Backdoors: How Will Government Agencies Adapt to Cybersecurity on the Internet? Professor Peter Swire Ohio State University Internet Law Scholars WIP New.

Slides:

Advertisements

Similar presentations

Elephants and Mice Revisited: Law and Choice of Law on the Internet Professor Peter P. Swire Moritz College of Law Ohio State University Penn Law Review.

Advertisements

From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud Peter Swire Moritz College of Law Ohio State.

The Strategy of Using Security to Protect Privacy Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP Data Protection Commissioner.

Rocket Software, Inc. Confidential James Storey General Manager, OSS Unit Rocket Software APNOMS 2003: Managing Pervasive Computing and Ubiquitous Communications.

Privacy and Cybersecurity Law in India and the U.S. Professor Peter Swire Ohio State University National Law University, Dwarka March 31, 2011.

Secure Mobile IP Communication

Lawful Access in the EU: The Pipe to the Cloud? Professor Peter Swire Ohio State University & Future of Privacy Forum Georgetown Law School Conference.

Voice over the Internet Protocol (VoIP) Technologies… How to Select a Videoconferencing System for Your Agency Based on the Work of Watzlaf, V.M., Fahima,

Security Strategy. You will need to be able to explain:  Data Security  Data Integrity and  Data Privacy  Risks  Hacking  Denial of Service DOS.

1 Future of the Internet Current Issues EDUCAUSE Policy Conference Crystal City, VA 2008 Joe Tasker Sr. Vice President and General Counsel Information.

A-Level Computing data damage and prevention. Objectives To know the dangers associated with a computer system To understand the methods of prevention.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

“Encryption’s Vital Role in Safeguarding the Digital Economy” Professor Peter Swire Ohio State University ASSOCHAM International Conference Safeguarding.

Encryption and Globalization Professor Peter Swire IP Scholars Conference Chicago August 11, 2011.

A Gift of Fire, 2edChapter 3: Encryption and Interception of Communications1 PowerPoint ® Slides to Accompany A Gift of Fire : Social, Legal, and Ethical.

A Gift of Fire, 2edChapter 3: Encryption and Interception of Communications1 PowerPoint ® Slides to Accompany A Gift of Fire : Social, Legal, and Ethical.

Written By KEVIN J. O’BRIEN Published: December 28, 2009 By The New York Times A Report by Michael Abdullah.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

VoIP Voice over Internet Protocol or “It is not Voice over IP; it is Everything over IP…” Bob Pepper, FCC.

Virtual Private Network

VOIP ENGR 475 – Telecommunications Harding University November 16, 2006 Jonathan White.

CALEA Discussion Network Policy Council February 4, 2007.

The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.

FORESEC Academy FORESEC Academy Security Essentials (IV)

Cisco Discovery Working at a Small-to-Medium Business or ISP CHAPTER 7 ISP Services Jr.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

Conflicting Privacy Regimes: (1) Encryption and (2) Access to Cloud Records Peter Swire Ohio State University Future of Privacy Forum IAPP Global Summit.

CS 4001Mary Jean Harrold1 Class 9 Questions about term paper—list of possible topics available on line—proposal due 9/27 Communications assignment—discuss.

From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud Professor Peter Swire The Privacy Project.

By Kyle Slinger.  A network is where you can send information to and from different PCs.

Cloud Computing Zach Ciccone Claudia Rodriguez Annia Aleman Xiaoying Tu Nov 14, 2013.

Reasons to Support Strong Encryption for a Globally Secure Internet Professor Peter Swire Ohio State University U.S. Technology Training Institute Washington,

Security Squad Keeping your Equipment and Information Safe Security Squad Keeping your Equipment and Information Safe Security Squad Video Series, Part.

Keyloggers At Work Jason Clark. History Believed to have been first used by the government Believed that they were used in the early 1990’s Software key.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.

Lecture 17 Page 1 CS 236 Online Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption –With good encryption,

Information Security MGMT Summer 2012 Night #4, Lecture Part 2.

CALEA Communications Assistance for Law Enforcement Act Current Campus Perspective of Implementation Issues November 17, 2005 Doug Carlson – New York University.

Networks Network topologies. Networks Network topology Is the way the devices are arranged in a network In a wired network, it shows how the computers.

Protecting Privacy “Most people have figured out by now you can’t do anything on the Web without leaving a record” - Holman W. Jenkins, Jr

CS 4001Mary Jean Harrold1 Intercepting Communications Thanks to Sherry Clark for her notes.

Firewall firewalls Is a program on your computer to protect your computer from all types of threats and if you have a server and you wasn’t to protect.

Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?

Chapter 14 Network Encryption

CALEA General Session February 6, CALEA Communications Assistance for Law Enforcement Act Basic purpose: to provide an easier way for Law.

IEEE & Expansion of 1994's Communications Assistance for Law Enforcement Act (CALEA) & Security Services Information Technology Department 2 December.

