CyberWire Daily - Crypto crumple zones. [Research Saturday]
Episode Date: April 7, 2018In their recently published paper, "Crypto Crumple Zones: Enabling Limited Access Without Mass Surveillance," coauthors Charles Wright and Mayank Varia make their case for an alternative approach to t...he encryption debate, one based on economics as a limiting factor on government overreach and surveillance. Crypto Crumple Zones: Enabling Limited Access Without Mass Surveillance Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me.
I have to say, Delete.me is a game changer. Within days of signing up, they started removing my
personal information from hundreds of data brokers. I finally have peace of mind knowing
my data privacy is protected. Delete.me's team does all the work for you with detailed reports
so you know exactly what's been done. Take control of your data and keep your private life Thank you. JoinDeleteMe.com slash N2K and use promo code N2K at checkout.
The only way to get 20% off is to go to JoinDeleteMe.com slash N2K and enter code N2K at checkout.
That's JoinDeleteMe.com slash N2K, code N2K.
Hello, everyone, and welcome to the CyberWire's Research Saturday.
I'm Dave Bittner, and this is our weekly conversation with researchers and analysts tracking down threats and vulnerabilities and solving some of the hard problems of
protecting ourselves in a rapidly evolving cyberspace.
Thanks for joining us.
And now, a message from our sponsor, Zscaler, the leader in cloud security.
Enterprises have spent billions of dollars on firewalls and VPNs,
yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024.
These traditional security tools expand your attack surface with public-facing IPs
that are exploited by bad actors more easily than ever with AI tools. It's time to rethink your
security. Zscaler Zero Trust plus AI stops attackers by hiding your attack surface, making
apps and IPs invisible, eliminating lateral movement, connecting users only to specific apps,
not the entire network, continuously verifying every request based on identity and context.
Simplifying security management with AI-powered automation.
And detecting threats using AI to analyze over 500 billion daily transactions.
Hackers can't attack what they can't see.
Protect your organization with Zscaler Zero Trust and AI.
Learn more at zscaler.com slash security.
The problem is that there's this kind of essential tension between
governments who want access to data, specifically to communications data.
That's Charles Wright. He's an assistant professor at Portland State University. Governments who want access to data, specifically to communications data.
That's Charles Wright. He's an assistant professor at Portland State University, along with Mayank Varia, a research associate professor at Boston University.
They're co-authors of a new paper, Crypto Crumple Zones, enabling limited access without mass surveillance.
without mass surveillance.
Law enforcement, national security kind of purposes,
sort of the same way that they have lawful ability to, for example, get a wiretap on a traditional telephone line.
Now they're starting to realize that they would also like access
to encrypted internet calls.
And as encryption becomes much more commonplace
and more people realize that we need this in our everyday lives
to protect ourselves from cyber criminals and data theft and all these other threats,
the way we've built our systems kind of leads to this inherent conflict between
our tools that are built to give you confidentiality and privacy from everyone,
and then the governments are saying they have a legitimate need to get access to this kind of data.
And just the way that we've been constructing our system so far, it's really been either, you know, it's an all or nothing deal.
It's black or white.
There hasn't been a way to build a system that allows only, you know, legitimate, lawful, warranted access, but at the same time keeps everybody else out.
And so we'd like to get towards more of a middle ground,
and we think this paper is hopefully maybe a first step towards something like that.
