Privacy and Security

1
Privacy and Security

• ECDL / Vocational Computing

2
Introduction

• discovery of Public Key Cryptography
• government and public response in the US
• government response in the UK
• the RIP Act and the criticisms made of it
• plans for further monitoring of internet activity
• problems for the future

3
Discovery of Public Key Cryptography

• before public key cryptography, all ciphers were
  secret key, symmetrical systems
• the cipher key had to be passed secretly
• encrypting and decrypting were similarly complex
  problems the more difficult to crack, the more
  difficult to encode
• eg Enigma cipher used by Germany in WW2
• Public Key Cryptography was a completely new
  paradigm
• first discovered by researchers at GCHQ 1970
• they invented a process for an encryption cipher
  which they termed non-secret encryption
• but it was kept hidden by the UK government until
  1997 -

4
Similar developments in the US

• 1976 - Diffie-Hellman key exchange
• described in a paper called New Directions in
  Cryptography
• solved the practical logistics side of
  implementing a public key system
• GCHQ breakthroughs discovered independently in
  1977 by researchers at MIT
• published in 1978 in a paper called "A method for
  obtaining Digital Signatures and Public Key
  Cryptosystems"
• became known as the RSA system (after its main
  investigators Rivest, Shamir and Adleman)
• solved the remaining problems by providing an
  asymmetric cipher
• easy to encrypt, but very difficult to decrypt
  without the key -

5
US government reacts

• US Government realised the implications of public
  key cryptography
• National Security Agency (NSA) responded with
  key escrow
• escrow refers to a legal arrangement where a
  trusted third party holds something of value
  pending a decision
• NSA would require cryptographic keys to be held
  in escrow until government agencies established
  their authority to listen
• effected with a hardware addition to
  communications -

6
The Clipper chip

• a secure communication chipset (designed to cost
  16) to be built into electronic devices
  (telephones, PCs, etc)
• would use Diffie-Hellman key exchange
• would use an 80-bit key with a symmetrical cipher
• subsequently the password would enable the agency
  to decrypt and view / listen to the information
  passing to and from the device
• US Government seemed to be suggesting that all
  encryption would eventually require key escrow
• 1991 Senate Bill 266 shall ensure that
  communications systems permit the government to
  obtain the plain text contents of voice, data,
  and other communications -

7
US citizens react

• there was a backlash from US citizens who feared
  for their privacy
• that it would open individuals to surveillance
  from the government
• that details about the encryption itself were
  secret, and therefore not subject to public
  scrutiny
• that it would in any case be futile, because
  strong encryption devices would be used by
  criminals anyway
• pressure groups sought to raise public awareness
  key surrender Electronic Frontier Foundation
• if encryption is outlawed, only outlaws will
  have encryption Phil Zimmerman -

8
Pretty Good Privacy

• Zimmerman wrote a simple to use public key system
  called Pretty Good Privacy (PGP) and published it
  on the Internet in 1991
• In his paper Why I wrote PGP he explains his
  reasoning
• In 1993 Zimmerman was subject to a criminal
  investigation by the US government
• encryption with a key length over 40 bits was
  classed as munitions
• when Zimmerman put PGP on the Internet he
  exported it exporting munitions carries very
  severe penalties -

9
The citizens fight back

• Zimmerman fought the case by publishing a
  printout of the program in a hardback book
• published by MIT Press
• anyone could buy the book for 60, scan the text
  and compile the program into machine code
• they would have exactly the same application as
  if they had downloaded it from Zimmermans
  internet server
• but the publishing of a book is protected in the
  US under the First Amendment! -

10
Protests gather pace

• other activists joined in, eg Adam Back,
  University of Exeter
• wrote a strong encryption program in just a few
  lines of code
• people included his program on the bottom of
  their emails
• each time an email was sent to someone outside
  the US, the sender had exported munitions
• novel applications of the principle appeared
• mugs, clocks, etc with strong encryption
  algorithms printed on them sent as gifts to
  friends in other countries
• printed t-shirts so that travellers boarding
  planes out of the US were also exporting
  munitions -

