Going Bright: Wiretapping without Weakening Communications Infrastructure

Bellovin, Steven M.; Blaze, Matt; Clark, Sandy; Landau, Susan

doi:10.1109/msp.2012.138

Cited by 10 publications

(6 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As for whether this change creates a "threat to public safety," Bellovin et al [15] observe that the digital revolution goes both ways. While "accessing communications content through traditional means could be getting harder," law enforcement's increased access to metadata combined with CALEA's low-cost phone wiretapping capabilities yield a telephony system that is too easy for law enforcement to intercept and that is inherently too vulnerable for users.…”

Section: Are the Benefits Greater Than The Costs?mentioning

confidence: 99%

“…Furthermore, we recognize that other societies have less direct influence over their governments, who might mimic any power that is asserted by other nations. For example, "the 1994 US solution of building wiretapping capabilities into switches was rapidly taken up in many other parts of the world under the generic name 'lawful intercept"' [15]. Additionally, participants in an Access Now panel about encryption noted that "officials in [a few countries] are, either purposefully or not, using factually inaccurate information about U.S. law to justify their own laws and policies" and that the citizens of those countries "would not be able to rely on protections in U.S. law or the Constitution" [4].…”

Section: Who Can Be Trusted With Such Power?mentioning

confidence: 99%

“…This is how Apple CEO Tim Cook characterized the request that the FBI made of his company regarding the San Bernadino shooter's phone [29]. Because the deliberate introduction of new vulnerabilities creates new risks for everyone, Bellovin et al [15] argue that "exploitation of naturally occurring bugs in the platforms being used by targets may be a better alternative. "…”

Section: Alternate Recourses For Law Enforcement?mentioning

confidence: 99%

See 2 more Smart Citations

Crypto Crumple Zones: Enabling Limited Access without Mass Surveillance

Wright

Varia²

2018

2018 IEEE European Symposium on Security and Privacy (EuroS&P)

View full text Add to dashboard Cite

Governments around the world are demanding more access to encrypted data, but it has been difficult to build a system that allows the authorities some access without providing unlimited access in practice. In this paper, we present new techniques for maximizing user privacy in jurisdictions that require support for so-called "exceptional access" to encrypted data. In contrast to previous work on this topic (e.g., key escrow), our approach places most of the responsibility for achieving exceptional access on the government, rather than on the users or developers of cryptographic tools. As a result, our constructions are very simple and lightweight, and they can be easily retrofitted onto existing applications and protocols. Critically, we introduce no new third parties, and we add no new messages beyond a single new Diffie-Hellman key exchange in protocols that already use Diffie-Hellman. We present two constructions that make it possiblealthough arbitrarily expensive-for a government to recover the plaintext for targeted messages. First, our symmetric crumpling technique uses a hash-based proof of work to impose a linear cost on the adversary for each message she wishes to recover. Second, our public key abrasion method uses a novel application of Diffie-Hellman over modular arithmetic groups to create an extremely expensive puzzle that the adversary must solve before she can recover even a single message. Our initial analysis shows that we can impose an upfront cost in the range of $100M to several billion dollars and a linear cost between $1K-$1M per message. We show how our constructions can easily be adapted to common tools including PGP, Signal, SRTP, full-disk encryption, and file-based encryption. Targeted access. Most previous work on enabling exceptional access has focused on key escrow; Abelson et al. summarize and critique this approach [1]. (Many of the same authors outline the risks of exceptional access again in a more recent paper [2].) Of all the previous work on key escrow, the one most similar to ours is Shamir's Partial Key Escrow [89]. There, instead of escrowing the entire symmetric key, the user escrows only a small portion of

show abstract

Section: Are the Benefits Greater Than The Costs?mentioning

confidence: 99%

Section: Who Can Be Trusted With Such Power?mentioning

confidence: 99%

Section: Alternate Recourses For Law Enforcement?mentioning

confidence: 99%

See 1 more Smart Citation

Crypto Crumple Zones: Enabling Limited Access without Mass Surveillance

Wright

Varia²

2018

2018 IEEE European Symposium on Security and Privacy (EuroS&P)

View full text Add to dashboard Cite

show abstract

“…For instance the intercept target can launch denial of service (DoS) attacks (Sherr et al, 2009) that prevent the accurate collection of not only the call contents, but even the metadata recorded by the law enforcement agency. These problems motivate other researchers to propose improvements to lawful interception systems, or even completely different alternatives (Bellovin et al, 2013) for LI. In (Bates et al, 2012), Bates et al proposed a more accountable CALEA wiretapping system that enables secure audits.…”