So, Mayank, I think we've seen some high-profile cases
where law enforcement has said that they need to be able to decrypt things to do their jobs
and for national security and public safety and so forth,
and yet we've also reached this point where encryption
isn't really an exotic thing that's difficult to do. So it's become routine for all of us to
use encryption on a daily basis. Certainly it's a fundamental part of the internet and the things
we do there. And I think there's been this sort of like Charles said, there's been this all or
nothing that's ended up with people sort of taking one of two sides. And there's the law
enforcement side, and then there's the encryption side of this debate. Explain to me, how can we
reach a middle here? Is this not an all or nothing? It's a great question. So I think that,
you know, the way that cryptographers have traditionally defined the notion of encryption,
and it's something that I put on my
first day of class lecture slides, and most others do too, is encryption as a thing where there are
three possible participants in the world. There's the sender of a communication, there's a receiver
of a communication, and then there's an outsider who is trying to eavesdrop or somehow gain access
to this. And this is the full state
of the picture. There are the two legitimate parties conducting the transaction who encryption
is supposed to permit from a functionality point of view to actually be able to send and receive
messages reliably. And there's outsiders who are just universally supposed to be excluded from
access to the contents of this message. And essentially what we are thinking about in this paper is rather than just considering one
category of every possible outsider to sort of split our concern into maybe two categories of
outsiders, and there may even be more, but sort of the kinds of people who are cyber criminals or,
you know, so-called hacker types, people who,
you know, I think most people would agree that the goal of encryption is to keep such people
out of being able to access the contents of encrypted data. And also law enforcement
apparatuses of nation states who the answer to whether they should be able to read the contents
of encrypted messages is a lot less clear. I don't know whether the answer to whether they should be able to read the contents of encrypted messages is a lot less
clear. I don't know whether the answer is universally yes or universally no, but it might
at least be a different answer than the answer that we give when we think about cyber criminals
as the outsiders snooping on encrypted traffic. And so the question that we pose at the start of
this paper is, is there some sort of mechanism that we can use when
designing an encryption scheme to distinguish between the law enforcement outsider and the
cyber criminal outsider? The specific mechanism that we use in this paper to distinguish between
the two is economics, that the law enforcement organization may have
more resources available at its disposal than a cybercriminal and resources that they are
willing to use in order to promote some sort of benefit that is not some sort of profit-motivated
endpoint. Whereas cybercriminals are motivated by sort of a profit motive, a risk reward thing, that maybe there are
things that is in the public interest to read, but are not worth perhaps the resources on their own.
If we can make a sort of cryptographic puzzle that is solvable, but at a very high cost,
then a law enforcement entity could judiciously choose when to use this limited capability to recover the contents of a
few messages. And maybe we can design the system in such a way that it's possible for law enforcement
to do this while simultaneously not being of value for an other kind of outsider, like a
cyber criminal organization to do so. And so when we talk about costs, are we talking about dollars and cents? Are we talking
about time or a combination of the two? Essentially, in the way that the current
paper is written, which is not necessarily the way that it has to be, but just the way that we've
currently written it, when we describe costs, what we mean are computing efforts. So the money
required to build and operate the electricity consumption required to operate a computing rig. So it's not
like money in the sense of dollars flowing from one person to another, but in the sense of
resources, computational and energy resources expended in order to recover the contents of
the message. So Charles, take us through conceptually what we're talking about here. I think when many of us think about the ability to decrypt things, the popular notion that's been put out there is key escrow.
And this is something different from that.
Yeah, we talk a little bit in the paper about key escrow and some of the limitations of that approach.
There's been a lot of good work in our community analyzing and looking at some of the issues there.
There's a really great paper from Hal Abelson and a lot of the real rock stars of security and crypto research in the 90s and 00s.
One of the major issues with Kiescro is that we talked earlier about this all or nothing problem we had where there wasn't really a middle ground.
had where there wasn't really a middle ground. And key escrow falls victim to that, where really it's more on the all end of the spectrum, where if you have escrowed keys, the idea there was that
if you're going to encrypt a message, you need to give the authorities some way to open it back up.
And the approach there was, well, you take your encryption key and you also encrypt it
with a key that's published by the authorities or maybe by some trusted third party like your ISP or your device provider or something.
And so that only they could open it up.
And you encrypt that key and you send it along with your message.
So if anybody else sees it, they can't decrypt the key and they can't open up the message. But if the authorized third party, your ISP in this case,
or your device provider, or the law enforcement, the FBI themselves,
they can go and first decrypt your key for the message
and then use that to unlock the message.
And there's really nothing to stop them from just going
and applying that on every single message that they get.
