Presented at The Eleventh HOPE (2016)
July 22, 2016, 5 p.m.
For several years, law enforcement has been complaining that legal wiretaps are "going dark" (especially when encryption is used), and has been lobbying lawmakers to mandate "surveillance-friendly" technology that allows the government to break encryption and unlock devices under certain circumstances. At the same time, computer and network security is universally recognized to be in an increasingly dangerous state of peril, and technologists worry that "backdoor" mandates will only make things worse.
We've been here before, not long ago. In the 1990s, after the government proposed the "Clipper Chip" key escrow system, we had a similar debate with similar stakes. It was finally resolved when the government essentially gave up and finally allowed cryptography to proliferate.
This talk will review the current cryptography debate, will examine the risks of the "keys under doormats" that the FBI is asking for, and will explore technical alternatives that could satisfy the needs of law enforcement without making computer security more of a mess than it already is. In particular, Matt and Sandy will examine the viability, and risks, of law enforcement exploitation of existing vulnerabilities in targets' devices to obtain wiretap evidence.
Sandy Clark / Mouse
as Sandy Clark
Sandy Clark is a hacker and PhD candidate at the University of Pennsylvania. She studies the vulnerability life cycle, security vulnerabilities, and other interesting things.
Matt Blaze is a hacker and professor in the computer science department at the University of Pennsylvania. He's spoken at HOPE almost every time (he missed the second), and has testified before Congress on the issues presented in his HOPE talk this year.