November 24, 2024

Posts Comments

New research: There's no need to panic over factorable keys–just mind your Ps and Qs

February 15, 2012 by

You may have seen the preprint posted today by Lenstra et al. about entropy problems in public keys. Zakir Durumeric, Eric Wustrow, Alex Halderman, and I have been waiting to talk about some similar results. We will be publishing a full paper after the relevant manufacturers have been notified. Meanwhile, we’d like to give a more complete explanation of what’s really going on.

We have been able to remotely compromise about 0.4% of all the public keys used for SSL web site security. The keys we were able to compromise were generated incorrectly–using predictable “random” numbers that were sometimes repeated. There were two kinds of problems: keys that were generated with predictable randomness, and a subset of these, where the lack of randomness allows a remote attacker to efficiently factor the public key and obtain the private key. With the private key, an attacker can impersonate a web site or possibly decrypt encrypted traffic to that web site. We’ve developed a tool that can factor these keys and give us the private keys to all the hosts vulnerable to this attack on the Internet in only a few hours.

However, there’s no need to panic as this problem mainly affects various kinds of embedded devices such as routers and VPN devices, not full-blown web servers. (It’s certainly not, as suggested in the New York Times, any reason to have diminished confidence in the security of web-based commerce.) Unfortunately, we’ve found vulnerable devices from nearly every major manufacturer and we suspect that more than 200,000 devices, representing 4.1% of the SSL keys in our dataset, were generated with poor entropy. Any weak keys found to be generated by a device suggests that the entire class of devices may be vulnerable upon further analysis.

We’re not going to announce every device we think is vulnerable until we’ve contacted their manufacturers, but the attack is fairly easy to reproduce from material already known. That’s why we are working on putting up a web site that you can use to determine whether your device is immediately vulnerable.

Read on for more details, and watch for our full paper soon.

Filed Under: Uncategorized

IEEE blows it on the Security & Privacy copyright agreement

February 10, 2012 by

Last June, I wrote about the decision at the business meeting of IEEE Security & Privacy to adopt the USENIX copyright policy, wherein authors grant a right for the conference to publish the paper and warrant that they actually wrote it, but otherwise the work in question is unquestionably the property of the authors. As I recall, there were only two dissenting votes in a room that was otherwise unanimously in favor of the motion.

Fast forward to the present. The IEEE Security & Privacy program committee, on which I served, has notified the authors of which papers have been accepted or rejected. Final camera-ready copies will be due soon, but we’ve got a twist. They’ve published the new license that authors will be expected to sign. Go read it.

The IEEE’s new “experimental delayed-open-access” licensing agreement for IEEE Security & Privacy goes very much against the vote last year of the S&P business meeting, bearing only a superficial resemblance to the USENIX policy we voted to adopt. While both policies give a period of exclusive distribution rights to the conference (12 months for USENIX, 18 months for IEEE), the devil is in the details.

For the IEEE, authors must assign “a temporary joint and undivided ownership right and interest in all copyright rights” to the IEEE, giving the IEEE an exclusive to distribute the paper for 18 months. Thereafter, the license “expires.”

Those quotation marks around “expires” are essential, because there’s language saying “IEEE shall nonetheless retain the sole and exclusive right to archive the Work in perpetuity” which sounds an awful lot to me like they’re saying that the agreement doesn’t actually expire at all. It just moves into a second phase. For contrast, USENIX merely retains a non-exclusive right to continue distributing the paper. That’s an essential difference.

There are some numbered carve-outs in the IEEE contract that seem to allow you to post your manuscript to your personal web page or institutional library page, but not to arXiv or anything else. (What if arXiv were to offer me a “personal home page service?” Unclear how this license would deal with it.) This restriction appears to apply in both the initial 18 month phase and the “in perpetuity” phase.

My conclusion: authors of papers accepted to IEEE Security & Privacy should flatly refuse to sign this. I don’t have a paper of my own that’s appearing this year at S&P, but if I did, I’d send them a signed copy of the USENIX agreement. That’s what the members agreed upon.