And so it requires a lot of trust that it won't be abused
or misused, that the authorized users won't get overzealous or won't be corrupt, and also that
they will be very careful and competent to keep this capability, whatever allows them to unlock
all those keys, that they will keep that secret and that they won't lose it and let some third
party go and grab it. And now that third party can go and open up everything and everybody as well.
Right. You end up with this sort of who watches the watchman kind of situation.
Exactly.
Potentially. So your approach is using what you describe as moderately hard puzzles. And you talk
about crumpling puzzles and abrasion puzzles. Describe to us what's going on here and how it
works.
The crumpling puzzle is maybe the easier one to get started with.
So there, the idea is that normally when we design an encryption scheme,
a cryptographic key is just a long string of bits.
And it's randomly chosen from such a huge space of possibilities
that it's almost impossible to guess what it would be.
And it's virtually impossible to try all combinations to find the right one.
So normally we're talking something like 2 to the 128, 2 to the 256.
These are enormous numbers.
So for comparison, a million is only about 2 to the 20.
And so our approach is, well, maybe what if we shrunk down that space
and we made it not 2 to the 128 possibilities,
what if we made it something smaller
that is within the realm of somebody big and powerful
to pay for all the electricity to do the brute force search?
And so we ran some numbers,
created our scheme so that the keys are derived
using the original key that the application,
like Skype or WhatsApp or Signal Private Messenger
or whatever the encrypted communication app is.
Normally, right now, these are generating these long, random 128, 256-bit keys.
So we use that as our initial secret to pick one of a much smaller number of keys.
So, for example, maybe 2 to the 60 or 2 to the 70.
And we do that in such a way so that the brute force search of
trying all the possibilities looks a whole lot like the function that's used for Bitcoin mining
right now. And so then we imagine that a law enforcement agency like the FBI or MI5 or whoever
it would be could then go and build hardware that looks a whole lot like a Bitcoin miner that they
can get off the shelf and that they can do this search through,
you know, say two to the 60 or two to the 70 possibilities in about the same time that a Bitcoin miner takes to about the same time and about the same amount of electricity,
most importantly, that a current Bitcoin miner takes. And so based on those numbers, we looked
at, you know, kind of what's the best, most efficient Bitcoin miner you can go and buy right
now. And it looks like a key space of about $2 to the $60.
You can search, and I think if you're buying your electricity in the cheapest region of the U.S.,
it looks like about $1,000 to try all those possibilities.
And if you crank that up to $2 to the $70, so that's multiplying by $2 to the $10,
which is about $1,000, it's no surprise that now you're spending about $1 million in electricity.
two to the 10, which is about a thousand. It's no surprise that now you're spending about a million dollars in electricity. And so the notion is that that expense is what's going to be the
bottleneck, if you will, for folks to be able to decrypt things.
That's one of them. That's the main bottleneck, for example, that would limit abuse or misuse
of the system by an authorized party like the FBI or MI5 or whoever
it is. We also have this bigger puzzle, this big gatekeeper puzzle where you have to solve some
really, really difficult puzzle that we call the abrasion problem. And this uses some public key
cryptography. We won't go into all the details now. We leveraged a recent attack on some public
key crypto. And we think, based on some numbers that we've read
in the literature and some kind of back of the napkin math that we did, we think we can make
that one cost anywhere between about $150 million up to maybe $2 billion. And the idea is then that
someone like the FBI, who is in charge of national security and criminal investigations,
would spend that money up front to pre-compute
a bunch of stuff that they can then use to solve simpler problems that we bake into the key
generation algorithm. And we make that a necessary component for them to derive some secret information
for each of those little keys that we're going to use on each message to then go and do the
brute force search to get the crumpled key. So in other words, the cost of entry to even have access to the simpler puzzles is a big puzzle.
And so that way you're making sure that really only, for example, nation states would even have access to the simpler puzzles.
That's the idea. Yeah.
So without the abrasion puzzle, if we make each message cost, say, $1,000 to recover, then if there's some message out there that I think is worth $10,000, I'm going to spend the $1,000 and I'm going to profit by $9,000.
On the other hand, if we have the abrasion puzzle there, then the total cost to get that one message would be, say, $2,001,000.
