Conflicting Privacy Regimes: (1) Encryption and (2) Access to Cloud Records Peter Swire Ohio State University Future of Privacy Forum IAPP Global Summit 2012 Washington, D.C. March 6, 2012
Overview Part I: Encryption and globalization – Brief history of wiretaps – Encryption on the Internet Crypto Wars of 1990s India and China today Part II: Emerging battles on access to the Cloud – Where will law enforcement get communications? – Encryption – CALEA-type laws – Seize before/after encryption – The cloud
Relevant Background Chair, White House Working Group on Encryption, 1999 Chair, White House Working Group on updating wiretap laws for the Internet, 2000 Current project at Future of Privacy Forum on government access to data in global setting
Are These Good Ideas? India: maximum crypto key length of 40 bits China: require use of Chinese-created cryptosystems, prohibit use of global standards
Local switch Phone call Telecom Company 3 Alice Bob
Local switch Phone call Telecom Company 3 Alice Bob
Bob ISP Alice ISP %!#&*YJ#$ Hi Bob! Internet: Many Nodes between ISPs Alice Bob %!#&*YJ#$
Problems with Weak Encryption Nodes between A and B can see and copy whatever passes through From a few telcos to many millions of nodes on the Internet – Hackers & criminals – Foreign governments – Amateurs Strong encryption as feasible and correct answer – US approved for global use in 1999, after the “crypto wars” – India, China new restrictions on strong encryption – “Encryption and Globalization” says those restrictions are bad idea, at
India Since 1990s, law on book: 40 bit legal limit on key length No enforcement then Mumbai attack, 2008 RIM and newly vigorous enforcement Key escrow proposal 2011 (blocked) Security agencies insist on ability to wiretap in real time – Didn’t like the new technical reality
Encrypt Encrypted message – Hi Bob! Alice Bob's public key Bob's private key – Alice's local ISP Decrypt Hi Bob! – Bob's local ISP – Backbone provider Bob
Encrypt Encrypted message – Hi Fred! Jill at Corporation A, Tata Public key of Corporation B – Reliance Private key of Corporation B, Reliance – Corporation A's ISP Decrypt Hi Fred! – Corporation B's ISP – Backbone provider Fred at Corporation B Reliance. Lawful process: (1)Ask Tata before encryption (2)Ask Reliance after decryption Lawful process: (1)Ask Tata before encryption (2)Ask Reliance after decryption
India RIM enforcement – Threaten import controls if no cooperation – RIM announces server in India – Nokia announces server there as well Ban SSL, VPNs, and all the other crypto? – Still have old law – 40 bit limit – Big gap between law and reality – Not clear how India will use its leverage going forward
China – Its Apparent Goals Internal surveillance – General limits on effective crypto Trade promotion – Indigenous Innovation Policy To sell in China, make in China Give them your IP – Use non-standard crypto-systems If make in China and export, their system spreads
China 1999 law generally prohibits commercial crypto, and requires license for import or domestic use of crypto Later soft law that no need for license except where “core function” is encryption – Microprocessors, PCs, mobile phones OK – VPNs are not OK, “core function” is crypto – Great uncertainty about meaning of “core function”, where you need their license
China License requires use of non-standard crypto – Algorithms were provided only to Chinese companies – In 2011, public release of 3 algorithms Testing from non-Chinese has begun Chinese algorithms/cryptosystems robust? Problems of interoperability with global standards – Additional limits on sales to state sector, which is large
What’s Chinese Strategy? Surveillance – “Air gap” at border, plaintext there International standards – Support Chinese standards Trade promotion – Spread Chinese standards BUT – Threat to interoperability – Threat to end-to-end cybersecurity – No effective peer review of Chinese crypto
Why Crypto Matters Crypto central to computing & thus cybersecurity Crypto deeply embedded in modern computing: – SSL, HTTPS, VPNs, Skype/VOIP, Blackberry – Offense is ahead of the defense – The world is our bad neighborhood – Defense and the weakest link problem – Crypto as perhaps the largest category for effective defensive – Don’t play cybersecurity with two hands tied behind your back
The Least Trusted Country Problem 1990’s Clipper chip debate – Many expressed lack of trust in government access to the keys Globalization and today’s encryption debate – What if a dozen or 50 countries with the keys, or enforced crypto limits? – What if your communications in the hands of your least trusted country? India/Pakistan; China/Taiwan; Israel/Iran – Don’t create security holes in global Internet
Wrap-Up on Part I Strong crypto crucial to your cybersecurity Are you implementing VPNs and other crypto globally? (I hope so) If so, legal risks in any of your countries? Should your organization get more involved in assuring secure computing and communications?
