DOCSLIB.ORG

Cryptography, the Clipper Chip, and the Constitution

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

THE METAPHOR IS THE KEY: CRYPTOGRAPHY, THE CLIPPER CHIP, AND THE CONSTITUTION A. MICHAEL FROOMKINt TABLE OF CONTENTS INTRODUCTION .................................. 712 I. MODERN CRYPTOGRAPHY: PRIVATE SECURITY, GOVERNMENT INSECURITY .................................. 718 A. Who Needs Cryptography?....................... 718 1. Banks, ATM-Users, Electronic Transactors ..... .719 2. Businesses with Commercial and Trade Secrets . 722 3. Professionals ............................ 724 4. National ID Cards and Data Authentication .... 725 5. Criminals ............................... 727 6. Users of Telephones, Electronic Mail, Faxes, or Computers .......................... 728 a. Cellular Telephones ..................... 728 b. Standard Telephones .................... 729 c. Faxes ............................... 729 d. E-mail ............................. 729 e. PersonalRecords ....................... 730 t © A. Michael Froomkin, 1995. Associate Professor, University of Miami School of Law. B.A. 1982, Yale College; M.Phil. 1984, Cambridge University;J.D. 1987, Yale Law School. Internet: [email protected] (PGP 2.6.2 public key appears infra note 787). Research for this article was supported by the University of Miami School of Law Summer Research Grant Fund. SueAnn Campbell, Nora de ]a Garza, YolandaJones, and Brian Williams provided superb library support, Rosalia Lliraldi provided secretarial support, andJulie Owen provided indefatigable research assistance. I am grateful to Abe Abraham, Stewart Baker, Tom Baker, Ken Bass, Caroline Bradley, Dorothy Denning, John Ely, Steve Fishbein,John Gilmore, Lance Hoffman, Mark Lemly, Larry Lessig, Charles C. Marson, George Mundstock, David Post,Jonathan Simon, Miles Smid, David Sobel, Cleveland Thorton, Lee Tien, Eugene Volokh, Stephen F. Williams, Steve Winter, two anonymous bureaucrats, and the participants in a University of Miami faculty seminar for their comments, corrections, and suggestions. I first encountered several of the issues discussed in this Article in the Cypherpunks and Cyberia-L mailing lists, and on the misc.legal.moderated newsgroup. For an earlier version of portions of Part III of this Article, see A. Michael Froomkin, The Constitutionality of Mandatory Key Escrow-A First Look, in BUILDING IN BIG BROTHER: THE CRYPTOGRAPHIC POLICY DEBATE (Lance Hoffman ed., forthcoming Mar. 1995) (manuscript at 413) [hereinafter BUILDING IN BIG BROTHER]. Unless otherwise specified, this Article reflects legal and technical developments occurring on or before January 1, 1995. (709) 710 UNIVERSITY OF PENNSYLVANIA LAW REVIEW [Vol. 143: 709 7. Dissidents and Others .................... 730 B. The U.S. DataEncryption Standard(DES) Is Increasingly Vulnerable ................................ 735 1. How DES Became a Standard ............... 735 2. DES Is Vulnerable to Attack ................ 738 3. How to Achieve Better Security ............. 740 C. The Escrowed Encryption Standard (EES) ........... 742 1. Why the Government Wants EES to Replace DES ................................... 743 a. Domestic Law Enforcement ................ 744 b. Intelligence Gathering ................... 747 c. Failure of Laws Designed to Prevent the Spread of Strong Cryptography ............. 748 i. Export Control: The ITAR ........... 748 ii. "Classified at Birth".................. 751 2. How Clipper Works ...................... 752 a. A Tale of Three Keys .................... 753 b. The Escrow Agents' CriticalRole ............ 759 c. Limited Recoursefor Improper Key Disclosure ... 762 II. THE ESCROWED ENCRYPTION PROPOSAL-LEGAL, POLICY, AND TECHNICAL PROBLEMS .......................... 764 A. EES: The Un-Rule Rule ....................... 764 1. FIPS 185: A Strange Standard .............. 764 2. An End-Run Around Accountability .......... 767 3. Did NIST's Cooperation with the NSA over FIPS 185 Violate the Computer Security Act of 1987? ........................... 776 4. Who Should Hold the Keys? ................ 782 B. Unresolved Issues ............................. 786 1. Requests from Foreign Governments ......... 787 2. Clipper Abroad? ........................ 788 3. What Level of Protection Do LEAFs Have Under the Electronic Communications Privacy Act? ............................. 789 C. Voluntary EES Is Constitutional ................. 793 D. Voluntary EES Is Unlikely to Displace Un-Escrowed Cryptography................................ 796 1. Why EES Worries People .................. 798 a. Preserving the Status Quo Prevents a Return to the Status Quo Ante ............. 798 b. EES Does Not Preserve the Status Quo ........ 800 c. The Status Quo May Not Be Stable .......... 802 1995] THE METAPHOR IS THE KEY- THE CLIPPER CHIP 711 2. Spoofing EES: The LEAF-Blower ............ 