And now that $10,000 message is not worth it anymore.
Mayank, you all have a list of requirements that you think would be necessary to make
this a feasible and it's something that key escrow falls short on.
Can you take us through what these requirements are?
So first of all, as Charles was saying earlier, there are some issues with key escrow in terms
of the fact that, you know, because encryption so far has been this
all or nothing thing, and with key escrow, it's effectively giving the government apparatus a
skeleton key, which gives it access to everything, that does not on its own prevent, at least
technologically, any kind of massive bulk surveillance. that the same key that is allowed, the same escrow key
that the government can use to open targeted messages can also open arbitrarily many messages.
And the only limitation on that would be any kind of apparatus that exists within the government
to restrict its use and to prevent fraud and abuse kinds of practices. Whereas in our system,
one of the requirements is for the system technologically to prevent sort of bulk
mass scale surveillance. And it does so with the fact that the crumpling puzzle,
it poses a marginal cost on every single message transacted. The other requirements we have that
also key escrow does not meet on its own is that we want to keep the system as simple as possible for both users to use and developers to implement.
And in particular, that neither one of them ever need to have any direct lines of communication with the government law enforcement apparatus at all.
So no sending of escrowed key material or anything else for that matter.
all. So no sending of escrowed key material or anything else for that matter. Maintain the kind of user workflow that exists today. Minimize the amount of new lines of code that are needed to be
built in order to implement our puzzling techniques. And the final requirement that we have
is to maintain all of the cryptographic best practices we have developed over the course of
the last few decades in terms of being able to design
schemes that provide simultaneously both confidentiality and integrity, a system
called authenticated encryption, which is very much in use now, and to be compatible with other
kinds of techniques that we use to protect key material, such as hardware-based systems like
hardware security modules or any other kind of mechanism to protect key material, such as hardware-based systems like hardware security modules or
any other kind of mechanism to protect key material locally, and to be compatible with
notions like perfect forward secrecy in order to limit the possible damage to one's privacy
that can happen if your computer is ever compromised and falls into the wrong hands.
So we sort of want to limit the ability technologically
for mass scale abuse, limit the increase in system complexity required to implement the system
and to maintain the system, and finally to maintain cryptographic best practices.
With that having been said, if we step back for a moment and we think about what Key Escrow was
trying to accomplish, at a very high level, it was trying to accomplish the same exact goal that I said our system was trying to accomplish.
In the sense of when we think about the intended recipients of an encrypted communication and then all of the various forms of outsiders, it was trying to find a way to distinguish between the government law enforcement outsider and the cyber criminal outsiders. It was trying
to find a different way to distinguish between them, right, by possession of this sort of
skeleton key like material. Whereas we have a different mechanism, which is to distinguish
them via economics. And I put them under the same framework here to make two points. One
is that the two ideas can be used together, in which case one would get the
strengths of both put together. And the second reason I mentioned this is to say these are just
two different ways to distinguish between law enforcement outsiders and every other type of
outsider like a cyber criminal. And maybe there are many different other ways, many other dimensions
in which one can distinguish between these two types of entities,
even beyond, you know, our paper or Chiesco for that matter. Maybe they could be lumped together
as well. And the more ways one has to distinguish, then the stronger such a system might become.
So how do you account for things like Moore's Law and, you know, coming quantum computers where
presumably the cost of
computation is going to go down? Very good question. We discuss in the paper that Moore's
Law is definitely something that is a concern to the approach that we propose here in terms of the
economics. One way that we propose to deal with the concern of Moore's law is to have these abrasion puzzles and these crumpling puzzles themselves have the strength of them be tunable over time.
So that they should, the way that one should implement such a system if used in practice would be always continuously to be increasing the size of these parameters to keep up with Moore's law.
That's comment number one.