Part II: The Cloud International Conflicts to Come
Law Enforcement Perspective You’re the police – how do you wiretap communications on the Internet? – 9/11, Mumbai bombing – Want to implement lawful court order – Want to get content In the clear (not encrypted) In real time (the attack may be soon!) BUT (finally) voice and are being encrypted
Ways to Grab Communications 1.Break the encryption (if it’s weak) 2.Grab comms in the clear (CALEA) 3.Grab comms with hardware or software before or after encrypted (backdoors) 4.Grab stored communications, such as in the cloud My thesis: #4 is becoming FAR more important, for global communications Global rules for the “front doors” of cloud providers become far more important
Break the Crypto? Just analyzed why crypto is pervasive and strong India limits unlikely to work Chinese standards might work, breaking cybersecurity – How much of the rest of standard Web technology will they refuse?
Ways to Grab Communications 1.Break the encryption (if it’s weak) 2.Grab comms in the clear (CALEA) 3.Grab comms with hardware or software before or after encrypted (backdoors) 4.Grab stored communications, such as in the cloud
Local switch Phone call Telecom Company 3 Alice Bob
Bob ISP Alice ISP %!#&*YJ#$ Hi Bob! Internet: Many Nodes between ISPs Alice Bob %!#&*YJ#$
Limits of CALEA Very bad security to have unencrypted IP go through those web nodes Skype and VOIP pervasive How deep to regulate IP products & services? – WOW just a game? – Pre-clearance for IP communications? – FBI’s “going dark” argument has serious flaws and will face opposition in the IP space
Ways to Grab Communications 1.Break the encryption (if it’s weak) 2.Grab comms in the clear (CALEA) 3.Grab comms with hardware or software before or after encrypted (backdoors) 4.Grab stored communications, such as in the cloud
Governments Install Software? Police install virus on your computer This opens a back door, so police gain access to your computer Good idea for the police to be hackers? Good for cybersecurity?
Governments Install Hardware? Reports of telecom equipment that surveil communications through them Can “phone home” Good to design these vulnerabilities into the Net? 2/16/2012, The Atlantic: “Chinese Telecoms May Be Spying on Large Numbers of Foreign Customers”
Ways to Grab Communications 1.Break the encryption (if it’s weak) 2.Grab comms in the clear (CALEA) 3.Grab comms with hardware or software before or after encrypted (backdoors) 4.Grab stored communications, such as in the cloud
The New Emphasis on Stored Records Strong crypto now widely deployed for & web – Webmail using SSL, so local ISPs go dark From switched voice to VOIP & other IP – CALEA less effective at the tower/local switch
Stored Records: The Near Future Growth of the cloud Global requests for stored records – Encrypted webmail, so local ISP less useful – VOIP, so local switched phone network less useful If no Magic Lantern, then police go to stored records Push for “data retention”, so police can get the records after the fact
Wrap Up on Part II If you are in law enforcement or national security, new emphasis on access to stored records – If in country with cloud server, local service – If stored elsewhere, big new obstacle Copyright holders want stored records, too Stronger communication encryption But new battles about stored record security – Many knocks on the front doors of cloud providers and other record holders
For Your Organization How respond to records requests in-country? How respond to records requests from other countries? – Internal procedures – Lawyers – Want to cooperate with lawful access – Want your brand to say that records are stored securely Worth a review for the coming requests?
Sources Swire & Ahmad, “Encryption and Globalization”, at “Going Dark vs. A Golden Age of Encryption”, versus-golden-age-surveillance versus-golden-age-surveillance