{"id":3057,"date":"2021-05-03T13:54:27","date_gmt":"2021-05-03T17:54:27","guid":{"rendered":"https:\/\/www.bu.edu\/riscs\/?p=3057"},"modified":"2021-05-03T16:31:34","modified_gmt":"2021-05-03T20:31:34","slug":"abuse-resistant-government-backdoors","status":"publish","type":"post","link":"https:\/\/www.bu.edu\/riscs\/2021\/05\/03\/abuse-resistant-government-backdoors\/","title":{"rendered":"Abuse-Resistant Government Backdoors"},"content":{"rendered":"<p><em>By Gabe Kaptchuk.<\/em><\/p>\n<p>&nbsp;<\/p>\n<p><span>It is common to use encryption hundreds of times each day: when unlocking a phone, connecting to the wifi, or loading a webpage. The rise of personal computing and the internet has transformed encryption from an esoteric military tool to critical infrastructure that gives you control over your data.\u00a0\u00a0<\/span><\/p>\n<p><span>Modern encryption doesn\u2019t just protect against hackers, it also often prevents law enforcement from seeing your data.\u00a0 Even when law enforcement gets a warrant from a court, it won\u2019t help them decrypt this data.\u00a0 This limitation is at the center of an ongoing debate about the appropriate role of encryption in US society that first started in the 1990\u2019s.<\/span><\/p>\n<p><span>Law enforcement advocates have claimed that encryption poses a fundamental threat to public safety, because court-sanctioned searches cannot be executed.\u00a0 Privacy advocates and businesses have stressed the importance of encryption in ensuring personal privacy, protecting business transactions, and putting limits on government power.\u00a0 In an attempt to accommodate both needs, law enforcement has pushed for special law enforcement \u201cbackdoors\u201d in encrypted systems, <\/span><i><span>i.e.<\/span><\/i><span> a special decryption method that can only be used by law enforcement while executing a legal search.\u00a0 This debate has recently reignited, focusing on encrypted mobile devices and ubiquitous end-to-end encrypted messaging apps, like Signal and WhatsApp.\u00a0\u00a0<\/span><\/p>\n<p><span>At the heart of this socio-political debate is a technical question: is it possible to build a strong encryption system with a backdoor that only law enforcement can use? There has been little progress answering this question in the last 30 years.\u00a0 Most proposed constructions of encryption systems with backdoors give the government a \u201cmaster key\u201d that can decrypt everything, and hope that no one misuses the key. \u00a0 The vast majority of researchers and activists agree that this approach is inherently flawed.\u00a0 There are simply too many ways for this all-powerful master key to be abused: a government agent might overstep their authority or the key might be stolen by a foreign government.\u00a0 Indeed, proposals using master keys from the 1990s were ultimately defeated in part because concerns over abuse of power.<\/span><\/p>\n<p><span>Progress has stalled on this technical question because the requirements of the desired systems have never been fully defined.\u00a0 Put another way, there are actually two questions masquerading as one: (1) what properties should encryption systems with law enforcement backdoors provide? and (2) is it possible to construct systems that provide these properties? \u00a0 It is rare to see a clear and coherent answer to the first question, and there is no consensus.\u00a0 This makes it difficult to get to the second question.<\/span><\/p>\n<p><span>In our recent work, we progress the discussion around encrypted systems that permit law enforcement access by proposing some minimum criteria that any such system should meet.\u00a0 We focus on \u201cabuse resistance,\u201d meaning that improper use of the backdoor can be swiftly detected and addressed.\u00a0 This allows law enforcement to hold technical power, while limiting the potential for individuals &#8212; or even foreign governments &#8212; misappropriating that power.<\/span><\/p>\n<p><span>Specifically, in our work we suggest that encrypted systems should have the following minimum properties:<\/span><b><\/b><\/p>\n<ul>\n<li aria-level=\"1\"><b>Law Enforcement Access only with a Warrant. <\/b>Encrypted content should remain totally secure by default.\u00a0 Law enforcement &#8212; and only law enforcement &#8212; should be able to use the master key if a relevant warrant is issued by the appropriate court.