Encryption, the FBI, and Key Recovery Déja vu all over again? or Welcome to 1997? 1.
-
Upload
toby-gardner -
Category
Documents
-
view
214 -
download
1
Transcript of Encryption, the FBI, and Key Recovery Déja vu all over again? or Welcome to 1997? 1.
Encryption, the FBI, and Key Recovery
Déja vu all over again?
or
Welcome to 1997?
1
2
Public-Key Cryptography
• Whit Diffie and Marty Hellman, New Directions in Cryptography, 1976
• Clifford Cocks and Malcolm Williamson, secret work in the British GCHQ, 1973-74, revealed only in 1997
3
There is a very real and critical danger that unrestrained public discussion of cryptologic matters will seriously damage the ability of this government to conduct signals intelligence and the ability of this government to carry out its mission of protecting national security information from hostile exploitation.
-- Admiral Bobby Ray Inman (Director of the NSA, 1979)
4
CALEA, October 1994
… a telecommunications carrier … shall ensure that its equipment, facilities, or services … are capable of … expeditiously isolating and enabling the government, pursuant to a court order or other lawful authorization, to intercept … all wire and electronic communications carried by the carrier within a service area to or from equipment, facilities, or services of a subscriber of such carrier concurrently with their transmission to or from the subscriber's equipment, facility, or service, or at such later time as may be acceptable to the government …
From CALEA
• 47 U.S.C. 1002(b)(3): ENCRYPTION - A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.
5
From CALEA legislative history
Nothing in the bill is intended to limit or otherwise prevent the use of any type of encryption within the United States. Nor does the Committee intend this bill to be in any way a precursor to any kind of ban or limitation on encryption technology. To the contrary, section 2602 protects the right to use encryption.
6
Justice should go ahead now to seek a legislative fix to the digital telephony problem, and all parties should prepare to follow through on the encryption problem in about a year. Success with digital telephony will lock in one major objective; we will have a beachhead we can exploit for the encryption fix; and the encryption access options can be developed more thoroughly in the meantime.
10
Unless the issue of encryption is resolved soon, criminal conversations over the telephone and other communications devices will become indecipherable by law enforcement. This, as much as any issue, jeopardizes the public safety and national security of this country. Drug cartels, terrorists, and kidnappers will use telephones and other communications media with impunity knowing that their conversations are immune from our most valued investigative technique.
-
FBI Director Louis Freeh, Congressional testimony March 30, 1995
• I would suggest to you that homicide cases could be stalled, suspects could walk free, and child exploitation might not be discovered or prosecuted. Justice may be denied, because of a locked phone or an encrypted hard drive.
11
•FBI Director James Comey, October 2014
12
The crypto wars, 1994-1998
• Dramatis Personae–Industry
–Law enforcement
–National security
–Civil libertarian groups
13
The basic proposal: escrowed encryption
• Require encryption products to have a back door controlled by a set of keys (“escrowed keys”) that are held by the government or by its licensed agents– Might require this for products that can be
exported, or maybe all encryption products– Proposal first unveiled for telephones in 1994 (the
“Clipper phone”)– Modified in various ways throughout 1994-1998
14
NIST meetings with industry, Fall 95
• Allow export of hardware and software with up to 56-bit algorithms, provided the keys are escrowed with government approved “escrow agents”
• But– no interoperability between escrowed and non-escrowed systems– escrow cannot be disabled– escrow agents must be certified by US government or by foreign
governments with whom US has formal agreements
• Talks broke down
15
Interagency working group draft, May 96
Proposal:• Government will
support certification by licensing CAs. But CAs will also serve as escrow agents for communication keys.
Executive Office of the President
Office of Management and Budget
Washington, D.C. 20503
May 20, 1996
MEMORANDUM FOR INTERESTED PARTIES
SUBJECT: Draft Paper, "Enabling Privacy, Commerce, Security and Public Safety in the Global Information Infrastructure“
FROM: Bruce W. McConnell,Edward J. Appel
Co-Chairs, Interagency Working Group on Cryptography Policy
Attached for your review and comment is a draft paper entitled "Enabling Privacy, Commerce, Security and Public Safety in the Global Information Infrastructure." It presents a vision and course of action for developing a cryptographic infrastructure that will protect valuable information on national and international networks…
16
Courting industry, Fall 96 - ...
• Shift jurisdiction of crypto exports from State to Commerce
• Allow export of any strength, so long as it has key escrow (now known as “key recovery” - KR)
• Immediate approval of export for 56-bit DES, provided company files a plan for installing KR in new 56-products within two years
• Increased granting of export licenses for restricted applications (e..g, financial transactions)
17
Legislation, 1997
• Bills introduced in Congress all over the map, ranging from elimination of export controls to bills that would mandate key escrow, even for domestic use.
18
19
The deployment of key-recovery-based encryption infrastructures to meet law enforcement’s stated specifications will result in substantial sacrifices in security and greatly increased costs to the end user.
20
•We have specifically chosen not to endorse, condemn, or draw conclusions about any particular regulatory or legislative proposal or commercial product. Rather, it is our hope that our findings will shed further light on the debate over key recovery and provide a long-needed baseline analysis of the costs of key recovery as policymakers consider embracing one of the most ambitious and far-reaching technical deployments of the information age.
21
After 1998 …
• 1998-2000: Crypto export regulations modified and relaxed, but still exist (e.g., can’t export to the C/I/NK/S/S countries)
• Sept. 13, 2001: Sen. Judd Gregg (New Hampshire) calls for encryption regulations, saying encryption makers “have as much at risk as we have at risk as a nation, and they should understand that as a matter of citizenship, they have an obligation” to include decryption methods for government agents.
• By Oct., Gregg had changed his mind about introducing legislation.
Question: Why was 2001 so different from 1997?
The debate right now
The Brookings Institution
GOING DARK: ARE TECHNOLOGY, PRIVACY, AND PUBLIC SAFETY ON A COLLISION COURSE?
Washington, D.C., Thursday
October 16, 2014
22
JAMES COMEY
Director, Federal Bureau of Investigation
BENJAMIN WITTES
Senior Fellow and Research Director in Public Law
The Brookings Institution
MR. WITTES: So you’re not talking about necessarily a revival of the sort of key escrow idea from the mid-’90s. You’re speaking more thematically than that, is that right?
MR. COMEY: Correct. Yep, correct. Ideally I’d like to see CALEA written so that a communications provider has an obligation to build a lawful intercept capability into the product that they provide, not that we hold some universal key.
23
To be continued …
24