government, cryptography and the right to privacy jenny shearer and peter gutmann presented by paul...
TRANSCRIPT
![Page 1: Government, Cryptography and the Right To Privacy Jenny Shearer and Peter Gutmann Presented by Paul Conti 4/3/00](https://reader030.vdocument.in/reader030/viewer/2022032805/56649ee75503460f94bf8575/html5/thumbnails/1.jpg)
Government, Cryptography and the Right To Privacy
Jenny Shearer and Peter Gutmann
Presented by
Paul Conti
4/3/00
![Page 2: Government, Cryptography and the Right To Privacy Jenny Shearer and Peter Gutmann Presented by Paul Conti 4/3/00](https://reader030.vdocument.in/reader030/viewer/2022032805/56649ee75503460f94bf8575/html5/thumbnails/2.jpg)
Presentation Layout
Introduction
The State
Standards Dilemma
The Citizen
The Market
Conclusion
![Page 3: Government, Cryptography and the Right To Privacy Jenny Shearer and Peter Gutmann Presented by Paul Conti 4/3/00](https://reader030.vdocument.in/reader030/viewer/2022032805/56649ee75503460f94bf8575/html5/thumbnails/3.jpg)
Introduction
Consequences of Government ControlImbalance of power relationship
Surveillance of citizens
Disruption of int’l commerce because of lack of powerful cryptography and no standardization
Human rights abuses
Limit political potential of I*net politics
![Page 4: Government, Cryptography and the Right To Privacy Jenny Shearer and Peter Gutmann Presented by Paul Conti 4/3/00](https://reader030.vdocument.in/reader030/viewer/2022032805/56649ee75503460f94bf8575/html5/thumbnails/4.jpg)
Introduction Cont.
The Problem: Public use of free, easy to use, strong cryptography.
Strong cryptography: cryptography which the government cannot break.
Government Reaction: Try to implement more restrictions on cryptography
Key forfeiture, weak encryption
Done with much resistance
![Page 5: Government, Cryptography and the Right To Privacy Jenny Shearer and Peter Gutmann Presented by Paul Conti 4/3/00](https://reader030.vdocument.in/reader030/viewer/2022032805/56649ee75503460f94bf8575/html5/thumbnails/5.jpg)
Introduction Cont.
Privacy as a right vs. national security
Loss of communications privacyMonitor dissent
New Zealand
Hard for less democratic countries
![Page 6: Government, Cryptography and the Right To Privacy Jenny Shearer and Peter Gutmann Presented by Paul Conti 4/3/00](https://reader030.vdocument.in/reader030/viewer/2022032805/56649ee75503460f94bf8575/html5/thumbnails/6.jpg)
Data Security
Cryptography classed as “munitions”Hardware & software implementations cannot be exported without permission
Central issue: key forfeiture
Covert RegulationPatent secrecy orders
Cut funding
Discourage standardization
Harrasment of encryption providers
![Page 7: Government, Cryptography and the Right To Privacy Jenny Shearer and Peter Gutmann Presented by Paul Conti 4/3/00](https://reader030.vdocument.in/reader030/viewer/2022032805/56649ee75503460f94bf8575/html5/thumbnails/7.jpg)
Key Forfeiture
Key forfeiture: involuntary relinquishing of keys to trusted agencies
No suitable agency found so far
Terrible track records for government agencies and protection of data
Non-government agencies also flawed
![Page 8: Government, Cryptography and the Right To Privacy Jenny Shearer and Peter Gutmann Presented by Paul Conti 4/3/00](https://reader030.vdocument.in/reader030/viewer/2022032805/56649ee75503460f94bf8575/html5/thumbnails/8.jpg)
Weak Encryption
Weak encryption: encryption capable of being broken by government
Problem: Other agencies and bad guys can break it too.
Especially applies to banking
Electronic payment systems
Medical and personal data
![Page 9: Government, Cryptography and the Right To Privacy Jenny Shearer and Peter Gutmann Presented by Paul Conti 4/3/00](https://reader030.vdocument.in/reader030/viewer/2022032805/56649ee75503460f94bf8575/html5/thumbnails/9.jpg)
Political Implications
Why a chaotic international cryptographic situation?
