Impact of Computers on Society 3. Encryption and Interception of Communication
It Could Never Happen… Secret FBI papers revealed that John Lennon was ruled out as a communist threat because he was always stoned, London’s Evening Standard reported yesterday.
Never… Documents show that the FBI suspected that the ex- Beatle was the head of revolutionaries planning to hijack a 1972 Republican conference, and kept him under close watch at first. But Lennon’s abuse of heroin, cocaine and marijuana in the early 1970s eventually ruled him out of FBI investigations. An agent concluded that Lennon “appears to be radically oriented” but “does not give the impression he is a true revolutionist, since he is constantly under the influence of narcotics.”
You Must Be Kidding! Marilyn Monroe Lucille Ball And Albert Einstein… ...were among the suspected communists tracked by the FBI from the 1950s to 1970s. Washington Post, September 23, 2005, p. C3 Washington Post, September 23, 2005, p. C3
Background Different levels of message and information security How secure is the postal service? How secure is ? How secure are financial transactions?
Three Main Issues Whom do you trust? How powerful is technology? Technology is a “moving target” How open should communications be?
A Brief History of Wiretapping 1928 – Supreme Court rules that… wiretapping is not unconstitutional wiretapping can be banned by Congress 1934 – Congress passes the Federal Communications Act illegal to wiretap no exception for law enforcement
More about Wiretapping 1937 – Supreme Court stands behind the ban on wiretapping FBI did it anyway lax enforcement of anti-wiretapping laws continuing debate for many years
Wiretapping Allowed 1967 – Supreme Court rules that intercepting phone conversations without a court order violates 4 th Amendment (2007 – NSA gathers data without warrants) 1968 – Congress explicitly allows wiretapping with court order intended to help fight organized crime USA PATRIOT Act of 2001 loosens restrictions further
Milestones in Interception The Internet changes the playing field no longer wiretapping now, interception of communications includes broadcast communications what about fiber optics? what about monitoring of RF emissions?
Lawful Interception 1994 – CALEA (Communications Assistance for Law Enforcement Act) requires equipment to be designed to allow interception. 1999 – FBI’s Carnivore interception system required a court order limited to a particular ISP what about the of other subscribers to that ISP? can’t the ISP do this without having to physically hook up FBI computers to its own? program terminated in 2005; now using commercially available software superseded by DCS-3000 systemDCS-3000
Echelon 1998 – NSA’s Echelon. Not supposed to be targeted at US citizens NSA denies its existence Major computing power Examines RF emissions, including cell phones, etc. Supposedly sifts through international traffic Sifts through business and other traffic, not just military and law enforcement Aside: the US Embassy in Moscow and Dr. Theramin
Echelon criticisms The line is blurred on US citizens when national security is claimed or when they are abroad What about our allies – Canada, Britain, Australia, NZ? Going “deaf” because of the rise of fiber optic transmission rather than satellite Major question is how much privacy should we be expected to give up in order to (maybe) catch the bad guys?
FISA Foreign Intelligence Surveillance Act (1978) Without a warrant… President can request surveillance without a warrant through the AG for up to one year Limited to foreign intelligence only Electronic surveillance With a warrant… Requires warrant from a secret court Both physical and electronic searches Only five requests for warrants have been denied since 1979
Protect America Act (PAA) A 2007 revision of FISA Adds terrorists to the list of possible targets for monitoring Allows for massive collection of international telecom data without court order or oversight Disagreement over retroactive protection for telecom companies Expired on February 17, 2008 when House did not renew But…
FISA of 1978 Amendments Act of 2008 Signed into law on August 5, 2008 Extended for 5 years, September 2012 Extended for 5 years Protects telecoms from “past or future” lawsuits for cooperation with warrantless federal surveillance Removes requirements for detailed description of what is being sought Requires (secret) FISA court permission to eavesdrop on Americans who are overseas
Recommended Reading James Bamford Puzzle Palace: a report on America’s most secret agency (1982) Body of Secrets: anatomy of the ultra-secret National Security Administration: from the Cold War through the dawn of a new century (2001) Leo Marks Between Silk and Cyanide: a codemaker’s war (1998)
Two Main Computer Defenses Packet transmission messages are less vulnerable en route interception is most effective at the end points Encryption Requires a key, which must be passed secretly Only one unbreakable code: the one-time key
Public Key Encryption A known, published algorithm RSA (Rivest, Shamir, Adelman) uses two large prime numbers for keys Each party has two keys, a private key and a public key One pair of keys to encrypt, the other pair to decrypt Brute force attacks are essentially useless unless you have massive computing power Quantum computing may change this situation Longer keys make the encryption stronger Problem of delivering the keys
More Encryption The problem of computational overhead Most of us use encryption for financial transactions on the Internet 40-bit versus 128 or 256 bit encryption, and more Remember that anything broadcast or transmitted can be intercepted The bad guys can use encryption, too
A Few Uses of Encryption Communications, both phone and data Credit card numbers Other financial data, for example brokerage transactions Electronic Funds Transfer (EFT) Passwords, usernames, account numbers on the Internet Digital Signatures – did the message really come from that person?
Steganography Concealing the fact that a message even exists Hidden in a picture – a digital watermark Hidden within a document – for example, a computer printed postage stamp An image could conceal harmful code which will execute on the recipient’s computer A message or virus could be concealed in almost anything that is digital
Attempts to Control Encryption Technology 1990’s – Government attempts to restrict export of encryption technology 1991 – Philip Zimmerman and PGP (Pretty Good Privacy) “Restricted” browsers and other software 1993 – Daniel Bernstein’s 1 st Amendment lawsuit 1996 – Courts decide in Bernstein’s favor
Why? The genie was already out of the bottle To protect the NSA …the main goal of the export rules was to restrict encryption to what the NSA could routinely crack in “real time,” that is as messages are scanned. …to prevent adoption of standard cryptography systems. Standards would encourage more use of encryption and make it harder for the NSA to distinguish the messages it wants to read.
Why?? …export rules required that companies that wanted to export encryption systems had to disclose the details of their products to the government, ensuring that the NSA had full knowledge of the technologies in use. Diffie & Landau, summarized by Baase, p. 119
End of Restrictions 2000 – The government at last gives up the attempt to impose import restrictions on encryption. Officially, the genie is out of the bottle…
Encryption Control in the US 1993 – the Clipper Chip Used an unpublished, secret NSA algorithm Designed for telephones, also used on computers Various key escrow proposals. The government wanted a third party escrow agent. Government and law enforcement would need a court order to get the key BUT – the escrow agent would be a government agency A failure before it got off the ground There is no provision for a “back door” in the USA PATRIOT Act.
And In Conclusion… Remember that the goal of encryption is to make the difficulty of reading a message not worth the effort. Technology is progressing very rapidly To what extent do you trust government and law enforcement to uphold the 1 st and 4 th Amendments?
One Certain Defense Although it may be impossible to protect against unwarranted surveillance, at least your mind can be spared. Wear a tin foil hat! Wear a tin foil hat!