This repository contains the source for my master's thesis on addressing the wicked problem of cryptography and exceptional access in the midst of overlapping issues of security, safety, privacy, and trust.
The title is partially derived from Alan Z. Rozenshtein's paper on the subject titled Wicked Crypto.
Public debate has resumed on the topic of exceptional access (EA), which refers to alternative means of decryption intended for law enforcement use. The resumption of this debate is not a renege on a resolute promise made at the end of the 1990s "crypto war"; rather, it represents a valid reassessment of optimal policy in light of changing circumstances. The imbalance between privacy, access, and security in the context of constantly changing society and technology is a wicked problem that has and will continue to evade a permanent solution. As policymakers consider next steps, it is necessary that the technical community remain engaged. Although any EA framework would increase risk, the magnitude of that increase varies greatly with the quality of the technical and regulatory approach. Furthermore, if one considers hard-line legislative action and malicious abuse of cryptosystems as part of the threat model, well-designed EA may reduce risk overall.
The root of the conflict lies in cryptography's dual role as an enabler of unprecedented privacy and a cornerstone of security. The emergence of strong encryption incited the first crypto war, and its proliferation is causing the second. In response to both polarized and conciliatory voices, this paper analyzes strategies for confronting wicked problems and proposes an iterative approach to the case of encryption and EA. Along the way, it illustrates the components of the debate in argument maps and demonstrate the security risks with data flow diagrams and threat analysis, focusing on one EA proposal in particular, Stefan Savage's "Lawful Device Access without Mass Surveillance Risk."
- Dilemmas in a General Theory of Planning
- Wicked Crypto
- On the Incommensurability of Laws and Technical Mechanisms: Or, What Cryptography Can’t Do
- Keys Under Doormats: Mandating Insecurity by Requiring Government Access to All Data and Communications
- "Moving the Encryption Policy Conversation Forward"
- Lawful Device Access without Mass Surveillance Risk
- "A Roadmap for Exceptional Access Research"
To build the document, run make. The tools Zotero Translation Server
and scholarref, combined with the helper scripts in scripts/, are quite handy
for generating BibTeX citations.
This thesis is made available under the Creative Commons Public License, Attribution-ShareAlike 4.0 International. A copy of the full license is available in the LICENSE file.