Democracy can’t cope
Citizens have predefined notion of cryptography – leave it to the govt.
Infringement of internet “community” will bring backlash
![Page 10: Government, Cryptography and the Right To Privacy Jenny Shearer and Peter Gutmann Presented by Paul Conti 4/3/00](https://reader030.vdocument.in/reader030/viewer/2022032805/56649ee75503460f94bf8575/html5/thumbnails/10.jpg)
The State
United States
Cryptography as munitions
Export allowed if encryption is weak or crippled
NetscapeNormally 128-bit session key
Exported with only 40 secret bits, 88 free
Cracked many times
Challenge to policy, denied – national security
![Page 11: Government, Cryptography and the Right To Privacy Jenny Shearer and Peter Gutmann Presented by Paul Conti 4/3/00](https://reader030.vdocument.in/reader030/viewer/2022032805/56649ee75503460f94bf8575/html5/thumbnails/11.jpg)
The State Cont.
Pro Regulation: France, Russia, GermanyFrance: Export of cryptography needs approval, Foreign companies register keysRussia: Presidential decree – all cryptography government approvedUse regulation for spying; U.S. has tooHard to regulate people using other encryption. e.g. PGP
![Page 12: Government, Cryptography and the Right To Privacy Jenny Shearer and Peter Gutmann Presented by Paul Conti 4/3/00](https://reader030.vdocument.in/reader030/viewer/2022032805/56649ee75503460f94bf8575/html5/thumbnails/12.jpg)
The State Cont.
Anti-encryption regulation: U. K.Most political parties favor broad use of encryptionReasons: wrong in principle, unworkable in practice, damaging to long-term economics of information networkRule #1 for all: Don’t export cryptography to the “bad” countries –Lybia, Iraq, etc.
![Page 13: Government, Cryptography and the Right To Privacy Jenny Shearer and Peter Gutmann Presented by Paul Conti 4/3/00](https://reader030.vdocument.in/reader030/viewer/2022032805/56649ee75503460f94bf8575/html5/thumbnails/13.jpg)
The Standards Dilemma
United states and national interest
Government’s most used reason for regulation
Govt. places national security issues and economic interests before Internet development
![Page 14: Government, Cryptography and the Right To Privacy Jenny Shearer and Peter Gutmann Presented by Paul Conti 4/3/00](https://reader030.vdocument.in/reader030/viewer/2022032805/56649ee75503460f94bf8575/html5/thumbnails/14.jpg)
Interoperability Issue
Lack of well-recognized international standards including interoperability hinders the use of cryptography
One internationally standard encryption algorithm – DES
Approved with much resistance
NSA -“worst mistake ever”
![Page 15: Government, Cryptography and the Right To Privacy Jenny Shearer and Peter Gutmann Presented by Paul Conti 4/3/00](https://reader030.vdocument.in/reader030/viewer/2022032805/56649ee75503460f94bf8575/html5/thumbnails/15.jpg)
Interoperability Issue Cont.
Similar problems with Triple-DESEasily incorporated into a system with DESBackwards compatible with single DES with an appropriate choice of keysNSA opposed, agencies weakenedOppose civilian use, but developed its own encryption for militaryResult - still no standards
![Page 16: Government, Cryptography and the Right To Privacy Jenny Shearer and Peter Gutmann Presented by Paul Conti 4/3/00](https://reader030.vdocument.in/reader030/viewer/2022032805/56649ee75503460f94bf8575/html5/thumbnails/16.jpg)
Privacy of Voice Comm.