806 E. What Happens If EES Fails? .................... 808 III. WOULD MANDATORY KEY ESCROW BE CONSTITUTIONAL? . 810 A. First Amendment Issues ........................ 812 1. Compelled Speech ......................... 813 2. Chilling Effect on Speech .................. 815 3. Anonymity and the Freedom of Association .... 817 4. The Parallel to Antimask Laws .............. 821 B. Fourth Amendment Issues ....................... 823 1. The Fourth Amendment Does Not Give the Government an Affirmative Right to an Effective Search .......................... 826 2. Mandatory Escrow of a Key Is a "Search or Seizure"................................ 827 3. Mandatory Key Escrow as a "Regulatory Search". ............................... 830 C. Fifth Amendment Issues ....................... 833 1. The Chip Key as a Private Paper .............. 834 2. Is a Chip Key or a Session Key "Incriminating"? . 836 D. Privacy Issues ............................... 838 1. The Right to Autonomous Choice Regarding Nonintimate Matters ..................... 838 2. The Right to Be Left Alone ................ 839 3. The Right to Autonomous Choice Regarding Intimate Matters ........................ 840 E. What Next? ................................. 843 IV. IDEAS ARE WEAPONS ........................... 843 A. Caught Between Archetypes ...................... 846 1. Big Brother ............................ 847 2. The Conspirator ........................ 850 a. Panics over Plotters ..................... 851 b. Modem Incarnations: The Drug Kingpin and the Terrorist ...................... 856 B. Mediating the Clash: A Metaphoric Menu ........... 859 1. Focus on Communication .................... 862 a. "Car"--How Messages Travel ............... 863 b. "Language"............................ 865 2. Focus on Exclusion ...................... 870 a. "Safe"............................... 871 b. "House"-Where Messages Come from ......... 874 C. The Power to Choose .......................... 879 CONCLUSION .................................... 882 712 UNIVERSITY OF PENNSYLVANIA LAW REVIEW [Vol. 143: 709 TECHNICAL APPENDIX: BRUTE-FORCE CRYPTANALYSIS, PUBLIC-KEY ENCRYPTION, AND DIGITAL SIGNATURES ....... 885 A. Brute-Force Cryptanalysis ...................... 887 B. Public-Key Cryptography ......................... 890 C. Digital Signatures ........................... 895 INTRODUCTION Without the ability to keep secrets, individuals lose the capacity to distinguish themselves from others, to maintain independent lives, to be complete and autonomous persons.... This does not mean that a person actually has to keep secrets to be autonomous, just that she must possess the ability to do so. The ability to keep secrets implies the ability to disclose secrets selectively, and so the capacity for selective disclosure at one's own discretion is impor- tant to individual autonomy as well.' Secrecy is a form of power.2 The ability to protect a secret, to preserve one's privacy, is a form of power.' The ability to pene- trate secrets, to learn them, to use them, is also a form of power. Secrecy empowers, secrecy protects, secrecy hurts. The ability to learn a person's secrets without her knowledge-to pierce a person's privacy in secret-is a greater power still. People keep secrets for good reasons and for evil ones. Learning either type of secret gives an intruder power over another. Depending on the people compromised and the secrets learned, this power may be deployed for good (preventing a planned harm) or ill (blackmail, intimidation). This Article is about the clash between two types of power: the individual's power to keep a secret from the state and others, and the state's power to penetrate that secret.' It focuses on new 'KIM L. SCHEPPELE, LEGAL SECRETS 302 (1988) (footnote omitted). 2 "Secrecy" refers to the intentional concealment of information so as to prevent others from "possessing it, making use of it, or revealing it" to third parties. SISSELA BOK, SECRETS: ON THE ETHICS OF CONCEALMENT AND REVELATION 6 (1982). It also refers to "the methods used to conceal [information], such as codes or disguises." Id. 3 Privacy is "that portion of human experience for which secrecy is regarded as most indispensable." Id. at 7. Secrecy and privacy are not identical, however. See id. at 10. Privacy is "the condition of being protected from unwanted access by others-either physical access, personal information, or attention. Claims to privacy are claims to control access to what one takes... to be one's personal domain." Id. at 10-11. ' In this sense, "the right to privacy has everything to do with delineating the legitimate limits of governmental power." Jed Rubenfeld, The Right of Privacy, 102 1995] THE METAPHOR IS THE KEY- THE CLIPPER CHIP 713 conflicts between the perennial desire
Recommended publications
  • Protocol Failure in the Escrowed Encryption Standard

