A Cryptographic Airbag for Metadata: Protecting Business Records Against Unlimited Search and Seizure

Governments around the world require that electronic service providers, including telecoms, ISP’s, and even online services like Twitter and Facebook, must provide law enforcement agencies (LEA’s) with broad access to so-called “business records” including communications metadata. Metadata is data about data; it does not include the contents of the users’ communications, but it does typically show who each user communicated with, and at what times, and for how long. Metadata is actually surprisingly powerful, especially in a time when more and more messages are being encrypted from “endto-end.” In this paper, we present a new approach for protecting communications metadata and other business records against unwarranted, bulk seizure. Our approach is designed from the start to be robust against this new class of political and legal attack. To achieve this, we borrow the recent notion of cryptographic crumple zones [31], i.e. encryption that can be broken, but only at a substantial monetary cost. We propose that a service provider who wishes to protect their users’ privacy should encrypt each business record with its own unique, crumpled, symmetric key. Then, a law enforcement agency who compels disclosure of the records learns only ciphertext until they expend the necessary resources to recover keys for the records of interest. We show how this approach can be easily applied to protect metadata in the form of network flow records. We describe how a service provider might select the work factor of the crumpling algorithm to allow legitimate investigations while preventing the use of metadata for mass surveillance.

[1]  Eu-Jin Goh,et al.  Secure Indexes , 2003, IACR Cryptol. ePrint Arch..

[2]  Nickolai Zeldovich,et al.  Stadium: A Distributed Metadata-Private Messaging System , 2017, IACR Cryptol. ePrint Arch..

[3]  George Danezis,et al.  The Loopix Anonymity System , 2017, USENIX Security Symposium.

[4]  Dorothy E. Denning,et al.  A taxonomy for key escrow encryption systems , 1996, CACM.

[5]  Benoit Claise,et al.  Cisco Systems NetFlow Services Export Version 9 , 2004, RFC.

[6]  Patrick Fay,et al.  Breakthrough AES Performance with Intel ® AES New Instructions , 2010 .

[7]  Vincent D. Blondel,et al.  A survey of results on mobile phone datasets analysis , 2015, EPJ Data Science.

[8]  Charles V. Wright,et al.  Crypto Crumple Zones: Enabling Limited Access without Mass Surveillance , 2018, 2018 IEEE European Symposium on Security and Privacy (EuroS&P).

[9]  Margo I. Seltzer,et al.  Berkeley DB , 1999, USENIX Annual Technical Conference, FREENIX Track.

[10]  Nickolai Zeldovich,et al.  Vuvuzela: scalable private messaging resistant to traffic analysis , 2015, SOSP.

[11]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[12]  Robert K. Cunningham,et al.  SoK: Cryptographically Protected Database Search , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[13]  Ray Horak,et al.  Telecommunications and Data Communications Handbook , 2007 .

[14]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[15]  Ramzi A. Haraty,et al.  I2P Data Communication System , 2011, ICON 2011.

[16]  John C. Klensin,et al.  Simple Mail Transfer Protocol , 2001, RFC.

[17]  Matt Blaze,et al.  Protocol failure in the escrowed encryption standard , 1994, CCS '94.

[18]  Peter G. Neumann,et al.  The risks of key recovery, key escrow, and trusted third-party encryption , 1997, World Wide Web J..