11
Backs RSA script

• !/bin/perl -sp0777iltXdlMLalN0dsXxlMlN/dsM
  0ltjdsj /unpack('H',_)_echo
  16dio\Uk"SK/SMn\EsN0plN1 lKd2Sa2/d0Ixp"d
  cs/\W//g_pack('H',/((..))/)

12
US government gives up

• by 1999 the US government had abandoned its
  efforts to enforce key escrow
• legal cases were dropped without charge
• export restrictions were removed on cryptography
  products to all destinations (except 7 named
  countries and a list of individuals) -

13
The UK Governments Approach

• The Regulation of Investigatory Powers Act 2000
• bill was introduced into the House of Commons 9
  February under Jack Straw as Home Secretary
• the Act was passed less than six months later on
  26 July
• provides powers and limitations to government
  agencies in monitoring communications, including
  the internet
• requires ISPs to install equipment that will
  allow monitoring and recording of a customers
  internet activity
• enables mass surveillance of communication
• allows employers to monitor email and internet
  use
• prevents the existence of warrants and
  information from being revealed in court
• enables the government to demand private keys to
  encrypted information (up to 2 years imprisonment
  if the key is not produced) -

14
Criticisms and reassurance

• civil liberties groups feared that the Act would
  go too far, but were reassured by the government
• that access to the information would only be
  available to 9 government agencies (eg MI5)
• that warrants to access the information would
  require the personal approval of the Home
  Secretary
• that a serious crime must be suspected, or that
  national security must be threatened
• that keys would be demanded only in special
  circumstances
• that the security services would have to prove
  that the accused is or has been in possession
  of the key
• that there would be a defence of forgetting or
  losing the key provided it was judged that the
  individual had done all they could to help the
  authorities retrieve the key -

15
Act becomes law, is soon extended

• Following the governments reassurances the Act
  was passed into law and received its Royal Assent
  28 July 2000
• 2003 David Blunkett as Home Secretary - announced
  an extension to those allowed to see information
  collected under RIPA which to include
• 474 local councils
• 318 other organisations including NHS trusts,
  Fire authorities, Royal Mail, Food Standards
  Agency, Schools Inspector, etc
• access granted with the permission of a senior
  official eg Chief Constable, Senior Executive,
  etc.
• Statutory Instrument 2003 No. 3172 on 5 December
  2003 -

16
Further extensions made

• The Regulation of Investigatory Powers
  (Communications Data) (Amendment) Order 2005 was
  made by Statutory Instrument 2005 No. 1083 on 4
  April 2005
• The Regulation of Investigatory Powers
  (Communications Data) (Additional Functions and
  Amendment) Order 2006 was made by Statutory
  Instrument 2006 No. 1878 on 12 July 2006.
• The Regulation of Investigatory Powers
  (Acquisition and Disclosure of Communications
  Data Code of Practice) Order 2007 was made by
  Statutory Instrument 2007 No. 2197 on 26 July
  2007 and the code of practice itself was
  published in October 2007 seven years after the
  Act came into force.

17
Reversing the Burden of Proof

• Some fear that part 3 of RIPA (disclosure of
  private keys), which was only recently
  activated has reversed the burden of proof
• prove that youve really forgotten your
  password, and are not just lying to us
• the Act provides a defence if you are judged to
  have forgotten or lost your password, you will
  not face penalties
• but in having to seek to be judged to have
  forgotten are you in effect being forced to
  prove that you are innocent?
• penalty for not providing password
• 2 years imprisonment
• increasing to 5 years imprisonment if the charge
  relates to national security -

18
Court rejects self-incrimination defence

• R v S A police raided S as he was typing in
  his password
• his equipment was seized and he was ordered to
  hand over the password
• he argued that to do so would require revealing
  information for which he would be prosecuted,
  thus incriminating himself and thereby infringe
  his Human Rights
• laws derived from English Common Law provide
  safeguards against self incrimination helps to
  prevent the use of forced confession, etc
• 15 October 2008 England and Wales Court of Appeal
  Criminal Division ruled that
• the key to the computer equipment is no
  different to the key to a locked drawer. the
  prosecution is in possession of the drawerThe
  lock cannot be broken or picked, and the drawer
  itself cannot be damaged without destroying the
  contents. -