    Protocol Failure in the Escrowed Encryption Standard

    Protocol Failure in the Escrowed Encryption Standard Matt Blaze AT&T Bell Laboratories [email protected] August 20, 1994 Abstract The proposal, called the Escrowed Encryption Stan- dard (EES) [NIST94], includes several unusual fea- The Escrowed Encryption Standard (EES) de¯nes tures that have been the subject of considerable de- a US Government family of cryptographic processors, bate and controversy. The EES cipher algorithm, popularly known as \Clipper" chips, intended to pro- called \Skipjack", is itself classi¯ed, and implemen- tect unclassi¯ed government and private-sector com- tations of the cipher are available to the private sec- munications and data. A basic feature of key setup be- tor only within tamper-resistant modules supplied by tween pairs of EES processors involves the exchange of government-approved vendors. Software implementa- a \Law Enforcement Access Field" (LEAF) that con- tions of the cipher will not be possible. Although Skip- tains an encrypted copy of the current session key. The jack, which was designed by the US National Security LEAF is intended to facilitate government access to Agency (NSA), was reviewed by a small panel of civil- the cleartext of data encrypted under the system. Sev- ian experts who were granted access to the algorithm, eral aspects of the design of the EES, which employs a the cipher cannot be subjected to the degree of civilian classi¯ed cipher algorithm and tamper-resistant hard- scrutiny ordinarily given to new encryption systems. ware, attempt to make it infeasible to deploy the sys- By far the most controversial aspect of the EES tem without transmitting the LEAF.
  • Crypto Wars of the 1990S

    Crypto Wars of the 1990S

    Danielle Kehl, Andi Wilson, and Kevin Bankston DOOMED TO REPEAT HISTORY? LESSONS FROM THE CRYPTO WARS OF THE 1990S CYBERSECURITY June 2015 | INITIATIVE © 2015 NEW AMERICA This report carries a Creative Commons license, which permits non-commercial re-use of New America content when proper attribution is provided. This means you are free to copy, display and distribute New America’s work, or in- clude our content in derivative works, under the following conditions: ATTRIBUTION. NONCOMMERCIAL. SHARE ALIKE. You must clearly attribute the work You may not use this work for If you alter, transform, or build to New America, and provide a link commercial purposes without upon this work, you may distribute back to www.newamerica.org. explicit prior permission from the resulting work only under a New America. license identical to this one. For the full legal code of this Creative Commons license, please visit creativecommons.org. If you have any questions about citing or reusing New America content, please contact us. AUTHORS Danielle Kehl, Senior Policy Analyst, Open Technology Institute Andi Wilson, Program Associate, Open Technology Institute Kevin Bankston, Director, Open Technology Institute ABOUT THE OPEN TECHNOLOGY INSTITUTE ACKNOWLEDGEMENTS The Open Technology Institute at New America is committed to freedom The authors would like to thank and social justice in the digital age. To achieve these goals, it intervenes Hal Abelson, Steven Bellovin, Jerry in traditional policy debates, builds technology, and deploys tools with Berman, Matt Blaze, Alan David- communities. OTI brings together a unique mix of technologists, policy son, Joseph Hall, Lance Hoffman, experts, lawyers, community organizers, and urban planners to examine the Seth Schoen, and Danny Weitzner impacts of technology and policy on people, commerce, and communities.
  • A History of End-To-End Encryption and the Death of PGP