Communication Methods

Unit 1 Understanding computer systems: How legal, ethical, safety and security issues affect how computers should be used OCR Cambridge Nationals in ICT.

Privacy Déjà Vu: Crypto, Government Surveillance and Safe Harbor, Peter Swire Georgia Tech/Alston & Bird IAPP Summit April 4, 2016.

Securing Interconnect Networks By: Bryan Roberts.

Christopher Simpson. Road Map Definition of wiretapping Laws concerning wiretapping Legal justifications of wiretapping What wiretapping means to you.

SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.

McLean HIGHER COMPUTER NETWORKING Lesson 10 Ethical Implications Description of ethical implications of networks: Personal privacy Censorhip.

OCR Nationals - Unit 8 E-commerce – go to slide 11.

The Hacking Suite For Governmental Interception. Which are todays challenges? Encryption Cloud Mobility.

Section 4 Policies and legislation AQA ICT A2 Level © Nelson Thornes Section 4: Policies and Legislation Legislation – practical implications.

PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.

Why Does The Site Need an SSL Certification?. Security should always be a high concern for your website, but do you need an SSL certificate? A secure.

8 – Protecting Data and Security

Lecture 6: Cloud Computing

“Privacy and Cybersecurity Law in India and the U.S.”

Decrypting Data Compliance in China

Attribution & the globalization of criminal evidence

Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek

Malware, Phishing and Network Policies

Progress leisure OCR GCSE ICT.

Firewalls Routers, Switches, Hubs VPNs

ENGR 475 – Telecommunications

Presentation transcript:

Backdoors: How Will Government Agencies Adapt to Cybersecurity on the Internet? Professor Peter Swire Ohio State University Internet Law Scholars WIP New York Law School March 23, 2012

The Research Project Future of Privacy Forum – Government Access to Personal Information – New facts -- much higher adoption of encryption – Puts pressure on government agencies, globally – Description - how will they react? (today’s talk) What else follows? – Prescription – what should law & policy be for lawful access? – What other implications from high crypto adoption?

Encryption Adoption VPNs Blackberry Gmail & Hotmail SSL pervasive (credit card numbers) – Dropbox & many more Facebook enables HTTPS, may shift default Skype & other VoIP Result – interception order at ISP or local telco often won’t work

Ways to Grab Communications 1.Break the encryption (if it’s weak) 2.Grab comms in the clear (CALEA) 3.Grab comms with hardware or software before or after encrypted (backdoors) 4.Grab stored communications, such as in the cloud My descriptive thesis: #4 is becoming FAR more important, for global communications Also, temptation to do more #2 and #3

Local switch Phone call Telecom Company 3 Alice Bob

Local switch Phone call Telecom Company 3 Alice Bob

Bob ISP Alice ISP %!#&*YJ#$ Hi Bob! Internet: Many Nodes between ISPs Alice Bob %!#&*YJ#$

Problems with Weak Encryption Nodes between A and B can see and copy whatever passes through Many potential malicious nodes Strong encryption as feasible and correct answer – US approved for global use in 1999 – India, China new restrictions on strong encryption – “Encryption and Globalization” says those restrictions are bad idea

Encrypt Encrypted message – Hi Bob! Alice Bob's public key Bob's private key – Alice's local ISP Decrypt Hi Bob! – Bob's local ISP – Backbone provider Bob

Ways to Grab Communications 1.Break the encryption (if it’s weak) 2.Grab comms in the clear (CALEA) 3.Grab comms with hardware or software before or after encrypted (backdoors) 4.Grab stored communications, such as in the cloud

Limits of CALEA Applies to switched network & connect to that Bad cybersecurity to have unencrypted IP go through Internet nodes How deep to regulate IP products & services – WoW just a game? – Will all Internet hardware & software be built wiretap ready? That would be large new regulation of the Internet Could mobilize SOPA/PIPA coalition

Ways to Grab Communications 1.Break the encryption (if it’s weak) 2.Grab comms in the clear (CALEA) 3.Grab comms with hardware or software before or after encrypted (backdoors) 4.Grab stored communications, such as in the cloud

Governments Install Software? Police install virus on your computer This opens a back door, so police gain access to your computer Good idea for the police to be hackers? Good for cybersecurity? Soghoian expert here

Ways to Grab Communications 1.Break the encryption (if it’s weak) 2.Grab comms in the clear (CALEA) 3.Grab comms with hardware or software before or after encrypted (backdoors) 4.Grab stored communications, such as in the cloud

Stored Records: The Near Future Global requests for stored records – Encrypted webmail, so local ISP less useful – Local switched phone network less useful Push for “data retention”, so police can get the records after the fact The “haves” and “have nots” – Server in your jurisdiction – Technically ahead of the curve MLATs and other upcoming legal battles

Questions Going Forward Descriptive thesis correct? Big new focus on lawful access to stored records in the cloud? What global regime for this lawful access? – What mix of backdoors and front doors? What other aspects of Internet governance affected by this adoption of encryption?