Number two is to think about the scale of these parameters proactively based on Moore's law. That's comment number one. Number two is to think about the scale of these
parameters proactively based on Moore's law. What I mean by that is if you think it would be an
effective deterrent if it costs a thousand dollars for a cyber criminal to break, then if that's an
effective deterrent, and if you want to withstand this kind of attack for a period of 10 years or so,
you should design the parameters of
the puzzle so that even 10 years from now with the advances in Moore's law, that it will still
be an effective deterrent even to the future. And the third thing I would say in terms of
combating Moore's law is coming back to my previous point about combining this economics-based
distinguisher together with other forms of distinguishing, which are not necessarily economics based. And this reduces the influencer or the dependency of the system upon Moore's law.
So sort of, you know, a defense in depth approach to combine many different kinds of distinguishers
together could be one way to handle the concern of Moore's law. The question about quantum computers
is somewhat similar, except it doesn't have so much of the regular
inflation rate, so to speak, that Moore's Law has. It seems to be something that might be more of a
big cliff that once quantum computers exist, then that enables a variety of new tasks that
were not possible before. And with regards to quantum computers, I think the one thing that
the cryptography community and many other communities within computer science have already been thinking about are what are the kinds of problems that continue to remain difficult even in the presence of quantum computers.
And using those kinds of systems as the basis for crumpling or abrasion puzzles could be a way of making sure that the system withstands even quantum computers. It is true that quantum computers make many problems easier,
but it is also the case that there are many problems that quantum computers either don't make much easier at all,
or we know fairly well how much easier they make the problems.
And so we can account for that in the analysis.
Charles, are there any areas where you've sensed that perhaps this approach
isn't the best approach, or maybe it comes up short? Have you found any areas like that?
Well, sure. The system was designed to be used more or less in representative liberal democracies,
where the government and the law enforcement work for the people. And so you can imagine,
if we deployed something like this in, say, North Korea,
there's really nothing to stop a guy like Kim from going and spending all the resources he wants to track down people that are criticizing him and let thieves and murderers and whatever run free.
That is not at all how we were hoping the system might be used.
And so the benefits of having encryption in that case are mostly nullified
and get all the drawbacks of earlier approaches like Kiesgro.
And so I think that's the major case where I think our ideas really wouldn't help much.
I guess it's debatable about other countries.
Maybe it depends on your opinion of the various governments,
whether you think it would be an acceptable risk
to give them this kind of capability or not.
I'm sure there's many, many different opinions out there.
There may also be a great difference of opinion
on how high the price should be for any particular government.
I think that's a question for society more than for us.
We're just hoping to maybe find some mechanism that will get us to a middle ground that we can have this public debate.
We're just saying, hey, it would be cool if we had a dial at all.
And then once we have it, then we can all debate about how high up we should – should we dial it up or dial it down?
And hopefully there can be some – more of a middle ground, maybe not quite consensus, but a little more agreement than just a black and
white issue that tends to divide people and get us riled up against each other. The other case
where we really don't provide much help is for a really, really high value target. And so as
Mayank was saying a minute ago, we provide some provable security for messages that are worth less
than the total cost to recover them. And we don't give any guarantees at all
for a message whose value is more than that.
And so you have a guy like Snowden,
you can imagine that a government
would want to spend the resources to track him down.
You know, maybe also candidates for high level office
might also fall into this,
and it may not be safe for them to use something like this.
There's probably some other good examples.
Maybe the CEO of Apple or Google, maybe their messages are worth enough money
to motivate somebody spending these kind of resources to go and get them.
And I think that's more of an interesting area for future work.
I guess my hope right now is that we're providing some technologies
that encryption providers can use when they are legally required
to provide some sort of mechanism to give the authorities access. I think if it comes to a
point where there are new laws and regulations being put in place, there's a lot of risk in that.
And there's a lot of risk to having a situation where the technology continues to move fast
and the regulations don't keep up. It's not clear how that might turn out,
but there's a lot of risk, I think. One of the things that comes to mind with me is the
granularity of the data. In other words, you know, if, for example, if someone got a search warrant
to search my house, you know, someone convinced a judge that, you know, I had done something bad
and they could come basically search through my house to find what they might find.
Well, that warrant covers the whole house.