    A History of End-To-End Encryption and the Death of PGP

    25/05/2020 A history of end-to-end encryption and the death of PGP Hey! I'm David, a security engineer at the Blockchain team of Facebook (https://facebook.com/), previously a security consultant for the Cryptography Services of NCC Group (https://www.nccgroup.com). I'm also the author of the Real World Cryptography book (https://www.manning.com/books/real-world- cryptography?a_aid=Realworldcrypto&a_bid=ad500e09). This is my blog about cryptography and security and other related topics that I Ûnd interesting. A history of end-to-end encryption and If you don't know where to start, you might want to check these popular the death of PGP articles: posted January 2020 - How did length extension attacks made it 1981 - RFC 788 - Simple Mail Transfer Protocol into SHA-2? (/article/417/how-did-length- extension-attacks-made-it-into-sha-2/) (https://tools.ietf.org/html/rfc788) (SMTP) is published, - Speed and Cryptography the standard for email is born. (/article/468/speed-and-cryptography/) - What is the BLS signature scheme? (/article/472/what-is-the-bls-signature- This is were everything starts, we now have an open peer-to-peer scheme/) protocol that everyone on the internet can use to communicate. - Zero'ing memory, compiler optimizations and memset_s (/article/419/zeroing-memory- compiler-optimizations-and-memset_s/) 1991 - The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations The US government introduces the 1991 Senate Bill 266, (/article/461/the-9-lives-of-bleichenbachers- which attempts to allow "the Government to obtain the cat-new-cache-attacks-on-tls- plain text contents of voice, data, and other implementations/) - How to Backdoor Di¸e-Hellman: quick communications when appropriately authorized by law" explanation (/article/360/how-to-backdoor- from "providers of electronic communications services di¸e-hellman-quick-explanation/) and manufacturers of electronic communications - Tamarin Prover Introduction (/article/404/tamarin-prover-introduction/) service equipment".
  • Battle of the Clipper Chip - the New York Times

    Battle of the Clipper Chip - the New York Times

    Battle of the Clipper Chip - The New York Times https://www.nytimes.com/1994/06/12/magazine/battle-of-the-clipp... https://nyti.ms/298zenN Battle of the Clipper Chip By Steven Levy June 12, 1994 See the article in its original context from June 12, 1994, Section 6, Page 46 Buy Reprints VIEW ON TIMESMACHINE TimesMachine is an exclusive benefit for home delivery and digital subscribers. About the Archive This is a digitized version of an article from The Times’s print archive, before the start of online publication in 1996. To preserve these articles as they originally appeared, The Times does not alter, edit or update them. Occasionally the digitization process introduces transcription errors or other problems; we are continuing to work to improve these archived versions. On a sunny spring day in Mountain View, Calif., 50 angry activists are plotting against the United States Government. They may not look subversive sitting around a conference table dressed in T-shirts and jeans and eating burritos, but they are self-proclaimed saboteurs. They are the Cypherpunks, a loose confederation of computer hackers, hardware engineers and high-tech rabble-rousers. The precise object of their rage is the Clipper chip, offically known as the MYK-78 and not much bigger than a tooth. Just another tiny square of plastic covering a silicon thicket. A computer chip, from the outside indistinguishable from thousands of others. It seems 1 of 19 11/29/20, 6:16 PM Battle of the Clipper Chip - The New York Times https://www.nytimes.com/1994/06/12/magazine/battle-of-the-clipp..
  • Zfone: a New Approach for Securing Voip Communication

