Abstract
The increasing deployment of end-to-end encrypted communications services has ignited a debate between technology firms and law enforcement agencies over the need for lawful access to encrypted communications. Unfortunately, existing solutions to this problem suffer from serious technical risks, such as the possibility of operator abuse and theft of escrow key material. In this work we investigate the problem of constructing law enforcement access systems that mitigate the possibility of unauthorized surveillance. We first define a set of desirable properties for an abuse-resistant law enforcement access system (ARLEAS), and motivate each of these properties. We then formalize these definitions in the Universal Composability (UC) framework, and present two main constructions that realize this definition. The first construction enables prospective access, allowing surveillance only if encryption occurs after a warrant has been issued and activated. The second, more powerful construction, allows retrospective access to communications that occurred prior to a warrant’s issuance. To illustrate the technical challenge of constructing the latter type of protocol, we conclude by investigating the minimal assumptions required to realize these systems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The Carnegie Institution report [33] concludes that “In the case of data in motion, for example, our group could identify no approach to increasing law enforcement access that seemed reasonably promising to adequately balance all of the various concerns”.
- 2.
This contrasts with the theft of e.g., digital certificates or signing keys, where abuse may produce artifacts such as fraudulent certificates [64] or malware artifacts that can be detected through Internet-wide surveillance.
- 3.
We later introduce a fourth parameterizing function, but omit it here for the clarity of exposition.
- 4.
Using the weaker witness encryption primitive may be possible if the ledger produces unique proofs of publication.
- 5.
For evidence of this consensus, see e.g., the 2018 National Academies of Sciences Report [62], which provides a framework for discussing such questions. See also a recent report by the Carnegie Endowment [33] which chooses to focus only on the problem of escrow for physical devices rather than data in motion, providing the following explanation: “it is much harder to identify a potential solution to the problems identified regarding data in motion in a way that achieves a good balance” (p. 10).
- 6.
Note that this ideal functionality only handles a single message transfer, but to achieve multiple messages, we rely on universal composition and use multiple instances of the functionality.
- 7.
As specified in the ideal functionality, during verification it will be checked that a warrant was properly requested and activated.
References
Abelson, H., et al.: Keys under doormats: mandating insecurity by requiring government access to all data and communications. J. Cybersecur. 1(1), 69–79 (2015)
Afshar, A., Mohassel, P., Pinkas, B., Riva, B.: Non-interactive secure computation based on cut-and-choose. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 387–404. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_22
Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, L.: Secure multiparty computations on bitcoin. In: 2014 IEEE Symposium on Security and Privacy, pp. 443–458. IEEE Computer Society Press, May 2014
Apple. Facetime. https://apps.apple.com/us/app/facetime/id1110145091
Apple. icloud security overview. https://support.apple.com/en-us/HT202303
Apple. imessage. https://support.apple.com/explore/messages
Backes, M., Camenisch, J., Sommer, D.: Anonymous yet accountable access control. In: Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society, WPES 2005, pp. 40–46. Association for Computing Machinery, New York (2005)
Badertscher, C., Gazi, P., Kiayias, A., Russell, A., Zikas, V.: Ouroboros genesis: composable proof-of-stake blockchains with dynamic availability. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) ACM CCS 2018, pp. 913–930. ACM Press (2018)
Badertscher, C., Maurer, U., Tschudi, D., Zikas, V.: Bitcoin as a transaction ledger: a composable treatment. In: Katz, J., Shacham, H. (eds.) CRYPTO, Part I. LNCS, vol. 10401, pp. 324–356. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_11
Barr, W.: Attorney general William P. Barr delivers keynote address at the international conference on cyber security, July 2019
Barr, W.: Attorney general William P. Barr delivers keynote address at the international conference on cyber security, July 2019. https://www.justice.gov/opa/speech/attorney-general-william-p-barr-delivers-keynote-address-international-conference-cyber
Bates, A.M., Butler, K.R.B., Sherr, M., Shields, C., Traynor, P., Wallach, D.S.: Accountable wiretapping -or- I know they can hear you now. In: NDSS 2012. The Internet Society, February 2012
Bellare, M., Rivest, R.L.: Translucent cryptography - an alternative to key escrow, and its implementation via fractional oblivious transfer. J. Cryptol. 12(2), 117–139 (1999)
Bellovin, S.M., Blaze, M., Boneh, D., Landau, S., Rivest, R.R.: Analysis of the CLEAR protocol per the National Academies’ framework. Technical report CUCS-003-18, Columbia University, May 2018
Bentov, I., Kumaresan, R.: How to use bitcoin to design fair protocols. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part II. LNCS, vol. 8617, pp. 421–439. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44381-1_24
Blaze, M.: Oblivious key escrow. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 335–343. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-61996-8_50
