Crypto Crumple Zones: Protecting Encryption in a Time of Political Uncertainty

Thursday, January 18, 2018 - 11:30 am12:00 pm

Charles Wright, Assistant Professor, Portland State University

Abstract: 

Governments around the world are demanding more access to encrypted data, but it has been difficult to build a system that allows the authorities some access without providing unlimited access in practice. And so the public policy debate around encryption has been framed as a binary choice between two absolutist positions: either we allow law enforcement no access at all to encrypted data, or we must effectively give them complete, unrestricted access to all our communications. In the first half of this talk, I begin by summarizing the current state of the debate around the availability of strong end-to-end encryption. How did we get here, and why did key escrow fail in the 90’s? What are the current arguments for and against strong end-to-end crypto? What are the motivations of the various parties on each side of the debate? Where is public opinion on this issue? What is the current status quo—in the US, in Europe, and in developing nations around the world?

In the second half of the talk, I argue that the crypto and security community should investigate better technical solutions to provide more security for people in countries where unbreakable, end-to-end encryption is already illegal (e.g., India) or where it may soon be banned (the UK). As a first step toward this goal, I present new constructions that maximize user privacy while still allowing the authorities some limited “exceptional access” to encrypted data. I present two new constructions for crumpling cryptographic keys to make it possible— although arbitrarily expensive—for a government to recover the plaintext for targeted messages. In contrast to previous work on this topic (e.g., key escrow), our approach places most of the responsibility for achieving exceptional access on the government rather than on the users or developers of cryptographic tools. I conclude with some thoughts on remaining challenges and directions for future work, including: issues of internationalization; creating disincentives for misuse; and some possible countermeasures.

Charles Wright, Assistant Professor, Portland State University

Dr. Wright is an assistant professor at Portland State University. His research focuses on security and privacy in multimedia, inference attacks on encrypted data, and efficient encrypted databases. Prior to joining PSU, he was a member of the technical staff at MIT Lincoln Laboratory.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {208171,
author = {Charles Wright},
title = {Crypto Crumple Zones: Protecting Encryption in a Time of Political Uncertainty},
booktitle = {Enigma 2018 (Enigma 2018)},
year = {2018},
address = {Santa Clara, CA},
url = {https://www.usenix.org/node/208172},
publisher = {USENIX Association},
month = jan
}

Presentation Video