    Zfone: a New Approach for Securing Voip Communication

    Zfone: A New Approach for Securing VoIP Communication Samuel Sotillo [email protected] ICTN 4040 Spring 2006 Abstract This paper reviews some security challenges currently faced by VoIP systems as well as their potential solutions. Particularly, it focuses on Zfone, a vendor-neutral security solution developed by PGP’s creator, Phil Zimmermann. Zfone is based on the Z Real-time Transport Protocol (ZRTP), which is an extension of the Real-time Transport Protocol (RTP). ZRTP offers a very simple and robust approach to providing protection against the most common type of VoIP threats. Basically, the protocol offers a mechanism to guarantee high entropy in a Diffie- Hellman key exchange by using a session key that is computed through the hashing several secrets, including a short authentication string that is read aloud by callers. The common shared secret is calculated and used only for one session at a time. However, the protocol allows for a part of the shared secret to be cached for future sessions. The mechanism provides for protection for man-in-the-middle, call hijack, spoofing, and other common types of attacks. Also, this paper explores the fact that VoIP security is a very complicated issue and that the technology is far from being inherently insecure as many people usually claim. Introduction Voice over IP (VoIP) is transforming the telecommunication industry. It offers multiple opportunities such as lower call fees, convergence of voice and data networks, simplification of deployment, and greater integration with multiple applications that offer enhanced multimedia functionality [1]. However, notwithstanding all these technological and economic opportunities, VoIP also brings up new challenges.
  • Mixminion: Design of a Type III Anonymous Remailer Protocol

    Mixminion: Design of a Type III Anonymous Remailer Protocol

    Mixminion: Design of a Type III Anonymous Remailer Protocol G. Danezis, R. Dingledine, N. Mathewson IEEE S&P 2003 Presented by B. Choi in cs6461 Computer Science Michigan Tech Motivation ● Anonymous email only – High latency vs. near real-time (onion routing) ● Anonymous email implementations – Type 1: Cypherpunk (80’s) ● vulnerable to replay attacks – Type 2: Mixmaster(92) ● message padding and pooling – Type 3: Mixminion (2003) ● Anonymous Replies! Reply block? ● Most or many systems support sender anonymity ● Pynchon Gate supports receiver anonymity in an interesting way (P2P file sharing: 2005) – Send everything to everywhere (everyone) ● Is receiver anonymity too hard to achieve? – First of all, receiver has to use pseudonyms ● Pseudonym policy: how many, valid period, ... Reply blocks ● Chaum(‘81), BABEL (‘96), Mixmaster (92) .. – Entire path is chosen by the sender ● Variations are possible ● BABEL RPI is invisible to passive external attackers ● BABEL RPI is visible to internal passive attackers (mix) – Can be used multiple times? ● Good for communication efficiency ● Bad for anonymity due to potential path information leaking ● Adversary could utilize the pattern of the same reply block Fundamental solution to the reply block problem? ● One way is to use single-use reply blocks (SURB) ● Reply messages are indistinguishable from forward messages even to mix nodes ● Effect: both reply and forward messages share the same anonymity set ● SURB ● How to design SURB? – Sender generates SURB – To defeat replay, each intermediate node
  • Performance and Limitation Review of Secure Hash Function Algorithm

    Performance and Limitation Review of Secure Hash Function Algorithm

    International Journal on Recent and Innovation Trends in Computing and Communication ISSN: 2321-8169 Volume: 7 Issue: 6 48 - 51 ______________________________________________________________________________________ Performance and Limitation Review of Secure Hash Function Algorithm Iti Malviya Prof. Tejasvini Chetty M.Tech scholar Assistant Professor Department of Electronics and Communication Department of Electronics and Communication SISTec, Bhopal (M.P.) SISTec, Bhopal (M.P.) Abstract—A cryptographic hash work is a phenomenal class of hash work that has certain properties which make it fitting for use in cryptography. It is a numerical figuring that maps information of emotional size to a bit string of a settled size (a hash) and is expected to be a confined limit, that is, a limit which is infeasible to adjust. Hash Functions are significant instrument in information security over the web. The hash functions that are utilized in different security related applications are called cryptographic hash functions. This property is additionally valuable in numerous different applications, for example, production of digital signature and arbitrary number age and so on. The vast majority of the hash functions depend on Merkle-Damgard development, for example, MD-2, MD-4, MD-5, SHA-1, SHA-2, SHA-3 and so on, which are not hundred percent safe from assaults. The paper talks about a portion of the secure hash function, that are conceivable on this development, and accordingly on these hash functions additionally face same attacks. Keywords- Secure, function, MD-2, MD-4, MD-5, SHA-1, SHA-2, SHA-3. __________________________________________________*****_________________________________________________ I. INTRODUCTION progressively broad functions with rather various properties and purposes.
  • The Design, Implementation and Operation of an Email Pseudonym Server

