From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud Professor Peter Swire The Privacy Project.

Slides:

Advertisements

Similar presentations

From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud Peter Swire Moritz College of Law Ohio State.

Advertisements

The Strategy of Using Security to Protect Privacy Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP Data Protection Commissioner.

Rocket Software, Inc. Confidential James Storey General Manager, OSS Unit Rocket Software APNOMS 2003: Managing Pervasive Computing and Ubiquitous Communications.

VET – Vetting Commodity IT Software and Firmware

Secure Mobile IP Communication

Lawful Access in the EU: The Pipe to the Cloud? Professor Peter Swire Ohio State University & Future of Privacy Forum Georgetown Law School Conference.

A-Level Computing data damage and prevention. Objectives To know the dangers associated with a computer system To understand the methods of prevention.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

“Encryption’s Vital Role in Safeguarding the Digital Economy” Professor Peter Swire Ohio State University ASSOCHAM International Conference Safeguarding.

Encryption and Globalization Professor Peter Swire IP Scholars Conference Chicago August 11, 2011.

HIPAA Security Standards What’s happening in your office?

Federated Authentication mechanism for mobile services Dasun Weerasinghe, Saritha Arunkumar, M Rajarajan, Veselin Rakocevic Mobile Networks Research Group.

Written By KEVIN J. O’BRIEN Published: December 28, 2009 By The New York Times A Report by Michael Abdullah.

Voice Over Internet Protocol “VoIP” Muayyed Al Kadhem Abdulkhaleq Al Musaleem.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

9 99 CHAPTER Privacy and Security. 9 © The McGraw-Hill Companies, Inc Objectives 1.Privacy 2.Security 3.Ergonomics 4.Environment.

Unit 28- Website Development Assignment 1- THEORY P3

We are Network Engineers

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.

Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.

VoIP Voice over Internet Protocol or “It is not Voice over IP; it is Everything over IP…” Bob Pepper, FCC.

Virtual Private Network

VOIP ENGR 475 – Telecommunications Harding University November 16, 2006 Jonathan White.

ITGS Networks Based on the textbook “Information Technology in a Global Society for the IB Diploma” by Stuart Gray.

The Study of Security and Privacy in Mobile Applications Name: Liang Wei

The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.

1 3 Computing System Fundamentals 3.4 Networked Computer Systems.

Cisco Discovery Working at a Small-to-Medium Business or ISP CHAPTER 7 ISP Services Jr.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

Conflicting Privacy Regimes: (1) Encryption and (2) Access to Cloud Records Peter Swire Ohio State University Future of Privacy Forum IAPP Global Summit.

By Kyle Slinger.  A network is where you can send information to and from different PCs.

Cyber crime & Security Prepared by : Rughani Zarana.

By Chris Versaci CLOUD SECURITY. WHAT IS CLOUD COMPUTING? Cloud computing is a concept that involves a large number of computers connected through a real-time.

Reasons to Support Strong Encryption for a Globally Secure Internet Professor Peter Swire Ohio State University U.S. Technology Training Institute Washington,

Security Squad Keeping your Equipment and Information Safe Security Squad Keeping your Equipment and Information Safe Security Squad Video Series, Part.

Keyloggers At Work Jason Clark. History Believed to have been first used by the government Believed that they were used in the early 1990’s Software key.

Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.

CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications ◦The client requested data.

Lecture 17 Page 1 CS 236 Online Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption –With good encryption,

MoVoIX CSD 2005 mozambique voice over ip and ix extension FINAL PRESENTATION.

Networks Network topologies. Networks Network topology Is the way the devices are arranged in a network In a wired network, it shows how the computers.

Backdoors: How Will Government Agencies Adapt to Cybersecurity on the Internet? Professor Peter Swire Ohio State University Internet Law Scholars WIP New.

CS460 Final Project Service Provider Scenario David Bergman Dong Jin Richard Bae Scott Greene Suraj Nellikar Wee Hong Yeo Virtual Customer: Mark Scifres.

Firewall firewalls Is a program on your computer to protect your computer from all types of threats and if you have a server and you wasn’t to protect.

Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?

TRUENORTH TECHNOLOGY POLICIES OVERVIEW. This includes but is not limited to : – Games – Non-work related software – Streaming media applications – Mobile.

CALEA General Session February 6, CALEA Communications Assistance for Law Enforcement Act Basic purpose: to provide an easier way for Law.

Communication Methods

Cooperating with Internet Service Providers OSCE, Vienna, 24 th October 2008.

