Bob %!#&*YJ#$ &#^@%
8
Problems with Weak Encryption Nodes between A and B can see and copy whatever passes through Many potential malicious nodes Strong encryption as feasible and correct answer – US approved for global use in 1999 – India, China new restrictions on strong encryption – “Encryption and Globalization” says those restrictions are bad idea
9
Encrypt Encrypted message – Hi Bob! Alice Bob's public key Bob's private key – Alice's local ISP %!#&YJ@$ Decrypt Hi Bob! %!#&YJ@$ – Bob's local ISP – Backbone provider Bob
10
Ways to Grab Communications 1.Break the encryption (if it’s weak) 2.Grab comms in the clear (CALEA) 3.Grab comms with hardware or software before or after encrypted (backdoors) 4.Grab stored communications, such as in the cloud
11
Limits of CALEA Applies to switched network & connect to that Bad cybersecurity to have unencrypted IP go through Internet nodes How deep to regulate IP products & services – WoW just a game? – Will all Internet hardware & software be built wiretap ready? That would be large new regulation of the Internet Could mobilize SOPA/PIPA coalition
12
Ways to Grab Communications 1.Break the encryption (if it’s weak) 2.Grab comms in the clear (CALEA) 3.Grab comms with hardware or software before or after encrypted (backdoors) 4.Grab stored communications, such as in the cloud
13
Governments Install Software? Police install virus on your computer This opens a back door, so police gain access to your computer Good idea for the police to be hackers? Good for cybersecurity? Soghoian expert here
14
Ways to Grab Communications 1.Break the encryption (if it’s weak) 2.Grab comms in the clear (CALEA) 3.Grab comms with hardware or software before or after encrypted (backdoors) 4.Grab stored communications, such as in the cloud
15
Stored Records: The Near Future Global requests for stored records – Encrypted webmail, so local ISP less useful – Local switched phone network less useful Push for “data retention”, so police can get the records after the fact The “haves” and “have nots” – Server in your jurisdiction – Technically ahead of the curve MLATs and other upcoming legal battles
16
Questions Going Forward Descriptive thesis correct? Big new focus on lawful access to stored records in the cloud? What global regime for this lawful access? – What mix of backdoors and front doors? What other aspects of Internet governance affected by this adoption of encryption?
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.