    The Design, Implementation and Operation of an Email Pseudonym Server

    The Design, Implementation and Operation of an Email Pseudonym Server David Mazieres` and M. Frans Kaashoek MIT Laboratory for Computer Science 545 Technology Square, Cambridge MA 02139 Abstract Attacks on servers that provide anonymity generally fall into two categories: attempts to expose anonymous users and attempts to silence them. Much existing work concentrates on withstanding the former, but the threat of the latter is equally real. One particularly effective attack against anonymous servers is to abuse them and stir up enough trouble that they must shut down. This paper describes the design, implementation, and operation of nym.alias.net, a server providing untraceable email aliases. We enumerate many kinds of abuse the system has weath- ered during two years of operation, and explain the measures we enacted in response. From our experiences, we distill several principles by which one can protect anonymous servers from similar attacks. 1 Introduction Anonymous on-line speech serves many purposes ranging from fighting oppressive government censorship to giving university professors feedback on teaching. Of course, the availability of anonymous speech also leads to many forms of abuse, including harassment, mail bombing and even bulk emailing. Servers providing anonymity are particularly vulnerable to flooding and denial-of-service attacks. Concerns for the privacy of legitimate users make it impractical to keep usage logs. Even with logs, the very design of an anonymous service generally makes it difficult to track down attackers. Worse yet, attempts to block problematic messages with manually-tuned filters can easily evolve into censorship—people unhappy with anonymous users will purposefully abuse a server if by doing so they can get legitimate messages filtered.
  • Privacy-Enhancing Technologies for the Internet

    Privacy-Enhancing Technologies for the Internet

    Privacy-enhancing technologies for the Internet Ian Goldberg David Wagner Eric Brewer University of California, Berkeley iang,daw,brewer ¡ @cs.berkeley.edu Abstract ing privacy issues on the Internet, and Section 3 provides some relevant background. We then discuss Internet pri- The increased use of the Internet for everyday activi- vacy technology chronologically, in three parts: Section 4 ties is bringing new threats to personal privacy. This pa- describes the technology of yesterday, Section 5 explains per gives an overview of existing and potential privacy- today’s technology, and Section 6 explores the technology enhancing technologies for the Internet, as well as moti- of tomorrow. Finally, we conclude in Section 7. vation and challenges for future work in this field. 2. Motivation 1. Introduction The threats to one’s privacy on the Internet are two-fold: your online actions could be (1) monitored by unauthorized Recently the Internet has seen tremendous growth, with parties and (2) logged and preserved for future access many the ranks of new users swelling at ever-increasing rates. years later. You might not realize that your personal infor- This expansion has catapulted it from the realm of academic mation has been monitored, logged, and subsequently dis- research towards new-found mainstream acceptance and in- closed; those who would compromise your privacy have no creased social relevance for the everyday individual. Yet incentive to warn you. this suddenly increased reliance on the Internet has the po- The threat of long-term storage and eventual disclosure tential to erode personal privacies we once took for granted. of personal information is especially acute on the Internet.
  • A Concept of an Anonymous Direct P2P Distribution Overlay System

