260 likes | 470 Vues
Impact of Computers on Society. 3. Encryption and Interception of Communication. It Could Never Happen…. Secret FBI papers revealed that John Lennon was ruled out as a communist threat because he was always stoned, London’s Evening Standard reported yesterday. Never….
E N D
Impact of Computers on Society 3. Encryption and Interception of Communication
It Could Never Happen… • Secret FBI papers revealed that John Lennon was ruled out as a communist threat because he was always stoned, London’s Evening Standard reported yesterday.
Never… • Documents show that the FBI suspected that the ex-Beatle was the head of revolutionaries planning to hijack a 1972 Republican conference, and kept him under close watch at first. But Lennon’s abuse of heroin, cocaine and marijuana in the early 1970s eventually ruled him out of FBI investigations. An agent concluded that Lennon “appears to be radically oriented” but “does not give the impression he is a true revolutionist, since he is constantly under the influence of narcotics.”
You Must Be Kidding! • Marilyn Monroe • Lucille Ball • And Albert Einstein… • ...were among the suspected communists tracked by the FBI from the 1950s to 1970s. • Washington Post, September 23, 2005, p. C3
Background • Different levels of message and information security • How secure is the postal service? • How secure is email? • How secure are financial transactions?
Three Main Issues • Whom do you trust? • How powerful is technology? • Technology is a “moving target” • How open should communications be?
A Brief History of Wiretapping 1928 – Supreme Court rules that… • wiretapping is not unconstitutional • wiretapping can be banned by Congress 1934 – Congress passes the Federal Communications Act • illegal to wiretap • no exception for law enforcement
More about Wiretapping • 1937 – Supreme Court stands behind the ban on wiretapping • FBI did it anyway • lax enforcement of anti-wiretapping laws • continuing debate for many years
Wiretapping Allowed • 1967 – Supreme Court rules that intercepting phone conversations without a court order violates 4th Amendment • 1968 – Congress explicitly allows wiretapping with court order • intended to help fight organized crime • USA PATRIOT Act of 2001 loosens restrictions further
Milestones in Interception • The Internet changes the playing field • no longer wiretapping • now, interception of communications • includes broadcast communications • what about fiber optics? • what about monitoring of RF emissions?
Lawful Interception • 1994 – CALEA (Communications Assistance for Law Enforcement Act) requires equipment to be designed to allow interception. • 1999 – FBI’s Carnivore email interception system • requires a court order • limited to a particular ISP • what about the email of other subscribers to that ISP? • can’t the ISP do this without having to physically hook up FBI computers to its own? • program terminated in 2005; now using commercially available software • superseded by DCS-3000 system
Echelon • 1998 – NSA’s Echelon. • Not supposed to be targeted at US citizens • NSA denies its existence • Major computing power • Examines RF emissions, including cell phones, etc. • Supposedly sifts through international traffic • Sifts through business and other traffic, not just military and law enforcement • Aside: the US Embassy in Moscow and Dr. Theramin
Echelon criticisms • The line is blurred on US citizens when national security is claimed or when they are abroad • What about our allies – Canada, Britain, Australia, NZ? • Going “deaf” because of the rise of fiber optic transmission rather than satellite • Major question is how much privacy should we be expected to give up in order to (maybe) catch the bad guys?
Recommended Reading • James Bamford • Puzzle Palace: a report on America’s most secret agency (1982) • Body of Secrets: anatomy of the ultra-secret National Security Administration: from the Cold War through the dawn of a new century (2001) • Leo Marks • Between Silk and Cyanide: a codemaker’s war 1941-1945 (1998)
Two Main Computer Defenses • Packet transmission • messages are less vulnerable en route • interception is most effective at the end points • Encryption • Requires a key, which must be passed secretly • Only one unbreakable code: the one-time key
Public Key Encryption • A known, published algorithm • RSA (Rivest, Shamir, Adelman) uses two large prime numbers for keys • Each party has two keys, a private key and a public key • One pair of keys to encrypt, the other pair to decrypt • Brute force attacks are essentially useless unless you have massive computing power • Longer keys make the encryption stronger • Problem of delivering the keys
More Encryption • The problem of computational overhead • Most of us use encryption for financial transactions on the Internet • 40-bit versus 128 bit encryption, and more • Remember that anything broadcast or transmitted can be intercepted • The bad guys can use encryption, too
A Few Uses of Encryption • Communications, both phone and data • Credit card numbers • Other financial data, for example brokerage transactions • Electronic Funds Transfer (EFT) • Passwords, usernames, account numbers on the Internet • Digital Signatures – did the message really come from that person?
Steganography • Concealing the fact that a message even exists • Hidden in a picture – a digital watermark • Hidden within a document – for example, a computer printed postage stamp • An image could conceal harmful code which will execute on the recipient’s computer • A message or virus could be concealed in almost anything that is digital
Attempts to Control Encryption Technology • 1990’s – Government attempts to restrict export of encryption technology • 1991 – Philip Zimmerman and PGP (Pretty Good Privacy) • “Restricted” browsers and other software • 1993 – Daniel Bernstein’s 1st Amendment lawsuit • 1996 – Courts decide in Bernstein’s favor
Why? • The genie was already out of the bottle • To protect the NSA • …the main goal of the export rules was to restrict encryption to what the NSA could routinely crack in “real time,” that is as messages are scanned. • …to prevent adoption of standard cryptography systems. Standards would encourage more use of encryption and make it harder for the NSA to distinguish the messages it wants to read.
Why?? • …export rules required that companies that wanted to export encryption systems had to disclose the details of their products to the government, ensuring that the NSA had full knowledge of the technologies in use. • Diffie & Landau, summarized by Baase, p. 119
End of Restrictions • 2000 – The government at last gives up the attempt to impose import restrictions on encryption. • Officially, the genie is out of the bottle…
Encryption Control in the US • 1993 – the Clipper Chip • Used an unpublished, secret NSA algorithm • Designed for telephones, also used on computers • Various key escrow proposals. The government wanted a third party escrow agent. • Government and law enforcement would need a court order to get the key • BUT – the escrow agent would be a government agency • A failure before it got off the ground • There is no provision for a “back door” in the USA PATRIOT Act.
And In Conclusion… • Remember that the goal of encryption is to make the difficulty of reading a message not worth the effort. • Technology is progressing very rapidly • To what extent do you trust government and law enforcement to uphold the 1st and 4th Amendments?