Section: Related Workmentioning

confidence: 99%

Digital Wiretap Warrant: Improving the security of ETSI Lawful Interception

Muñoz

Urueña

Aparicio

et al. 2015

Digital Investigation

View full text Add to dashboard Cite

Lawful Interception (LI) of data communications is an essential tool for Law Enforcement Agencies (LEA) in order to investigate criminal activities carried out or coordinated by means of Internet. However, the ability to secretly monitor the activities of citizens also has a great impact on civil rights. Therefore, democratic societies must prevent abuse and ensure that LI is only employed in specific cases with justifiable grounds or a probable cause. Nowadays, in many countries each interception must be authorized by a wiretap warrant, usually issued by a judge. However, this wiretap warrant is merely an administrative document that should be checked by the network or service operator before enabling the monitoring of its customers, whose communications are later handed over to a LEA in plaintext. This paper proposes the idea of employing a Digital Wiretap Warrant (DWW), which further protects the civil liberties, security and privacy of LI by ensuring that monitoring devices can only be enabled with a valid DWW, and by encrypting the captured data so only the authorized LEA is able to decrypt those communications. Moreover, in the proposed DWW framework all digital evidence is securely time-stamped and signed, thus guaranteeing that it has not been tampered with, and that a proper chain of custody has been met. In particular this paper proposes how to apply the DWW concept to the lawful interception framework defined by the ETSI LI Technical Committee, and evaluates how the additional security mechanisms could impact the performance and storage costs of a LI platform.

show abstract

“…Investigators were struggling to conduct electronic surveillance and obtain electronic evidence, because they were increasingly encountering encryption that online services and device vendors could not bypass. Comey's remarks tapped into an existing debate [2,30,217] and set the stage for another decade of encryption policy tussles, initially centered on law enforcement access to data stored on devices and more recently emphasizing child exploitation that uses E2EE messaging and storage [92,113,188,256,275].…”

Section: Introductionmentioning

confidence: 99%

SoK: Content Moderation for End-to-End Encryption

Scheffler

Mayer

2023

PoPETs

View full text Add to dashboard Cite

Popular messaging applications now enable end-to-end-encryption (E2EE) by default, and E2EE data storage is becoming common. These important advances for security and privacy create new content moderation challenges for online services, because services can no longer directly access plaintext content. While ongoing public policy debates about E2EE and content moderation in the United States and European Union emphasize child sexual abuse material and misinformation in messaging and storage, we identify and synthesize a wealth of scholarship that goes far beyond those topics. We bridge literature that is diverse in both content moderation subject matter, such as malware, spam, hate speech, terrorist content, and enterprise policy compliance, as well as intended deployments, including not only privacy-preserving content moderation for messaging, email, and cloud storage, but also private introspection of encrypted web traffic by middleboxes. In this work, we systematize the study of content moderation in E2EE settings. We set out a process pipeline for content moderation, drawing on a broad interdisciplinary literature that is not specific to E2EE. We examine cryptography and policy design choices at all stages of this pipeline, and we suggest areas of future research to fill gaps in literature and better understand possible paths forward.

show abstract

Going Bright: Wiretapping without Weakening Communications Infrastructure

Cited by 10 publications

References 6 publications

Crypto Crumple Zones: Enabling Limited Access without Mass Surveillance

Crypto Crumple Zones: Enabling Limited Access without Mass Surveillance

Digital Wiretap Warrant: Improving the security of ETSI Lawful Interception

SoK: Content Moderation for End-to-End Encryption

Contact Info

Product

Resources

About