Government and Cryptography

Sandy KutinCSPP 5328/14/01

We, the people, ...

How, and why, does government get involved in cryptography?

Role of government: Establish justice Ensure domestic tranquility Provide for the common defense Promote the general welfare Secure the blessings of liberty to ourselves and

our posterity

in order to form...

Provide for the common defense National Security: Import/export restrictions

Ensure domestic tranquility Law enforcement: Key escrow

Secure the blessings of liberty Encryption does this through confidentiality Government restrictions can be restrictive

a more perfect union

Establish justice Contract law: what is a signature? Digital copyright laws, patent law

Balance rights of software/hardware companies, content providers with rights of consumers

Standard or approved algorithmsLegal standardsAlso affects national security: infrastructurePromote the general welfare

Dan Bernstein vs.the Department of Justice

In 1990, Dan Bernstein wrote a paper Showed how to use one-way hashes for

encryption; included source code

1992: tried to get permission to publish1995: with EFF, sued the governmentCase is still being appealedMay be made irrelevant by changes to the

export laws

Current Export Laws

January, 2000: U.S. eased restrictions: Can’t export cryptanalytic materials Strong products exportable with a license Exports not allowed to Cuba, Iran, Iraq, Libya, North

Korea, Syria, Sudan Posting on web sites could still be a problem

Europe is less restrictiveWassenaar agreement:

DES decontrolled, stronger systems controlled

Pros & Cons

Harder for terrorists to get sensitive material

NSA keeps its edgeNow, U.S. companies

can compete

Approval process complicated

“Bad guys will have crypto anyway”

Infringes on free speech, academics

Key Escrow

Technical issues: secret-sharing schemesClipper (voice), Capstone (data)

Algorithm is Skipjack, designed by NSA Each chip has a unit key, KU, held in escrow

Law Enforcement Access Field (LEAF):session key encrypted with KU

U encrypted with KF (fixed key)

16-bit checksum; invalid LEAFs disallowed

Proposal never really caught on

American Standards

Government standards: AES, SHA, HMAC Helps large companies choose secure

systems, defend national infrastructure Bank doesn’t care whether NSA can break in If you don’t trust government, don’t use them

What key length corresponds to “beyond reasonable doubt”? Expert witnesses, or government standards?

What’s your sign?

What is a signature?Electronic Signatures in Global and

National Commerce Act (E-Sign) Contract can’t be rejected because it’s digital Doesn’t apply to checks, wills, court filings, …

Problem: as we’ve said, there are lots of ways to attack a digital signature scheme

Courts will work this out, eventually

Divorce in Dubai

Divorce in traditional Islamic law: Husband makes declaration to wife Let’s avoid religious argument; assume we live

in a country in which this is the rule

Dubai (in United Arab Emirates): 16 recent divorces by cell phone text message

Singapore, last week: Islamic authorities declared such divorces illegal Issues of authentication

©: All Rights Reserved?

Can someone copyright encryption?Can you reverse-engineer your own hardware

or software?What if encryption, digital watermarks interfere

with fair use?Digital Millenium Copyright Act (DMCA)

1998: Work which could be used for copyright violation is an illegal “circumvention device”

We’ll look at a few cases

DVD encryption: theory

Decryption key stored on DVD Not directly accessible by player But: piracy easy (copy DVD, key included)

2-way authentication with player’s key Each player uses one of 408 keys If one player is compromised, phase it out of future

releases

How secure is it?What if I want a Linux player?

DVD encryption: practice

40-bit keysOne player was weak, key was broken

Weakness just made attack even faster

Scheme published; 216 attack foundCan break encryption in 20 secondsMPAA prosecuting people who write,

distribute tools to break encryptionLast week: Pavlovich (lost jurisdiction battle)

Felten vs. SDMI

1999: Secure Digital Music Initiative Record companies, RIAA, some techs Verance Corp. developed watermarking

9/00: SDMI announces hack challenge11/00: Fentel et al. (Princeton, Rice)Broke the encryption; decided to publishAccepted for April conference, then pulledSlated for tomorrow at USENIX

eBooks

eBooks: convenient, easy to use, but easy to copy; publishers nervous

Adobe provides a solution: locking Pro: can’t make illegal copies Con: fair use: extra copies, excerpts, resale

You can resell or upgrade computers, but you have to contact the publisher

What if the publisher no longer exists?

Adobe vs. Sklyarov

Elcomsoft (Russian) broke encryption Legal in Russia; right to make backup PhD student Dmitry Sklyarov wrote code Elcomsoft sold 7 copies in US

7/17: FBI arrested Sklyarov in Las VegasAdobe has since dropped suit, but Sklyarov

still charged with federal crimeSklyarov released on bail last week

Around the World

European Software Directive (1993) User has right to make back-up Reverse-engineering permitted if it is

“indispensable” for the purpose of achieving interoperability; may not be used to infringe copyright or conflict with the program owner’s “legitimate interests”

Canada working on a DMCA-like law

Recommended Reading

Discrete Logarithms, Diffie-Hellman Stallings, Section 6.4

Elliptic Curves Stallings, Section 6.5

Import/Export Laws http://www.rsa.com/rsalabs/faq/

DMCA cases http://www.eff.org/