Exceptional Access

From MgmtWiki
Revision as of 14:36, 18 April 2019 by Tom (talk | contribs) (Context)

Jump to: navigation, search

Full Title or Meme

Good Public Key Cryptography is dependent on the absolute protection of the Private Key Component of the public/private key pair. But it turns out in most cases that are is good reason to allow Exceptional Access to data protected by the key.

Context

  • Ever since strong cryptographic encryption technologies were created, shortly after computers become common, there have been governmental agencies that have worried that their lack of access to private data, under the existing rule of law, was a threat to the security of the Common Good that they are charged with protecting.
  • Nirvana
  • But Clipper failed in spectacular fashion as reported on the front page of the New Yok Times [1]
    When Dr. Blaze, a 32-year-old computer scientist at AT&T Bell Laboratories, discovered a basic flaw in the Government's cloak-and-dagger Clipper system recently, he was merely doing what he does best: pushing computer code until it breaks. But AT&T is poised to become a leading supplier of Clipper technology, which the Clinton Administration is promoting as a way to let law enforcement officials wiretap encoded telephone calls and computer transmissions in the digital age. And if Dr. Blaze's research undermines the Clipper, it could scuttle a multimillion dollar business.

Problems

  • After the spectacular failure of skip-jack, the industry has been able to keep most governments at bay in their attempt to gain access to user's secret information.
  • There are many reason why secret protections almost always need some sort of "brake the glass" mechanism to activate an alarum on solve a security problem.
  1. User health information is widely regarded as containing many secrets that users should be able to protect from release to anyone without their consent. However, if the user is laying comatose at the scene of some major trauma, such concerns take second place to protecting the user's life. The absence of user consent must not be a hindrance to the overriding interest in protection of life itself.
  2. Legitimate governmental secrets
  • As of early 2019 there was nearly universal belief that it was not possible to design a secret protection scheme with a "brake the glass" mechanism that would not be misused. “The answer is always, show me a proposal that doesn’t harm security,” says Dan Boneh, a celebrated cryptographer who teaches at Stanford. “How do we balance that against the legitimate need of security to unlock phones? I wish I could tell you.”[2]

Solutions

  • All governments make the case that they have the technology and security necessary to protect user's secrets. The fiasco with skip-jack blew the extreme version of that argument out of the water. Yet there are many cases where we have decided to give the government the discretion to decide when a "brake the glass" event has occurred and access needs to be granted. For example, FirstNet has been established as a response to the lack of communications among emergency responders at the 9-11 tragedy. The resultant network and coordination with local governments allows access to much of a user's medical history. Some Smart Phones have lock-screen access to a user identity, automobile registration information typically request the primary driver to be registered, and other mechanisms allow the first responders to deal with medical access and contact information to give the assistance required.

References

  1. John Markoff, At AT&T, No Joy on Clipper Flaw. (1994-06-03) New York Time p. 1 https://www.nytimes.com/1994/06/03/business/at-at-t-no-joy-on-clipper-flaw.html?searchResultPosition=1
  2. Steven Levy, Cracking the Crypto War. (2019-04-18) Wired https://www.wired.com/story/crypto-war-clear-encryption/