    A Concept of an Anonymous Direct P2P Distribution Overlay System

    22nd International Conference on Advanced Information Networking and Applications A Concept of an Anonymous Direct P2P Distribution Overlay System Igor Margasiński, Michał Pióro Institute of Telecommunications, Warsaw University of Technology {I.Margasinski, M.Pioro}@tele.pw.edu.pl Abstract an anonymous network composed of nodes called Mixes that forward anonymous messages. The strength The paper introduces a peer-to-peer system called of the solution consists in: (i) a specific operation of P2PRIV (peer-to-peer direct and anonymous nodes which “mixes” forwarded messages, and (ii) an distribution overlay). Basic novel features of P2PRIV asymmetric encryption of messages exchanged are: (i) a peer-to-peer parallel content exchange between them. The purpose of such mixing is to hide architecture, and (ii) separation of the anonymization the correlation between received and forwarded process from the transport function. These features messages. In general, received data units are padded to allow a considerable saving of service time while a constant size length, encrypted, delayed for a batch preserving high degree of anonymity. In the paper we aggregation and then sent (flushed) in a random order. evaluate anonymity measures of P2PRIV (using a Anonymous messages are sent usually via a chain of normalized entropy measurement model) as well as its Mixes to eliminate presence of a trusted party and also traffic measures (including service time and network to omit single point of failure imposed by a single Mix. dynamics), and compare anonymity and traffic In Mix-net, each message is encrypted recursively with performance of P2PRIV with a well known system public keys of Mixes from a forwarding path.
  • The Export of Cryptography in the 20 Century and the 21

    The Export of Cryptography in the 20 Century and the 21

    The Export of Cryptography th st in the 20 Century and the 21 ∗ Whitfield Diffie and Susan Landau Sun Microsystems, Inc Palo Alto CA April 19, 2005 August 2000 On the 14th of January 2000, the Bureau of Export Administration issued long-awaited revisions to the rules on exporting cryptographic hardware and software. The new regulations, which grew out of a protracted tug of war between the computer industry and the U.S. Government, are seen by indus- try as a victory. Their appearance, which was attended by both excitement and relief, marked a substantial change in export policy. This paper exam- ines the evolution of export control in the cryptographic area and considers its impact on the deployment of privacy-protecting technologies within the United States. Before the electronic age, all \real-time" interaction between people had to take place in person. Privacy in such interactions could be taken for granted. No more than reasonable care was required to assure yourself that only the people you were addressing | people who had to be right there with you | could hear you. Telecommunications have changed this. The people with whom you interact no longer have to be in your immediate vicinity; they can be on the other side of the world, making what was once impossible spontaneous and inexpensive. Telecommunication, on the other hand, makes protecting yourself from eavesdropping more difficult. Some other security mechanism is required to replace looking around to see that ∗To appear in the Handbook of the History of Information Security Elsevier B.V. 1 no one is close enough to overhear: that mechanism is cryptography, the only security mechanism that directly protects information passing out of the physical control of the sender and receiver.
  • Encryption Friction

    Encryption Friction

    ENCRYPTION FRICTION Christopher Babiarz INTRODUCTION The Supreme Court decision in Riley v. California reflects the fact that the Court is increasingly sensitive to the implications of new technologies in the lives of individuals and their subsequent impacts on reasonable expectations of privacy.1 This increased judicial awareness for the pervasive role that technology plays in our modern privacy suggests that in the future the Court would be more inclined to protect individual privacy rights and less inclined to force technology manufacturers to only provide broken encryption to users so that the government can enjoy unfettered access to protected data.2 Although encryption admittedly presents unique challenges to government interests in law enforcement and terrorism prevention, the proposed government solution undercuts and outweighs fundamental aspects of modern privacy.3 Given the Court’s demonstration of an increased awareness for modern privacy concerns, efforts by the government to undermine encryption should be dismissed by the Court in favor of individual privacy rights. Following an introduction to encryption generally, this paper begins with the rekindling of a privacy issue that Michael Froomkin wrote about in the mid-1990’s.4 The lack of a solidified judicial stance on this issue sets the stage for the modern encryption battle between the FBI and Apple, and the recent Supreme Court decision in Riley v. California illustrates a likelihood that the current Court is ready to finally take a position on this old debate.5 This paper argues that the Court should be 1 Riley v. California, 134 S. Ct. 2473 (2014). 2 Id. at 2484.