Abuse-resistant digital surveillance
Digital surveillance of suspects must be silent so as not to alert them. However, systems currently in use lack stringent technical mechanisms to ensure the legality of these measures. Researchers at the Karlsruhe Institute of Technology (KIT) and the University of Luxembourg have now designed a security protocol that enables, for example, judicially ordered surveillance of end-to-end encrypted or anonymous communications, but at the same time prevents or detects mass and unlawful surveillance. The team presented initial results in a publication for the Asiacrypt 2023 conference(https://eprint.iacr.org/2023/1343).
Privacy is becoming increasingly important in our digital society. There is a strong demand for anonymity and confidentiality of data, which is justified by the European Data Protection Regulation. On the other hand, laws and regulations such as the European Council Resolution on the Lawful Interception of Communications or the EU Directive on Combating Money Laundering and Terrorist Financing make it necessary to remove the anonymity of users or disclose their encrypted communications in certain well-defined circumstances, for example, when a surveillance measure against suspects has been ordered by a court. Many applications are therefore subject to requirements or regulations that prohibit a guarantee of unconditional anonymity.
Unauthorized mass surveillance through the back door
The problem with such "digital backdoors," however, is that they also enable unnoticed mass surveillance. To prevent this, independent, trustworthy bodies are needed to monitor the monitors, so to speak. A system is also needed that technically enforces a court order that cannot be subsequently changed if a backdoor is to be used, thus ensuring the legality of the measure. The systems currently in use lack strict technical mechanisms for this. "In our research work, we have designed security protocols that do both: they enable the monitoring of encrypted or anonymous communication and, at the same time, also offer the possibility of preventing or at least detecting unlawful surveillance measures," says Dr. Andy Rupp, head of the research group "Cryptographic Protocols" at the KASTEL Security Research Labs at KIT. "Our goal is to significantly increase public trust in the honest behavior of operators and law enforcement."
Controlled use of digital backdoors
In its work, the research team developed a building block for verifiable monitoring to this end. In this security protocol, users are protected in several ways: Digital backdoors open only for a short period of time and on a user-specific basis, they are shared between trusted parties, and access to the digital backdoor is granted only under certain conditions. In addition, leaving non-modifiable documents to open the backdoors is technically enforced. This allows for subsequent verification of the legality of monitoring activities by an independent auditor, as well as publicly verifiable statistics on backdoor usage.
Possible applications for these Auditable Surveillance systems range from mobile communication systems such as 5G and instant messaging services to electronic payments and privacy-compliant video surveillance. "Our work provides an initial concept for Auditable Surveillance. However, for a practical deployment, further technical and legal challenges need to be addressed. This will be the subject of our future interdisciplinary research," Rupp said. (rl)
V. Fetzer, M. Klooß, J. Müller-Quade, M. Raiber, and A. Rupp. Universally Composable Auditable Surveillance. Accepted at the 30th International Conference on the Theory and Application of Cryptology and Information Security - ASIACRYPT, 2023. https://eprint.iacr.org/2023/1343
Further information: http://www.kastel-labs.de/