And I could see people saying, well, you know, we have to spend $10,000 per text message, for example.
But we don't know which text message is the one that says, you know, I'm the murderer.
So did you get where I'm going with this?
says, you know, I'm the murderer. So did you get where I'm going with this? Wouldn't it be nice to be able to spend X amount of dollars and know that I'm going to be able to unlock the whole phone?
I very much like the analogy you raised to the question of sort of a warrant on your house,
because I think that is very similar to the inspiration that we have in this paper,
which is to say that the warrant for your house
is not something that is impossible
for government to obtain.
It's also something that the U.S. judicial system
renders effectively impossible to abuse to a mass scale,
that they cannot just simply request a warrant
for everybody's house
when they have a high-value investigation
and just go on a fishing expedition. So it
basically and the, you know, executing a warrant on the house, even if they did,
even if law enforcement somehow magically got a warrant to everybody's house, they wouldn't even
be able to execute that. Right. Because actually going through and searching your house costs
money. It costs time. Right? And they have limited resources and that
forces them to be focused in terms of what kinds of things are of most value in terms of for the
amount of time that they have at their disposal, what is the most social good they can do for that?
And what are the kinds of cases and what are the kinds of people that are worth pursuing in order to be most worth the time
to do so. And what our work is trying to do is to say maybe we can try to emulate that kind of
thought process in the digital domain. So rather than making the marginal cost for law enforcement
to recover information zero, and rather than making the marginal cost effectively infinite,
can we make the marginal cost somewhere in the middle that it is possible but onerous to recover information in such a way that it forces law enforcement to be judicious about its use of its limited funds to recover the messages of highest value?
But while still actually permitting them to do that in order to deal with high-value investigations,
to close the cases on the high-value investigations.
And to your question about sort of whether the cost needs to be per message,
the answer is no.
So far, we've described it for simplicity as just sort of these two levels of puzzles,
this one level of an abrasion puzzle and this one level of a crumpling puzzle.
But in the paper, we discussed that, you know, that may not be the, like, we need not limit this just to two levels of alternation.
We do it in most of the paper for simplicity, just of exposition. But one can consider many
more levels of marginal costs per blah for different types of, you know, fill in the blank,
right? So you can have, you know, one cost per geographic region so that you have to do an
abrasion puzzle to even unlock the ability to recover messages in a particular geographic
region. And that can be expensive enough that there's a limited ability to spend the money
in recovering messages in regions other than your own. There can be a cost per particular software
product that you want to be able to, as a law enforcement
organization, acquire the ability to read contents of. There can be a cost per user that law
enforcement targets. There can be a cost per pair of users or per communication session that is
targeted. And finally, a marginal cost per message. And maybe to the point that you raised in your
question about making sure that
maybe law enforcement should have the ability to read a full contents of a person's phone,
if that is, again, as Charles said, if that is sort of the way that society decides to go about
enforcing this, then you could make a high cost, a high marginal cost per user targeted or per
phone targeted, but a low marginal cost per message or file targeted
within that device. So that you can tune these costs as you see fit in order to appropriately
handle the trade-off between giving law enforcement limited access to the contents they need in order
to pursue investigations, while simultaneously not giving overreach into more contents than necessary in order to fulfill their obligations.
One other thing to add to that, this ties into what we were talking about Moore's Law.
Normally we talk about, oh yeah, Moore's Law makes computation cheaper over time.
And so in a way, we usually look at that as kind of a limitation or a weakness of our scheme.
If you look at it from a slightly different perspective,
and you think you mentioned, you know, maybe a high value investigation, like a, like a murder
case, well, there's no statute of limitations on murder. And so if I have all these text messages
and I, you know, I'm pretty sure within one of these 20 or 30 or a hundred, uh, there's going
to be an incriminating message. That's going to make my case that yes, this guy did it.
And we're going to be able to get him. you know if moore's law makes computation 50 cheaper
every 18 months right i can wait say three years and now the cost is only 25 of what it was
originally and that you know that may be enough to to go back and and solve some cold cases
for a cost that is bearable for an important thing like a murder investigation. Whereas if we
could prevent another 9-11, we would have spent the millions or however much it was in the beginning.
