Encryption & interception of communication

A Gift of Fire, 2ed Chapter 3: Encryption and Interception of Communications 1
Social, Legal, and Ethical Issues for Computers
and the Internet
Encryption and Interception of
Communications

A Gift of Fire
Encryption and Interception of
Communications
Overview of the Controversies
Intercepting Communications
Cryptography and Its Uses
Encryption Policy: Access to Software, Keys, and Plaintext
Fundamental Issues

Overview of the Controversies
Communications Privacy Affected by:
Interception of communications, including:
• Telephone, E-mail, and Web activity.
Restrictions on secure encryption.
• Exportation of strong encryption was viewed as a threat to national
security.
CALEA (Communications Assistance for Law Enforcement
Act).
• Communications technology must assist law enforcement.
Global surveillance systems.
• The constitutionality of domestic systems and the necessity of
international systems are under question.

Wiretapping
Telephone:
• Pre-1934: used widely by government, businesses, and private sector.
• 1934: the Federal Communications Act disallowed unauthorized
wiretaps; many ignored the law.
• 1968: the Omnibus Crime Control and Safe Streets Act restricted
wiretapping by requiring a court order.
Q: Can law enforcement intercept communications without a court order?

…
Yes…in an emergency. A device called a “pen
register” and a “trap and trace” can be used
to determine the telephone numbers called or
the number from which a call is made. These
do not require as much court scrutiny and
justification as intercepting the contents of a
call.

Wiretapping
New Technologies:
• 1986: Electronic Communications Privacy Act (ECPA) and its
amendments restricted government interception of e-mail, cell-phones,
etc..
• 2001: USA Patriot Act loosened restrictions on government wiretapping
and communications interception.
Q: Does the USA Patriot Act supersede ECPAs restrictions?

Designing Communications Systems for
Interception and Tracking
Obstacles to interception:
• Incomplete pen-registers as a result of long distance service.
• Packet-mode communications (e-mail, file transfers, Internet phones).
Solutions:
• CALEA: Requires telecommunications equipment be designed to
ensure interception by law enforcement (with court order).
Q: Why did privacy advocates object to
CALEA?

…
Privacy advocates argued that finding packet
based items allowed the government to go
beyond what was necessary. They objected to
the increased authority to get numbers
entered after the initial phone call was made.
These numbers might be account numbers,
passwords, PIN’s, and so forth.

Designing Communications Systems for
Interception and Tracking (cont’d)
CALEA
• Costs include modified hardware, software, and overuse by authorities.
(500,000,000!!!)
• Wiretappable systems vulnerable to criminal hacking, industrial spies,
etc..
• Competition weakened due to restricted changes and diversities.
Q: CALEA allows for the interception of PINs. Do you support this use?

Carnivore
FBI’s system to intercept e-mail with a court order.
• Pro: Law enforcement needs this tool to fight crime.
• Con: All e-mail goes through FBI’s Carnivore system.
Q: Does Carnivore violate the 4th
Amendment? The right of the people to be secure in their
persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no
warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the
place to be searched, and the persons or things to be seized.

NSA and Echelon
NSA (National Security Agency):
• Collects and analyzes communications to find threats to national
security.
Echelon:
• Member nations intercept communications for each other. It checks
Telephone conversations, e-mails, and downloads of targeted suspects.
Q: Should the NSA be permitted to intercept all e-mail entering and leaving
the U.S.?

Cryptography
Definition:
• Hiding data in plain sight.
Terms:
• Plaintext: Original, readable message or data.
• Cyphertext: Modified, unreadable message or data.
• Encryption: The act of converting plaintext into cyphertext.
• Decryption: The act of reverting cyphertext back to readable, plaintext.
Q: Are there other ways to hide a message in plain sight?

Public Key Cryptography
How it works:
• User creates a mathematically-related key pair (public and private
keys).
• Public keys are shared publicly; private keys are kept secret.
• Public keys are used to encrypt message or data.
• Private keys are used to decrypt message or data.
Benefits:
• No secret keys need be shared or transmitted.
• Very secure.
Q: How does key-size affect the ‘strength’ of encryption?

…
The larger the key size, the more possible keys
there are. If a 40-bit key is used, there are
2^40, or more than a trillion possible keys.
We now use 512-bit keys.