Boneh, D., Bonneau, J., Bünz, B., Fisch, B.: Verifiable delay functions. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part I. LNCS, vol. 10991, pp. 757–788. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96884-1_25
Boyle, E., Chung, K.-M., Pass, R.: On extractability obfuscation. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 52–73. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54242-8_3
Bryan-Low, C.: Vodafone, Ericsson get hung up in Greece’s phone-tap scandal. Wall Street J. (2006)
Camenisch, J., Drijvers, M., Gagliardoni, T., Lehmann, A., Neven, G.: The wonderful world of global random oracles. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018, Part I. LNCS, vol. 10820, pp. 280–312. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78381-9_11
Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd FOCS, pp. 136–145. IEEE Computer Society Press, October 2001
Canetti, R., Krawczyk, H., Nielsen, J.B.: Relaxing chosen-ciphertext security. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 565–582. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_33
Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable two-party and multi-party secure computation. In: 34th ACM STOC, pp. 494–503. ACM Press, May 2002
Choudhuri, A.R., Goyal, V., Jain, A.: Founding secure computation on blockchains. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part II. LNCS, vol. 11477, pp. 351–380. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17656-3_13
Choudhuri, A.R., Green, M., Jain, A., Kaptchuk, G., Miers, I.: Fairness in an unfair world: fair multiparty computation from public bulletin boards. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 2017, pp. 719–728. ACM Press, October/November 2017
Cramer, R., Shoup, V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–64. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-46035-7_4
Damgård, I., Nielsen, J.B., Orlandi, C.: Essentially optimal universally composable oblivious transfer. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 318–335. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00730-9_20
David, B., Gaži, P., Kiayias, A., Russell, A.: Ouroboros praos: an adaptively-secure, semi-synchronous proof-of-stake blockchain. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018, Part II. LNCS, vol. 10821, pp. 66–98. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8_3
De Santis, A., Di Crescenzo, G., Ostrovsky, R., Persiano, G., Sahai, A.: Robust non-interactive zero knowledge. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 566–598. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_33
Denning, D.E.: The US key escrow encryption technology. Comput. Commun. 17(7), 453–457 (1994)
Denning, D.E., Branstad, D.K.: A taxonomy for key escrow encryption systems. Commun. ACM 39(3), 34–40 (1996)
EncroChat. Encrochat network. http://encrochat.network/
Encryption Working Group: Moving the Encryption Policy Conversation Forward. Technical report, Carnegie Endowment for International Peace (2019)
Federal Bureau of Investigation. Going Dark. https://www.fbi.gov/services/operational-technology/going-dark
Feigenbaum, J., Weitzner, D.J.: On the incommensurability of laws and technical mechanisms: or, what cryptography can’t do. In: Matyáš, V., Švenda, P., Stajano, F., Christianson, B., Anderson, J. (eds.) Security Protocols 2018. LNCS, vol. 11286, pp. 266–279. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03251-7_31
Franceschi-Bicchierai, L.: FBI director: encryption will lead to a ‘very dark place’. Mashable, October 2014
Frankle, J., Park, S., Shaar, D., Goldwasser, S., Weitzner, D.J.: Practical accountability of secret processes. In: Enck, W., Felt, A.P. (eds.) USENIX Security 2018, pp. 657–674. USENIX Association, August 2018
Garg, S., Gentry, C., Halevi, S., Wichs, D.: On the implausibility of differing-inputs obfuscation and extractable witness encryption with auxiliary input. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 518–535. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44371-2_29
Garg, S., Ostrovsky, R., Visconti, I., Wadia, A.: Resettable statistical zero knowledge. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 494–511. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28914-9_28
Gazi, P., Kiayias, A., Zindros, D.: Proof-of-stake sidechains. In: 2019 IEEE Symposium on Security and Privacy, pp. 139–156. IEEE Computer Society Press, May 2019
Gentry, C., Lewko, A., Waters, B.: Witness encryption from instance independent assumptions. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 426–443. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44371-2_24
Goldwasser, S., Park, S.: Public accountability vs. secret laws: can they coexist? A cryptographic proposal. In: Proceedings of the 2017 on Workshop on Privacy in the Electronic Society, WPES 2017, pp. 99–110. Association for Computing Machinery, New York (2017)
Google. Encrypt your data - pixel phone help. https://support.google.com/pixelphone/answer/2844831?hl=en
Gorman, S.: NSA officers spy on love interests. Wall Street J. (2013)
Goyal, R., Goyal, V.: Overcoming cryptographic impossibility results using blockchains. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017, Part I. LNCS, vol. 10677, pp. 529–561. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70500-2_18
Graham, S.L.: Eliminating abusive and rampant neglect of interactive technologies act of 2020, March 2020
Horel, T., Park, S., Richelson, S., Vaikuntanathan, V.: How to subvert backdoored encryption: security against adversaries that decrypt all ciphertexts. In: Blum, A. (ed.) ITCS 2019, vol. 124, pp. 42:1–42:20. LIPIcs (2019)
Horvitz, O., Katz, J.: Universally-composable two-party computation in two rounds. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 111–129. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74143-5_7