Privacy protection through encryption ignored
Cell phones easily interceptable
Encryption could have saved $1.5 million dollars/day
GSM phones used A5 encryption – altered to suit governments needs
![Page 17: Government, Cryptography and the Right To Privacy Jenny Shearer and Peter Gutmann Presented by Paul Conti 4/3/00](https://reader030.vdocument.in/reader030/viewer/2022032805/56649ee75503460f94bf8575/html5/thumbnails/17.jpg)
Government Covert Action
NSA is a big bully
Discourage research, attempt to block patents, impede symposiums, prevent release of software, issue death threats
Public /media outcries usually stopped them
![Page 18: Government, Cryptography and the Right To Privacy Jenny Shearer and Peter Gutmann Presented by Paul Conti 4/3/00](https://reader030.vdocument.in/reader030/viewer/2022032805/56649ee75503460f94bf8575/html5/thumbnails/18.jpg)
The Citizen
Electronic Frontier Foundation formed to fight for electronic civil rights
Stress cryptography, quell hacking
![Page 19: Government, Cryptography and the Right To Privacy Jenny Shearer and Peter Gutmann Presented by Paul Conti 4/3/00](https://reader030.vdocument.in/reader030/viewer/2022032805/56649ee75503460f94bf8575/html5/thumbnails/19.jpg)
Clipper Chip
Uses NSA skipjack algorithm; used for voice transmissions; capstone for dataObjection: Key forfeiture system would bring universal surveillance Other problems: key forfeiture system could be easily bypassed, messages can be forged with out encryption key, FBI planned to outlaw all other encryption
![Page 20: Government, Cryptography and the Right To Privacy Jenny Shearer and Peter Gutmann Presented by Paul Conti 4/3/00](https://reader030.vdocument.in/reader030/viewer/2022032805/56649ee75503460f94bf8575/html5/thumbnails/20.jpg)
Clipper II –“Clipper’s Revenge”
Govt. outlined 10 criteria to allow for exportable encryptionProblem: Clipper II had weak encryption through short keys and key forfeitureShort key requirement allowed for legal access via escrow agentsPossible to decrypt messages without keyOnly compatible with government productsConductive to U.S. spying of other countries
![Page 21: Government, Cryptography and the Right To Privacy Jenny Shearer and Peter Gutmann Presented by Paul Conti 4/3/00](https://reader030.vdocument.in/reader030/viewer/2022032805/56649ee75503460f94bf8575/html5/thumbnails/21.jpg)
Cryptography Regulation
Tough for government to justify regulation
“Four Horsemen of the Infocalypse” justification
Actual evidence hard to find
Intelligence agency $28 billion budget, more than housing or education
Can avoid regulation with steganography
![Page 22: Government, Cryptography and the Right To Privacy Jenny Shearer and Peter Gutmann Presented by Paul Conti 4/3/00](https://reader030.vdocument.in/reader030/viewer/2022032805/56649ee75503460f94bf8575/html5/thumbnails/22.jpg)
The Market
Internet marketplace growing
Secure cryptography needed to protect transactions
Isolationism will cause U.S. to fall behind cryptography of other countries
No standards likely for future
![Page 23: Government, Cryptography and the Right To Privacy Jenny Shearer and Peter Gutmann Presented by Paul Conti 4/3/00](https://reader030.vdocument.in/reader030/viewer/2022032805/56649ee75503460f94bf8575/html5/thumbnails/23.jpg)
Conclusion
Cryptography slow to advance because of politics mostly.Government will continue to try to impose regulations, while getting oppositionInternationally, a weapon of e-commerceProtected heavily by countriesIf other countries become too advanced, deregulation will be necessary
![Page 24: Government, Cryptography and the Right To Privacy Jenny Shearer and Peter Gutmann Presented by Paul Conti 4/3/00](https://reader030.vdocument.in/reader030/viewer/2022032805/56649ee75503460f94bf8575/html5/thumbnails/24.jpg)
Conclusion cont.
Government trade-off between security, civil rights, and economic advantageCivilian use of strong cryptography will tip the scales of power a little, show social progress. Research into cryptography should be open and results freely distributableDid you find the steganography?
![Page 25: Government, Cryptography and the Right To Privacy Jenny Shearer and Peter Gutmann Presented by Paul Conti 4/3/00](https://reader030.vdocument.in/reader030/viewer/2022032805/56649ee75503460f94bf8575/html5/thumbnails/25.jpg)
Conclusion cont.
Questions/Comments?