Encryption
Used by:
• Military personnel.
• Financial institutions.
• Human-rights activists.
• Government agencies.
• Anyone wanting to keep messages or data private.
Q: Why are strong encryption tools needed by human-rights activists?

Human Rights and the use of
Cryptography
`There has been no time that human rights concerns have been more visible than
recent years as networks of local and international activists bring abuses to light.
Global integration of telephone and fax lines are a direct cause.' (PoKempner,
1997) By providing quick and cheap communications and access to any kind of
information, the Internet is the first truly interactive mass medium. It is not only
used for fun and commercial purposes by the `consumers' but also used by those
campaigning against human rights abuses. There are many organizations
dealing with human rights abuses all around the world and these organizations
do use the Internet to communicate with their members or with dissident
groups. Before the governments can suppress the dissemination of critical
writings, and reports, the authors can distribute their work through the Internet
outside repressive regimes. It is well known that the Burmese dissidents(3) or
the Mexican Zapatistas use the Internet to communicate with the rest of the
world . It is critical and vital for human rights activists, political dissidents,
and whistle blowers throughout the world to facilitate confidential
communications free from government or any other intrusion. Strong
encryption is the only answer for this problem .

Steganography
Definition:
• Hiding data so that its existence is not known.
Examples:
• Digital watermarks.
• Hiding text in image files.
Used by:
• Military,
• Publishers,
• Anyone wishing to hide messages or data.

Encryption Policy: Access to Software,
Keys, and Plaintext
Secrecy and Export Controls
Control of Secrecy
• The NSA designs unbreakable codes for the U.S. government.
• The NSA attempts to break codes used by other governments.
• In the past, the NSA also controlled the funding for and publishing of
cryptographic research.
Control of Exportation
• Early U.S. policy prevented the exportation of strong encryption.
• Meanwhile, foreign production and use of strong encryption negatively
impacted U.S. competition in the world market.
• Cryptographic researchers, privacy advocates, and others successfully
challenged exportation restrictions.
Q: Why did the U.S. government insist on controlling export of strong crypto?

…
The government argued that the export
prohibition was necessary to keep strong
encryption from terrorist and enemy
governments.

Encryption Policy: Access to Software,
Keys, and Plaintext
Domestic Encryption
Key Escrow
• Third-party (some organization other than the user) entrusted with
non-public encryption keys. Problem…the government could get
access with a court order.
Real-time Access to Plaintext
• Immediate decryption of encrypted data.
• Long-time goal of the FBI.
Key Recovery
• The ability to recover encrypted files if necessary.
• Used by some businesses.
Q: Should key recovery systems be voluntary or compulsory?

…
Businesses often want key recovery…if an
employee is not available and someone else
must read encrypted files…problem.
The government argued to make key recovery
compulsory so that law enforcement agencies
would be able to obtain messages and have
them decoded by escrow agents by using
search warrants and court orders.

Fundamental Issues
Role of Secrecy
U.S. Policy Keeps Secret:
• Cryptographic research.
• Wiretap ease or difficulty.
• Encryption algorithms.
• Software (e.g. Carnivore).
• Global endeavors (e.g. Echelon).
Problems:
• Secret algorithms cannot be tested by experts.
• ‘Backdoors’ might exist.
• NSA-influenced wiretap and encryption exportation bills.
Why? Disclosing this
information can help
criminals and terrorists!

Fundamental Issues
The Ever-changing Status Quo
Past:
• Simple codes and cyphers.
Present:
• 512-bit RSA encryption.
• AES (Advanced Encryption Standard).
Future:
• Quantum computing.
• Quantum cryptography.
Q: Today, do coders or decoders have the upper hand?

Fundamental Issues
Trust in Government
Appropriate or Abusive?
• Wiretapping by FBI and local police.
• Wiretapping by NSA.
• Strong encryption restrictions.
• Roving wiretaps.
• Cell-phone tracking (and E-911).
• Key logger systems.
• Development of a nationwide standard for surveillance.

Encryption & interception of communication

More Related Content

What's hot

Viewers also liked

Similar to Encryption & interception of communication

More from Uc Man

Recently uploaded

Encryption & interception of communication