But to maybe for a shoplifting case or, you know, petty vandalism or something,
it probably won't ever be worth it. So where do we go from here? You all have put this out
into the world. People are going to absorb it. What would you like to see come from this?
Personally, I think that there are two things a society on this question of, is it technologically possible to achieve some sort of appropriate tradeoff between law enforcement access to contents and the right to privacy?
I don't think this is the interesting question.
And by the way, I'm not saying it's not interesting or that it is solved in any way by this paper.
I think this paper is a beginning to this exploration of
how one can sort of balance these two, but not the end of that. But it's just the beginning.
But nevertheless, I don't think the question of is it technologically possible is the interesting
question here to discuss. I mean, it's not the most interesting question for society.
What's the interesting question, I think, is, you know, what is the appropriate role we want as a society for law enforcement to have? And it may very well be the
case that we decide as a society that even if some sort of trade-off in encryption is technologically
possible, that we simply don't want it as a society. That's a perfectly valid answer that,
you know, maybe the right to privacy, its importance as both for individuals and as a society. That's a perfectly valid answer that, you know, maybe the right to privacy,
its importance as both for individuals and as a social function, the right to privacy enables us to be better as a society. That may be so worth it that it is worth the cost of maybe not closing
some of those cases that Charles was describing earlier. And if that is the decision that is made
by society, then so be it. And then, you know, our paper goes on a shelf never to be used, and that's fine. And I think that that's a totally reasonable answer to this question. And I think this is the more interesting question of debate that we want for law enforcement to have in the
digital world? And what is the kind of encryption that we want in order to reinforce whatever that
role is? One of the things we talk about, well, we're going to be presenting this in April in
London. And so hopefully, as the rest of the scientific community kind of gets its teeth into
this, other people can hopefully come up with some ideas of ways to make it better, to maybe reduce some of these limitations that we talked about
earlier. You know, for example, maybe providing better protection to high value targets or coming
up with other kinds of puzzles or other kinds of distinguishers between what we're kind of calling
a legitimate outsider versus an illegitimate cyber criminal type of outsider. And I guess at the same time,
I like the idea that now we,
as the security and privacy community,
we have a fallback position.
In case something really bad happens in the past,
we potentially could have been looking at a total ban on encryption
or some virtually unlimited kind of backdoor
coming down either through legislation or through courts.
I think right now there's court cases where people have been held in contempt of court for refusing
to disclose a password to decrypt a device, for example. That seems not a great thing for a
democracy. And so at least now we have some sort of a fallback mechanism. If we can't have
high-strength encryption available everywhere,
well, maybe we have something that still provides a lot of protection.
And so in the past where companies like BlackBerry was nearly forced out of India in, I think, 2010,
and then more recently WhatsApp was temporarily banned a couple of times in Brazil,
I think in both of those cases, the ability of people in those countries
to use those services with encryption on has been restored. But in the future, we may not always win.
And so this gives us a fallback so that rather than people in countries like that losing all
ability to have encrypted communications, maybe now we have something that the next
BlackBerry or the next WhatsApp could use to get a better balance that might be acceptable. Our thanks to Charles Wright and Mayank Varia for joining us. The title
of their paper is Crypto Crumple Zones, Enabling Limited Access Without Mass Surveillance.
We've included a link to the paper in the show notes for this episode.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity. That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company safe
and compliant. The Cyber Wire Research Saturday is proudly produced in Maryland out of the startup
studios of DataTribe, where they're co-building the next generation of cybersecurity teams and
technologies. Our amazing Cyber Wire team is Elliot Peltzman,
Puru Prakash, Stefan Vaziri, Kelsey Bond,
Tim Nodar, Joe Kerrigan, Carol Terrio,
Ben Yellen, Nick Valecki, Gina Johnson, Bennett Moe,
Chris Russell, John Petrick, Jennifer Iben, Rick Howard,
Peter Kilpie, and I'm Dave Bittner.
Thanks for listening.