Princeton CS research on secure communications

Continuing our series on security research here at Princeton Computer Science, I’d like to talk about how new information about government surveillance is driving research on how to secure communications.

For a long time, users and companies have been slow to adopt secure, encrypted communication technologies. The new surveillance environment changes that, with companies racing to deploy security technologies. Mostly, they’re deploying known security measures rather than inventing new ones. At the same time, researchers are working on developing new security measures.

Our work in this area falls into three main areas: understanding what is vulnerable to surveillance; making security practical for users; and reconciling appropriate surveillance with oversight. I can’t go into great detail in any area, due to limited space and because some of our results aren’t ready for publication yet, but I’ll try to give an idea of the kinds of things we’re doing in each area.

First, understanding what is vulnerable to surveillance. It might seem obvious that we can just list the information that could be collected, and be done. But determining the scope of vulnerability is not so simple. This line of research involves thinking carefully about the limits of collectability, measuring what information real users emit that is collectable, and analyzing what can be inferred from this information. We have a couple of ongoing projects along these lines.

Second, making security practical for users. Users often fail to use security technologies even when they are available. For example, few people encrypt and digitally sign their email, even though tools for doing so have been available for two decades; and few website operators offer the secure https-only access that security experts recommend. It seems that current security tools are too difficult to use. But attempts to solve the problem by just improving the user interface have not been successful, because the difficulties in using these tools seem to be inherent in the underlying security model. What we need is not just a better user interface but better underlying security technologies that change the playing field so that is becomes possible to adopt a natural user interface without losing security. We have a project along these lines that I’m excited about; but we’re not ready to unveil it quite yet.

Third, reconciling appropriate surveillance with oversight. One of the reasons that U.S. surveillance policy has gone off the rails is that it is very difficult for the oversight bodies (the FISA Court, Congress, and the White House) to exercise their oversight duties in an environment where huge amounts of information are collected without much detailed information about programs and activities flowing back to the overseers. This is a problem of political process, of course, but I believe that technology can help to address it in several ways, for example by creating reporting regimes that inform overseers while protecting necessarily-secret information about detailed surveillance practices. We think it’s possible as well to change the way that information is collected and used in ways that reduce the risk of error or misuse of information, while at the same time allowing robust analysis when that is justified. On the one hand, this is a challenging area to work in because we have limited information about current practices; but at the same time the status quo offers many opportunities for improvement.

This is an exciting time to be doing research on secure communications technologies. Regardless of where the current political debates go, it is clear that communications security has entered a new era, and new tools are needed. We are part of an active research community that is working to create those tools.