Presentation is loading. Please wait.

Presentation is loading. Please wait.

From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud Professor Peter Swire The Privacy Project.

Published byApril Lawson Modified over 9 years ago

Similar presentations

Presentation on theme: "From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud Professor Peter Swire The Privacy Project."— Presentation transcript:

1 From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud Professor Peter Swire The Privacy Project – Cloud Conference April 4, 2012

2 The TPP Paper Rising adoption of encryption Declining effectiveness of traditional wiretaps – Especially at local level Technological reason for shift in lawful access to the cloud The “haves” & “have-nots”

3 Encryption Adoption (Finally?) VPNs Blackberry Gmail now, other webmail soon SSL pervasive (credit card numbers) – Dropbox & many more Facebook enables HTTPS, may shift default Skype & other VoIP Result – interception order at ISP or local telco often won’t work

4 Ways to Grab Communications 1.Break the encryption (if it’s weak) 2.Grab comms in the clear (CALEA) 3.Grab comms with hardware or software before or after encrypted (backdoors) 4.Grab stored communications, such as in the cloud My descriptive thesis: #4 is becoming FAR more important, for global communications Also, temptation to do more #2 and #3

5 Local switch Phone call Telecom Company 3 Alice Bob

6 Local switch Phone call Telecom Company 3 Alice Bob

7 Bob ISP Alice ISP %!#&*YJ#$ &#^@% Hi Bob! Internet: Many Nodes between ISPs Alice Bob %!#&*YJ#$ &#^@%

8 Problems with Weak Encryption Nodes between A and B can see and copy whatever passes through Many potential malicious nodes Strong encryption as feasible and correct answer – US approved for global use in 1999 – India, China new restrictions on strong encryption – “Encryption and Globalization” says those restrictions are bad idea

9 Encrypt Encrypted message – Hi Bob! Alice Bob's public key Bob's private key – Alice's local ISP %!#&YJ@$ Decrypt Hi Bob! %!#&YJ@$ – Bob's local ISP – Backbone provider Bob

10 Ways to Grab Communications 1.Break the encryption (if it’s weak) 2.Grab comms in the clear (CALEA) 3.Grab comms with hardware or software before or after encrypted (backdoors) 4.Grab stored communications, such as in the cloud

11 Limits of CALEA Applies to switched network & connect to that Bad cybersecurity to have unencrypted IP go through Internet nodes How deep to regulate IP products & services – WoW just a game? – Will all Internet hardware & software be built wiretap ready? That would be large new regulation of the Internet Could mobilize SOPA/PIPA coalition

12 Ways to Grab Communications 1.Break the encryption (if it’s weak) 2.Grab comms in the clear (CALEA) 3.Grab comms with hardware or software before or after encrypted (backdoors) 4.Grab stored communications, such as in the cloud

13 Governments Install Software? Police install virus on your computer This opens a back door, so police gain access to your computer Good idea for the police to be hackers? Good for cybersecurity?

14 Ways to Grab Communications 1.Break the encryption (if it’s weak) 2.Grab comms in the clear (CALEA) 3.Grab comms with hardware or software before or after encrypted (backdoors) 4.Grab stored communications, such as in the cloud

15 Stored Records: The Near Future Global requests for stored records – Encrypted webmail, so local ISP less useful – Local switched phone network less useful Push for “data retention”, so police can get the records after the fact The “haves” and “have nots” – Server in your jurisdiction – Technically ahead of the curve MLATs and other upcoming legal battles

16 Conclusion Adoption of strongly encrypted communications now going through a decisive shift Access by the cloud provider remains in many scenarios This technological shift will put pressure to develop legal mechanisms for global access to cloud providers

Download ppt "From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud Professor Peter Swire The Privacy Project."

Similar presentations

From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud Peter Swire Moritz College of Law Ohio State.

From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud Peter Swire Moritz College of Law Ohio State.
The Strategy of Using Security to Protect Privacy Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP Data Protection Commissioner.

The Strategy of Using Security to Protect Privacy Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP Data Protection Commissioner.
Rocket Software, Inc. Confidential James Storey General Manager, OSS Unit Rocket Software APNOMS 2003: Managing Pervasive Computing and Ubiquitous Communications.

Rocket Software, Inc. Confidential James Storey General Manager, OSS Unit Rocket Software APNOMS 2003: Managing Pervasive Computing and Ubiquitous Communications.
VET – Vetting Commodity IT Software and Firmware

VET – Vetting Commodity IT Software and Firmware
Secure Mobile IP Communication

Secure Mobile IP Communication
Lawful Access in the EU: The Pipe to the Cloud? Professor Peter Swire Ohio State University & Future of Privacy Forum Georgetown Law School Conference.

Lawful Access in the EU: The Pipe to the Cloud? Professor Peter Swire Ohio State University & Future of Privacy Forum Georgetown Law School Conference.
A-Level Computing data damage and prevention. Objectives To know the dangers associated with a computer system To understand the methods of prevention.

A-Level Computing data damage and prevention. Objectives To know the dangers associated with a computer system To understand the methods of prevention.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
“Encryption’s Vital Role in Safeguarding the Digital Economy” Professor Peter Swire Ohio State University ASSOCHAM International Conference Safeguarding.

“Encryption’s Vital Role in Safeguarding the Digital Economy” Professor Peter Swire Ohio State University ASSOCHAM International Conference Safeguarding.
Encryption and Globalization Professor Peter Swire IP Scholars Conference Chicago August 11, 2011.

Encryption and Globalization Professor Peter Swire IP Scholars Conference Chicago August 11, 2011.
HIPAA Security Standards What’s happening in your office?

HIPAA Security Standards What’s happening in your office?
Federated Authentication mechanism for mobile services Dasun Weerasinghe, Saritha Arunkumar, M Rajarajan, Veselin Rakocevic Mobile Networks Research Group.

Federated Authentication mechanism for mobile services Dasun Weerasinghe, Saritha Arunkumar, M Rajarajan, Veselin Rakocevic Mobile Networks Research Group.
Written By KEVIN J. O’BRIEN Published: December 28, 2009 By The New York Times A Report by Michael Abdullah.

Written By KEVIN J. O’BRIEN Published: December 28, 2009 By The New York Times A Report by Michael Abdullah.
Voice Over Internet Protocol “VoIP” Muayyed Al Kadhem Abdulkhaleq Al Musaleem.

Voice Over Internet Protocol “VoIP” Muayyed Al Kadhem Abdulkhaleq Al Musaleem.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
9 99 CHAPTER Privacy and Security. 9 © The McGraw-Hill Companies, Inc. 2002 Objectives 1.Privacy 2.Security 3.Ergonomics 4.Environment.

9 99 CHAPTER Privacy and Security. 9 © The McGraw-Hill Companies, Inc Objectives 1.Privacy 2.Security 3.Ergonomics 4.Environment.
Unit 28- Website Development Assignment 1- THEORY P3

Unit 28- Website Development Assignment 1- THEORY P3
We are Network Engineers

We are Network Engineers

Similar presentations

Ads by Google