Government, Cryptography and the Right To Privacy
Jenny Shearer and Peter Gutmann
Presented by
Paul Conti
4/3/00
Presentation Layout
Introduction
The State
Standards Dilemma
The Citizen
The Market
Conclusion
Introduction
Consequences of Government ControlImbalance of power relationship
Surveillance of citizens
Disruption of int’l commerce because of lack of powerful cryptography and no standardization
Human rights abuses
Limit political potential of I*net politics
Introduction Cont.
The Problem: Public use of free, easy to use, strong cryptography.
Strong cryptography: cryptography which the government cannot break.
Government Reaction: Try to implement more restrictions on cryptography
Key forfeiture, weak encryption
Done with much resistance
Introduction Cont.
Privacy as a right vs. national security
Loss of communications privacyMonitor dissent
New Zealand
Hard for less democratic countries
Data Security
Cryptography classed as “munitions”Hardware & software implementations cannot be exported without permission
Central issue: key forfeiture
Covert RegulationPatent secrecy orders
Cut funding
Discourage standardization
Harrasment of encryption providers
Key Forfeiture
Key forfeiture: involuntary relinquishing of keys to trusted agencies
No suitable agency found so far
Terrible track records for government agencies and protection of data
Non-government agencies also flawed
Weak Encryption
Weak encryption: encryption capable of being broken by government
Problem: Other agencies and bad guys can break it too.
Especially applies to banking
Electronic payment systems
Medical and personal data
Political Implications
Why a chaotic international cryptographic situation?
Democracy can’t cope
Citizens have predefined notion of cryptography – leave it to the govt.
Infringement of internet “community” will bring backlash
The State
United States
Cryptography as munitions
Export allowed if encryption is weak or crippled
NetscapeNormally 128-bit session key
Exported with only 40 secret bits, 88 free
Cracked many times
Challenge to policy, denied – national security
The State Cont.
Pro Regulation: France, Russia, GermanyFrance: Export of cryptography needs approval, Foreign companies register keysRussia: Presidential decree – all cryptography government approvedUse regulation for spying; U.S. has tooHard to regulate people using other encryption. e.g. PGP
The State Cont.
Anti-encryption regulation: U. K.Most political parties favor broad use of encryptionReasons: wrong in principle, unworkable in practice, damaging to long-term economics of information networkRule #1 for all: Don’t export cryptography to the “bad” countries –Lybia, Iraq, etc.
The Standards Dilemma
United states and national interest
Government’s most used reason for regulation
Govt. places national security issues and economic interests before Internet development
Interoperability Issue
Lack of well-recognized international standards including interoperability hinders the use of cryptography
One internationally standard encryption algorithm – DES
Approved with much resistance
NSA -“worst mistake ever”
Interoperability Issue Cont.
Similar problems with Triple-DESEasily incorporated into a system with DESBackwards compatible with single DES with an appropriate choice of keysNSA opposed, agencies weakenedOppose civilian use, but developed its own encryption for militaryResult - still no standards
Privacy of Voice Comm.
Privacy protection through encryption ignored
Cell phones easily interceptable
Encryption could have saved $1.5 million dollars/day
GSM phones used A5 encryption – altered to suit governments needs
Government Covert Action
NSA is a big bully
Discourage research, attempt to block patents, impede symposiums, prevent release of software, issue death threats
Public /media outcries usually stopped them
The Citizen
Electronic Frontier Foundation formed to fight for electronic civil rights
Stress cryptography, quell hacking
Clipper Chip
Uses NSA skipjack algorithm; used for voice transmissions; capstone for dataObjection: Key forfeiture system would bring universal surveillance Other problems: key forfeiture system could be easily bypassed, messages can be forged with out encryption key, FBI planned to outlaw all other encryption
Clipper II –“Clipper’s Revenge”
Govt. outlined 10 criteria to allow for exportable encryptionProblem: Clipper II had weak encryption through short keys and key forfeitureShort key requirement allowed for legal access via escrow agentsPossible to decrypt messages without keyOnly compatible with government productsConductive to U.S. spying of other countries
Cryptography Regulation
Tough for government to justify regulation
“Four Horsemen of the Infocalypse” justification
Actual evidence hard to find
Intelligence agency $28 billion budget, more than housing or education
Can avoid regulation with steganography
The Market
Internet marketplace growing
Secure cryptography needed to protect transactions
Isolationism will cause U.S. to fall behind cryptography of other countries
No standards likely for future
Conclusion
Cryptography slow to advance because of politics mostly.Government will continue to try to impose regulations, while getting oppositionInternationally, a weapon of e-commerceProtected heavily by countriesIf other countries become too advanced, deregulation will be necessary
Conclusion cont.
Government trade-off between security, civil rights, and economic advantageCivilian use of strong cryptography will tip the scales of power a little, show social progress. Research into cryptography should be open and results freely distributableDid you find the steganography?
Conclusion cont.
Questions/Comments?
Recommended