Wiretapping and Encryption Chapter 3 Early Forms of Wiretapping ? Party Lines ? Human Operators Wiretapping Today ? Federal and state law enforcement ? Businesses ? Private Detectives ? Political Candidates ? ...... Cellular Phones ? Can be tapped with over-the-counter devices Standard Phones ? Easily tapped if signal travels by microwave or satellite ? Government has secured phones Legal Mandates ? 1937 - Supreme Court rules that wiretapping is illegal ? 1968 - Congress explicitly allowed it by law enforcement agencies ? needs court order ? Electronic Communications Privacy Act include new technologies Cryptography - Making and breaking of secret codes ? Translation of the original message into a new incomprehensible one by a mathematical algorithm using a specific KEY ? Plaintext - a message or data ? Ciphertext - coded text ? Decryption - decoding back to plaintext Encryption Includes: ? Coding scheme or cryptographic algorithm ? Specific sequence of characters key used by the algorithm Examples ? Cereal box codes ? Substitute cipher ? Cryptoquip in newspaper Variations - Symmetric ? Use the same key to encrypt and decrypt (secret key) ? Requires a more secure system to send the key than the system itself Variation - Asymmetric ? Use a key (public key) to encrypt a message ? Another (private key) to decrypt it ? Requires both keys Who Uses Encryption? ? Banks ? Industry ? Professionals ? National ID cards ? Criminals ? ..... Industrial Espionage ? Knowledge of a company’s cost and price structure ? Market research ? Strategic plans ? Order and customer lists ? Insider information Professionals ? Cellular telephones and electronic mail ? unencrypted data on machines National ID Cards ? Strong encryption can be used to authenticate data - unforgeable ? Users would have to have a reader with the government’s public key to decrypt ? Fearful of key “leakage” ? Accessibility to law enforcement agencies Criminals ? Cryptography allows criminals to keep their identities a secret ? Provides security to law breakers ? Allows anonymity ? Don’t use systems that leave trails Reliability ? The longer the key has remained unbroken, the stronger it is likely to be ? The longer the key is in use, the more likely someone will be able to discover it ? larger amount of info will be compromised ? change key frequently Algorithms available ? DES - Data Encryption Standard ? Developed by IBM ? Adopted as a Federal Information Processing Standard ? Uses a 56 bit key ? Has been broken ? To extend life - extend key to 128 bits ? or triple DES RSA algorithm ? Used in public key cryptography ? Patented in US ? Based on multiplication of large prime numbers PGP - Pretty Good Privacy ? Based on RSA ? Used for protecting E-Mail IDEA - International Data Encryption Algorithm ? 1991 in Switzerland ? Uses 128 - bit key ? More mathematical theory than DES New Controversies ? 1991 - Senate Bill - Government wants to be able to intercept any message and be able to decode it as well - not passed ? FBI and wiretapping - Telephony bills ? FBI and Clipper Chip Benefits of Government Intervention ? Aid law enforcement in protecting us from criminals and terrorists Problems ? Threats to ? privacy ? global competitiveness ? civil liberties Communications Assistance for Law Enforcement Act 1994 ? to and from Requires that telecommunications equipment be designed so govt. can: ? intercept all wire and electronic communic. ? Intercept commun. from mobile users ? Obtain call-identifying info ? phone numbers ? Have info transmitted to a specific location ? Government will help foot the bill Arguments for... ? Protection from terrorists and criminals ? FBI wants no new privileges ? BUT ? Necessity has not been justified ? Expense and other problems outweigh the benefits ? There has never been a guarantee of interception of private messages before NEED? ? Wiretaps are less useful than informants, witnesses, etc. ? BUT ? 90% of terrorist cases used wiretaps ? Industry claims full compliance with FBI ? BUT ? Continued cooperation is not guaranteed COST? ? A lot more than government is giving ? Will save money in ? fines, forfeitures, prevented economic loss ? Used only in a subset of investigations ? Could use the money on other technologies Innovation and global competitiveness ? Stifle or delay new technologies ? economic costs ? prevent new technologies’ implementation ? Damage to US competitiveness in global markets due to reduced security and privacy Public Key Cryptography ? Public Keys ? Secret key for each pair of parties who wish to communicate privately ? key is passed between the parties in a method more secure than the method used for sending the messages HISTORY ? 1970 - Developed by Diffie & Hellman ? Two mathematically related keys ? to encrypt ? to decrypt ? Knowing the key to encrypt does not help decrypt ? Each person has their own key pair History ? The encrypting key can become public ? Public key - encrypt ? Private key - decrypt ? Senders can ID the recipients public key to encrypt yet only the recipient can decrypt it. ? No need to transfer secret keys PGP - Pretty Good Privacy ? Free ? Distributed on Internet ? Developed by Zimmerman for use with E-Mail Digital Signature ? Add a statement of acceptance to the electronic document ? encrypted with private key ? cyphertext is decrypted with public key ? providing any other key produced gibberish ? Others can decrypt and read but only the one with the right key is signed Protection from Dossier Society ? Digital cash made possible by public key encryption ? Secure financial transactions without a credit card or checking account number E-Cash ? No link between payer and recipient ? Convenience of credit card ? Anonymity of cash ? Use on Internet for ordinary shopping ? Can transfer credentials ? Can prevent duplicate cash files ? Back up at home incase card is lost or stolen E-Cash continued ? Not easy to form a consumer profile or dossier ? Prevent fraud and forgery ? Protect privacy from mailing lists ? More control over personal information History of Encryption ? Secret - NSA ? National Security Agency ? can do anything ? has powerful computers - break codes ? monitors all communications between US and other countries and within ? Designs codes and breaks codes Government Interception ? NSA censored research ? controlled researchers ? DES thought to have back door ? Export restrictions ? munitions ? can’t export secure systems Clipper Chip ? Why? ? need for strong encryption for business ? Desire for privacy of many Americans ? Provide a government back door ? What? ? Skipjack algorithm ? Telephones and computer ? field ID to tell government the key Key Escrow Scheme ? Key split into two parts ? both needed to decrypt ? key kept by two different parties ? held by escrow agents ? hardware to decrypt sold only to law enforcement agencies Arguments ? Needs to be secret ? to keep foreign government from using it ? so no one can use it without providing the key to the NSA ? BUT ? Computer experts can’t test it or evaluate security ? Is there a secret door?? ? How secure are the agents?? Arguments - government side ? Protect us from bad guys ? provide better encryption for everyone ? ensure needs of law enforcement and national security are met ? improve privacy Other Side ? Criminals can encrypt themselves before putting through NSA chips ? Global trade opportunities reduced ? Free market will develop better products than the government ? Security risks of government key escrow