19
Further programmes in development

• Interception Modernisation Programme
• currently in planning stage with GCHQ and MI6
  leading
• 2007
• 57 billion text messages
• 18 million internet connections
• 3 billion emails per day
• GCHQ ISPs will not bear cost of holding data
  unless compelled to
• government will make an initial 12 billion
  pounds available (5 billion last year for
  existing measures) -

20
Is the RIP Act being used fairly?

• Copeland Council took surveillance photographs of
  a residents wheelie bin
• the lid was raised a few centimetres ie
  overfilled
• ordered to pay 110 fine, court awarded
  additional 115
• a couple and their three children under
  surveillance for two weeks by Poole Borough
  Council
• suspected them of using false address for a
  school place application
• 2006 253,557 requests
• errors not reported
• 2007 519,260 requests
• 1,182 made in error
• 2008 504,073 requests
• 595 made in error - change in reporting includes
  only errors resulting in intrusion upon the
  privacy of an innocent third party

21
Has the governments problem finally been solved?

• public key cryptography allowed individuals to
  keep secrets from the government
• ...which gave criminals the power to hide
• a technological solution (key escrow) was
  probably unworkable and rejected on principle by
  US citizens
• UK government gave judiciary the power to demand
  password or clear-text, and to imprison those who
  refuse
• so we gave up much of our privacy, but now the
  criminals cannot hide from the law and we are
  safe? -

22
Steganography

• the science of hiding pieces of information
  inside other pieces of information
• a file will have large areas of 0s and 1s
  that can be compressed
• eg a sequence that repeats 100 times can be
  compressed to repeat the following one hundred
  times and hence take up fewer bits
• the resulting spare bits can be used to store
  the 0s and 1s of a piece of criminal
  information
• theres no way to tell that the hidden
  information is there
• take a photograph, hide your message in the image
  file using the appropriate public key, send it to
  your accomplice or upload it to a web page
• your accomplice uses his or her private key to
  extract the message no one else can detect the
  presence of a message, let alone read it!

23
Plausible Deniability

• Truecrypt was designed to help those who are in
  areas where human rights are poor (ie do not
  coincide with our definition of what human rights
  should be observed)
• eg Sayed Pervez Kambaksh, Afghanistan, sentenced
  to death for reading material about womens
  rights on the internet
• a Truecrypt encrypted file allows you to create
  multiple containers with different keys
• place innocent material in one container
• place criminal material in another
• surrender the key to the container containing
  innocent material
• deny the existence of any other containers
• its difficult to see how the RIPA will cope with
  this -

24
Sources

• http//cryptome.org/ukpk-alt.htm
• http//www.philzimmermann.com/EN/essays/WhyIWroteP
  GP.html
• http//www.opsi.gov.uk/acts/acts2000/ukpga_2000002
  3_en_1
• http//www.surveillancecommissioners.gov.uk/
• http//www.guardian.co.uk/world/2000/oct/24/qanda
• http//www.bailii.org/ew/cases/EWCA/Crim/2008/2177
  .html
• Ron Rivest, Adi Shamir and Len Adleman, "A method
  for obtaining Digital Signatures and Public Key
  Cryptosystems, Communications of the ACM, Feb.,
  1978
• http//www.cypherspace.org/adam/
• http//news.bbc.co.uk/1/hi/england/dorset/7343445.
  stm
• http//news.bbc.co.uk/1/hi/uk_politics/7230476.stm
  
• http//www.timesonline.co.uk/tol/news/uk/article48
  82622.ece
• http//www.independent.co.uk/news/world/asia/sente
  nced-to-death-afghan-who-dared-to-read-about-women
  s-rights-775972.html
• http//www.official-documents.gov.uk/document/hc06
  07/hc03/0315/0315.asp - commissioners report
  2006
• http//www.official-documents.gov.uk/document/hc07
  08/hc09/0947/0947.asp - commissioners report
  2007
• http//www.official-documents.gov.uk/document/hc08
  09/hc09/0901/0901.asp - commissioners report
  2008