Security against compelled disclosure

Ian BrownHidden Footprints Ltd.

Ben LaurieA.L. Digital Ltd.

Opening Are users the weakest link in your

secure pipes and boxes? How could they be forced to

compromise your security? Threats and responses

Threats Discovery processes Signals intelligence Import and export searches Decryption and key warrants Criminal coercion

Discovery processes “It will be very hard to increase browser

market share on the merits of IE4 alone. It will be more important to leverage the OS asset to make people use IE instead of Navigator” – Christian Wildfeuer, Microsoft

Identification of pseudonyms

Signals intelligence

Everybody’s at it:

• Echelon

• Frenchelon

• Multinationals

“We steal [economic] secrets with espionage, with communications, with reconnaissance satellites” – James Woolsey

Import/export searches "All travellers entering the country should be prepared

to have their equipment scanned." – UK Customs and Excise

“Customs and Excise may be using disk imaging equipment such as DIBS and Flight Server which takes a complete copy of a hard-disk - not only the visible files but hidden material including previously deleted material.” – Peter Sommer, computer forensics expert, LSE

Including cached/swapped-out passwords, keys, document fragments, access logs…

Decryption and key warrants RIP notices require plaintext or keys to

be disclosed or 2 years in prison Breaking gagging clause: 5 years Served “for the purpose of securing the

effective exercise or proper performance by any public authority of any statutory power or statutory duty”

Going global with CoE cybercrime treaty

Criminal coercion

Who’s threatening / blackmailing / seducing your sysadmin and users and/or their friends and family?!

What damage could result?

Responses Enhanced communications security Truly secure storage Procedural mechanisms

Enhanced COMSEC Short lifetime/one-time keys

Use authenticated DH online Use then destroy many key pairs offline

Avoid traffic analysis with onion routing Lower standards for access to traffic data UK’s “National Data Warehouse”

Truly secure storage Users can be forced to unlock encrypted

partitions “So far as we are concerned, there is no difference

between an encrypted file and a locked suitcase" – UK Customs and Excise

Let them reveal only routine data – Steganographic Filesystems

Or keep it elsewhere – secure remote storage

Procedural mechanisms Site security-critical information in and

across safe jurisdictions Appoint designated revokers; use under

specified circumstances Maintain tight control over backups Limit information lifetime

CloseInformation piracy –

governmental, corporate or criminal – is a bad basis for building an information society

Governments should match their critical infrastructure protection rhetoric with real action