Skip to content

Latest commit

 

History

History
48 lines (37 loc) · 3.5 KB

README.md

File metadata and controls

48 lines (37 loc) · 3.5 KB

Confronting Wicked Crypto

This repository contains the source for my master's thesis on addressing the wicked problem of cryptography and exceptional access in the midst of overlapping issues of security, safety, privacy, and trust.

The title is partially derived from Alan Z. Rozenshtein's paper on the subject titled Wicked Crypto.

Abstract

Public debate has resumed on the topic of exceptional access (EA), which refers to alternative means of decryption intended for law enforcement use. The resumption of this debate is not a renege on a resolute promise made at the end of the 1990s "crypto war"; rather, it represents a valid reassessment of optimal policy in light of changing circumstances. The imbalance between privacy, access, and security in the context of constantly changing society and technology is a wicked problem that has and will continue to evade a permanent solution. As policymakers consider next steps, it is necessary that the technical community remain engaged. Although any EA framework would increase risk, the magnitude of that increase varies greatly with the quality of the technical and regulatory approach. Furthermore, if one considers hard-line legislative action and malicious abuse of cryptosystems as part of the threat model, well-designed EA may reduce risk overall.

The root of the conflict lies in cryptography's dual role as an enabler of unprecedented privacy and a cornerstone of security. The emergence of strong encryption incited the first crypto war, and its proliferation is causing the second. In response to both polarized and conciliatory voices, this paper analyzes strategies for confronting wicked problems and proposes an iterative approach to the case of encryption and EA. Along the way, it illustrates the components of the debate in argument maps and demonstrate the security risks with data flow diagrams and threat analysis, focusing on one EA proposal in particular, Stefan Savage's "Lawful Device Access without Mass Surveillance Risk."

Key Influences

Repo Usage

To build the document, run make. The tools Zotero Translation Server and scholarref, combined with the helper scripts in scripts/, are quite handy for generating BibTeX citations.

License

This thesis is made available under the Creative Commons Public License, Attribution-ShareAlike 4.0 International. A copy of the full license is available in the LICENSE file.