Date Approved

12-2020

Graduate Degree Type

Thesis

Degree Name

Computer Information Systems (M.S.)

Degree Program

School of Computing and Information Systems

First Advisor

Andrew Kalafut

Second Advisor

John Walsh

Third Advisor

Hans Dulimarta

Fourth Advisor

Jonathan Engelsma

Academic Year

2019/2020

Abstract

Public debate has resumed on the topic of exceptional access (EA), which refers to alternative means of decryption intended for law enforcement use. The resumption of this debate is not a renege on a resolute promise made at the end of the 1990s “crypto war”; rather, it represents a valid reassessment of optimal policy in light of changing circumstances. The imbalance between privacy, access, and security in the context of constantly changing society and technology is a wicked problem that has and will continue to evade a permanent solution. As policymakers consider next steps, it is necessary that the technical community remain engaged. Although any EA framework would increase risk, the magnitude of that increase varies greatly with the quality of the technical and regulatory approach. Furthermore, if one considers hard-line legislative action and malicious abuse of cryptosystems as part of the threat model, well-designed EA may reduce risk overall.

The root of the conflict lies in cryptography’s dual role as an enabler of unprecedented privacy and a cornerstone of security. The emergence of strong encryption incited the first crypto war, and its proliferation is causing the second. In response to both polarized and conciliatory voices, this paper analyzes strategies for confronting wicked problems and proposes an iterative approach to the case of encryption and EA. Along the way, it illustrates the components of the debate in argument maps and demonstrate the security risks with data flow diagrams and threat analysis, focusing on one EA proposal in particular, Stefan Savage’s “Lawful Device Access without Mass Surveillance Risk.”

Download

Share

COinS