Encryption Adoption and Government Access to Cloud Communications

From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud Professor Peter Swire The Privacy Project Cloud Conference April 4, 2012

The TPP Paper Rising adoption of encryption Declining effectiveness of traditional wiretaps Especially at local level Technological reason for shift in lawful access to the cloud The haves & have-nots

Encryption Adoption (Finally?) VPNs Blackberry Gmail now, other webmail soon SSL pervasive (credit card numbers) Dropbox & many more Facebook enables HTTPS, may shift default Skype & other VoIP Result interception order at ISP or local telco often won t work

Ways to Grab Communications 1. Break the encryption (if it s weak) 2. Grab comms in the clear (CALEA) 3. Grab comms with hardware or software before or after encrypted (backdoors) 4. Grab stored communications, such as in the cloud My descriptive thesis: #4 is becoming FAR more important, for global communications Also, temptation to do more #2 and #3

3 Phone call Alice Local switch Telecom Company Local switch Phone call Bob

3 Phone call Alice Local switch Telecom Company Local switch Phone call Bob

Hi Bob! Alice Alice ISP %!#&*YJ#$ &#^@% %!#&*YJ#$ &#^@% Internet: Many Nodes between ISPs %!#&*YJ#$ &#^@% %!#&*YJ#$ &#^@% %!#&*YJ#$ &#^@% %!#&*YJ#$ &#^@% %!#&*YJ#$ &#^@% %!#&*YJ#$ &#^@% %!#&*YJ#$ &#^@% %!#&*YJ#$ &#^@% Bob ISP Hi Bob! Bob

Problems with Weak Encryption Nodes between A and B can see and copy whatever passes through Many potential malicious nodes Strong encryption as feasible and correct answer US approved for global use in 1999 India, China new restrictions on strong encryption Encryption and Globalization says those restrictions are bad idea

Hi Bob! Encrypt Bob's public key Alice Encrypted message %!#&YJ@$ Alice's local ISP %!#&YJ@$ Backbone provider %!#&YJ@$ Bob's local ISP %!#&YJ@$ Hi Bob! Decrypt Bob's private key Bob

Ways to Grab Communications 1. Break the encryption (if it s weak) 2. Grab comms in the clear (CALEA) 3. Grab comms with hardware or software before or after encrypted (backdoors) 4. Grab stored communications, such as in the cloud

Limits of CALEA Applies to switched network & connect to that Bad cybersecurity to have unencrypted IP go through Internet nodes How deep to regulate IP products & services WoW just a game? Will all Internet hardware & software be built wiretap ready? That would be large new regulation of the Internet Could mobilize SOPA/PIPA coalition

Ways to Grab Communications 1. Break the encryption (if it s weak) 2. Grab comms in the clear (CALEA) 3. Grab comms with hardware or software before or after encrypted (backdoors) 4. Grab stored communications, such as in the cloud

Governments Install Software? Police install virus on your computer This opens a back door, so police gain access to your computer Good idea for the police to be hackers? Good for cybersecurity?

Ways to Grab Communications 1. Break the encryption (if it s weak) 2. Grab comms in the clear (CALEA) 3. Grab comms with hardware or software before or after encrypted (backdoors) 4. Grab stored communications, such as in the cloud

Stored Records: The Near Future Global requests for stored records Encrypted webmail, so local ISP less useful Local switched phone network less useful Push for data retention , so police can get the records after the fact The haves and have nots Server in your jurisdiction Technically ahead of the curve MLATs and other upcoming legal battles

Conclusion Adoption of strongly encrypted communications now going through a decisive shift Access by the cloud provider remains in many scenarios This technological shift will put pressure to develop legal mechanisms for global access to cloud providers