<\/li>\n<li aria-level=\"1\"><b>Abuse Detectability.<\/b> A huge problem with existing proposals is that abuse can happen covertly; a government agent can use the master key for their own purposes and no one would ever know.\u00a0 We belive that systems should require a publicly audible trail to be generated <i>before<\/i> a backdoor can be used.\u00a0 This trail will allow auditors to raise the alarm whenever misuse is detected.<\/li>\n<li aria-level=\"1\"><b>Global Warrant Policies. <\/b>As a society, we should agree on what warrants should look like.\u00a0 For instance, maybe we want to limit warrants to be about specific individuals.\u00a0 Maybe we want warrants to only be usable for short periods of time.\u00a0 By defining some global warrant policy, we can limit the destructive capability of a hawkish court or overzealous law enforcement.<\/li>\n<li aria-level=\"1\"><b>Cryptographic Enforcement. <\/b>It is (theoretically) easy to write a law that requires a system to have the properties above.\u00a0 Unfortunately, we are primarily concerned with preventing the system from being abused by individuals who have no regard for the law.\u00a0 As such, we need to design technical systems that enforce all these properties using something more robust than the law, <i>e.g.<\/i> mathematics.\u00a0 Put another way, we want the math used to construct the system to make the master key unusable if the warrant does not comply with the warrant policy or the audit trail has not been created.<\/li>\n<\/ul>\n<p><span>Deploying a law enforcement backdoor without these minimum abuse resistance properties is clearly a recipe for disaster.\u00a0 Using these properties as inspiration, we hope the encryption debate shifts to include discussion about what other properties are necessary.\u00a0 Before discussion can begin on how to implement backdoors, it is imperitive to agree on the minimum abuse resistance properties for such a system.<\/span><\/p>\n<p><span>If you are interested in these ideas, check out our paper at <\/span><a href=\"https:\/\/eprint.iacr.org\/2021\/321.pdf\"><span>https:\/\/eprint.iacr.org\/2021\/321<\/span><\/a><span>!<\/span><\/p>\n<p><span>&#8212;<br \/>\n<\/span><\/p>\n<p><span>Gabe Kaptchuk is a Research Assistant Professor in Computer Science at Boston University. His research focuses on applied cryptography and he has worked both in industry and in policy (in the US Senate). His current research interests are at the intersection of privacy, cryptography, and society.\u00a0 Visit his personal website at <a href=\"http:\/\/kaptchuk.com\">kaptchuk.com<\/a><\/span><span><\/span><\/p>\n<p>&#8220;iPhone 6 with lock&#8221; <span data-v-e1c1f65a=\"\"> by MatthewKeys <\/span> is licensed with CC BY-ND 2.0. To view a copy of this license, visit https:\/\/creativecommons.org\/licenses\/by-nd\/2.0\/<\/p>\n","protected":false},"excerpt":{"rendered":"<p>By Gabe Kaptchuk. &nbsp; It is common to use encryption hundreds of times each day: when unlocking a phone, connecting to the wifi, or loading a webpage. The rise of personal computing and the internet has transformed encryption from an esoteric military tool to critical infrastructure that gives you control over your data.\u00a0\u00a0 Modern encryption [&hellip;]<\/p>\n","protected":false},"author":19115,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.bu.edu\/riscs\/wp-json\/wp\/v2\/posts\/3057"}],"collection":[{"href":"https:\/\/www.bu.edu\/riscs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bu.edu\/riscs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/riscs\/wp-json\/wp\/v2\/users\/19115"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/riscs\/wp-json\/wp\/v2\/comments?post=3057"}],"version-history":[{"count":6,"href":"https:\/\/www.bu.edu\/riscs\/wp-json\/wp\/v2\/posts\/3057\/revisions"}],"predecessor-version":[{"id":3064,"href":"https:\/\/www.bu.edu\/riscs\/wp-json\/wp\/v2\/posts\/3057\/revisions\/3064"}],"wp:attachment":[{"href":"https:\/\/www.bu.edu\/riscs\/wp-json\/wp\/v2\/media?parent=3057"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bu.edu\/riscs\/wp-json\/wp\/v2\/categories?post=3057"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bu.edu\/riscs\/wp-json\/wp\/v2\/tags?post=3057"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}