Privacy Déjà Vu: Crypto, Government Surveillance and Safe Harbor, Peter Swire Georgia Tech/Alston & Bird IAPP Summit April 4, 2016.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

Secure Socket Layer Protocol Dr. John P. Abraham Professor, UTRGV.

Securing Interconnect Networks By: Bryan Roberts.

Christopher Simpson. Road Map Definition of wiretapping Laws concerning wiretapping Legal justifications of wiretapping What wiretapping means to you.

Protection of Data 31 Protection of Data 31. Protection of Data 31 Having looked at threats, we’ll now look at ways to protect data: Physical Barriers.

SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.

McLean HIGHER COMPUTER NETWORKING Lesson 10 Ethical Implications Description of ethical implications of networks: Personal privacy Censorhip.

Why Does The Site Need an SSL Certification?. Security should always be a high concern for your website, but do you need an SSL certificate? A secure.

8 – Protecting Data and Security

“Privacy and Cybersecurity Law in India and the U.S.”

Decrypting Data Compliance in China

Attribution & the globalization of criminal evidence

Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek

Malware, Phishing and Network Policies

Ian Ramsey C of E School GCSE ICT Smart working Any time, anywhere.

Presentation transcript:

From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud Professor Peter Swire The Privacy Project – Cloud Conference April 4, 2012

The TPP Paper Rising adoption of encryption Declining effectiveness of traditional wiretaps – Especially at local level Technological reason for shift in lawful access to the cloud The “haves” & “have-nots”

Encryption Adoption (Finally?) VPNs Blackberry Gmail now, other webmail soon SSL pervasive (credit card numbers) – Dropbox & many more Facebook enables HTTPS, may shift default Skype & other VoIP Result – interception order at ISP or local telco often won’t work

Ways to Grab Communications 1.Break the encryption (if it’s weak) 2.Grab comms in the clear (CALEA) 3.Grab comms with hardware or software before or after encrypted (backdoors) 4.Grab stored communications, such as in the cloud My descriptive thesis: #4 is becoming FAR more important, for global communications Also, temptation to do more #2 and #3

Local switch Phone call Telecom Company 3 Alice Bob

Local switch Phone call Telecom Company 3 Alice Bob

Bob ISP Alice ISP %!#&*YJ#$ Hi Bob! Internet: Many Nodes between ISPs Alice Bob %!#&*YJ#$

Problems with Weak Encryption Nodes between A and B can see and copy whatever passes through Many potential malicious nodes Strong encryption as feasible and correct answer – US approved for global use in 1999 – India, China new restrictions on strong encryption – “Encryption and Globalization” says those restrictions are bad idea

Encrypt Encrypted message – Hi Bob! Alice Bob's public key Bob's private key – Alice's local ISP Decrypt Hi Bob! – Bob's local ISP – Backbone provider Bob

Ways to Grab Communications 1.Break the encryption (if it’s weak) 2.Grab comms in the clear (CALEA) 3.Grab comms with hardware or software before or after encrypted (backdoors) 4.Grab stored communications, such as in the cloud

Limits of CALEA Applies to switched network & connect to that Bad cybersecurity to have unencrypted IP go through Internet nodes How deep to regulate IP products & services – WoW just a game? – Will all Internet hardware & software be built wiretap ready? That would be large new regulation of the Internet Could mobilize SOPA/PIPA coalition

Ways to Grab Communications 1.Break the encryption (if it’s weak) 2.Grab comms in the clear (CALEA) 3.Grab comms with hardware or software before or after encrypted (backdoors) 4.Grab stored communications, such as in the cloud

Governments Install Software? Police install virus on your computer This opens a back door, so police gain access to your computer Good idea for the police to be hackers? Good for cybersecurity?

Ways to Grab Communications 1.Break the encryption (if it’s weak) 2.Grab comms in the clear (CALEA) 3.Grab comms with hardware or software before or after encrypted (backdoors) 4.Grab stored communications, such as in the cloud

Stored Records: The Near Future Global requests for stored records – Encrypted webmail, so local ISP less useful – Local switched phone network less useful Push for “data retention”, so police can get the records after the fact The “haves” and “have nots” – Server in your jurisdiction – Technically ahead of the curve MLATs and other upcoming legal battles

Conclusion Adoption of strongly encrypted communications now going through a decisive shift Access by the cloud provider remains in many scenarios This technological shift will put pressure to develop legal mechanisms for global access to cloud providers