Ishai, Y., Kushilevitz, E., Ostrovsky, R., Prabhakaran, M., Sahai, A.: Efficient non-interactive secure computation. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 406–425. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20465-4_23
Kamara, S.: Restructuring the NSA metadata program. In: Böhme, R., Brenner, M., Moore, T., Smith, M. (eds.) FC 2014. LNCS, vol. 8438, pp. 235–247. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44774-1_19
Kaptchuk, G., Green, M., Miers, I.: Giving state to the stateless: augmenting trustworthy computation with ledgers. In: NDSS 2019. The Internet Society, February 2019
Kiayias, A., Russell, A., David, B., Oliynykov, R.: Ouroboros: a provably secure proof-of-stake blockchain protocol. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part I. LNCS, vol. 10401, pp. 357–388. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_12
Kroll, J., Felten, E., Boneh, D.: Secure protocols for accountable warrant execution (2014)
Kroll, J.A., Zimmerman, J., Wu, D.J., Nikolaenko, V., Felten, E.W., Boneh, D.: Accountable cryptographic access control (2018)
Levy, I., Robinson, C.: Principles for a more informed exceptional access debate. Lawfare (2018)
Lichtblau, E., Goldstein, J.: Apple faces U.S. demand to unlock 9 more iPhones. The New York Times, February 2016
Liu, J., Ryan, M.D., Chen, L.: Balancing societal security and individual privacy: accountable escrow system. In: 2014 IEEE 27th Computer Security Foundations Symposium, pp. 427–440, July 2014
Liu, J., Jager, T., Kakvi, S.A., Warinschi, B.: How to build time-lock encryption. Des. Codes Crypt. 86(11), 2549–2586 (2018)
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)
Nakashima, E.: Chinese hackers who hacked Google gained access to sensitive data, U.S. officials say. The Washington Post, May 2013
National Academies of Sciences, Engineering, and Medicine. Exploring Encryption and Potential Mechanisms for Authorized Government Access to Plaintext, The National Academies Press (2016)
National Academies of Sciences, Engineering, and Medicine. Decrypting the Encryption Debate: A Framework for Decision Makers: The National Academies Press, Washington, DC (2018)
Nielsen, J.B., Orlandi, C.: LEGO for two-party secure computation. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 368–386. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00457-5_22
Nightingale, J.: Fraudulent *.google.com Certificate, August 2011
Panwar, G., Vishwanathan, R., Misra, S., Bos, A.: SAMPL: scalable auditability of monitoring processes using public ledgers. In: Cavallaro, L., Kinder, J., Wang, X., Katz, J. (eds.) ACM CCS 2019, pp. 2249–2266. ACM Press, November 2019
Poplin, C.M.: Burr-feinstein encryption legislation officially released. Lawfare, April 2016
Sahai, A.: Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. In: 40th FOCS, pp. 543–553. IEEE Computer Society Press, October 1999
Savage, S.: Lawful device access without mass surveillance risk: a technical design discussion. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, pp. 1761–1774. Association for Computing Machinery, New York (2018)
Scafuro, A.: Break-glass encryption. In: Lin, D., Sako, K. (eds.) PKC 2019, Part II. LNCS, vol. 11443, pp. 34–62. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17259-6_2
Segal, A., Ford, B., Feigenbaum, J.: Catching bandits and only bandits: Privacy-preserving intersection warrants for lawful surveillance. In: 4th USENIX Workshop on Free and Open Communications on the Internet (FOCI 14). USENIX Association, San Diego, CA, August 2014
Blackburn, Sen.M., Graham, Sen.L., Cotton, Sen.T.: Lawful access to 5 encrypted data act, June 2020
Servan-Schreiber, S., Wheeler, A.: Judge, jury & encryptioner: exceptional access with a fixed social cost (2019)
Signal. Signal secure messaging system
Sing, M.: Over two dozen encryption experts call on India to rethink changes to its intermediary liability rules. TechCrunch, February 2020
Tait, M.: An approach to James Comey’s technical challenge. Lawfare, April 2016
Tarabay, J.: Australian government passes contentious encryption law. The New York Times, December 2018
Watt, N., Mason, R., Traynor, I.: David Cameron pledges anti-terror law for internet after Paris attacks. The Guardian, January 2015
WhatsApp. WhatsApp Encryption Overview, December 2017
Wright, C., Varia, M.: Crypto crumple zones: enabling limited access without mass surveillance. In: 2018 IEEE European Symposium on Security and Privacy (EuroS P), pp. 288–306, April 2018
Acknowledgments
The first author funded in part from the National Science Foundation under awards CNS-1653110 and CNS-1801479, a Google Security & Privacy Award. The second author is supported by the National Science Foundation under Grant #2030859 to the Computing Research Association for the CIFellows Project. Additionally, this material is based upon work supported by DARPA under Agreements No. HR00112020021 and Agreements No. HR001120C0084. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Government or DARPA.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 International Association for Cryptologic Research
About this paper
Cite this paper
Green, M., Kaptchuk, G., Van Laer, G. (2021). Abuse Resistant Law Enforcement Access Systems. In: Canteaut, A., Standaert, FX. (eds) Advances in Cryptology – EUROCRYPT 2021. EUROCRYPT 2021. Lecture Notes in Computer Science(), vol 12698. Springer, Cham. https://doi.org/10.1007/978-3-030-77883-5_19
Download citation
DOI: https://doi.org/10.1007/978-3-030-77883-5_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-77882-8
Online ISBN: 978-3-030-77883-5
eBook Packages: Computer ScienceComputer Science (R0)