Disclosure: I am currently running for the board of directors of the USENIX Association. That’s because I like USENIX. Of all the venues where I publish, USENIX has been the most willing to break with traditional publishing models, and my platform in running for USENIX is to push this even further. Getting ACM and IEEE caught up to USENIX is a separate battle.

Filed Under: Uncategorized Tagged With: ,

United States v. Jones is a Near-Optimal Result

January 23, 2012 by

This morning, the Supreme Court handed down its decision in United States v. Jones, the GPS tracking case, deciding unanimously that the government violated the defendant’s Fourth Amendment rights when it installed a wireless GPS tracking device on the undercarriage of his car and used it to monitor his movement’s around town for four weeks without a search warrant.

Despite the unanimous result, the court was not unified in its reasoning. Five Justices signed the majority opinion, authored by Justice Scalia, finding that the Fourth Amendment “at bottom . . . assure[s] preservation of that degree of privacy against government that existed when the Fourth Amendment was adopted” and thus analyzing the case under “common-law trespassory” principles.

Justice Alito wrote a concurring opinion, signed by Justices Ginsburg, Breyer, and Kagan, faulting the majority for “decid[ing] the case based on 18th-century tort law” and arguing instead that the case should be decided under Katz’s “reasonable expectations of privacy” test. Applying Katz, the four concurring Justices would have found that the government violated the Fourth Amendment because “long-term tracking” implicated a reasonable expectation of privacy and thus required a warrant.

Justice Sotomayor, who signed the majority opinion, wrote a separate concurring opinion, but more on that in a second.

I think the Jones court reached the correct result in this case, and I think that the three opinions in this case represent a near-optimal result for those who want the Court to recognize how its present Fourth Amendment jurisprudence does far too little to protect privacy and limit unwarranted government power in light of recent advances in surveillance technology. This might seem counter-intuitive. I predict that many news stories about Jones will pitch it as an epic battle between Scalia’s property-centric and Alito’s privacy-centric approaches to the Fourth Amendment and quote people expressing regret that Justice Alito didn’t instead win the day. I think this would focus on the wrong thing, underplaying how today’s three opinions–all of them–represent a significant advance for Constitutional privacy, for several reasons:

1. Justice Alito? Maybe I’m not a savvy court watcher, but I did not see this coming. The fact that Justice Alito wrote such a strong privacy-centric opinion suggests that future Fourth Amendment litigants will see a well-defined path to five votes, especially since it seems like Justice Sotomayor will likely provide the fifth vote in the right future case.

2. Justice Scalia and Thomas showed restraint. The majority opinion goes out of its way to highlight that its focus on property is not meant to foreclose privacy-based analyses in the future. It uses the words “at bottom” and “at a minimum” to hammer home the idea that it is supplementing Katz not replacing it. Maybe Justice Scalia did this to win Justice Sotomayor’s vote, but even if so, I am heartened that neither Justice Scalia nor Justice Thomas thought it necessary to write a separate concurrence arguing that Katz’s privacy focus should be replaced with a focus only on property rights.

3. Justice Sotomayor does not like the third-party doctrine. It’s probably best here just to quote from the opinion:

More fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. E.g., Smith, 442 U.S., at 742; United States v. Miller, 425 U.S. 435, 443 (1976). This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks. People disclose the phone numbers that they dial or text to their cellular providers; the URLs that they visit and the e-mail addresses with which they correspond to their Internet service providers; and the books, groceries, and medications they purchase to online retailers. Perhaps, as JUSTICE ALITO notes, some people may find the “tradeoff” of privacy for convenience “worthwhile,” or come to accept this “dimunition of privacy” as “inevitable,” post, at 10, and perhaps not. I for one doubt that people would accept without complaint the warrantless disclosure to the Government of a list of every Web site they had visited in the last week, or month, or year. But whatever the societal expectations, they can attain constitutionally protected status only if our Fourth Amendment jurisprudence ceases to treat secrecy as a prerequisite for privacy. I would not assume that all information voluntarily disclosed to some member of the public for a limited purpose is, for that reason alone, disentitled to Fourth Amendment protection.

Wow. And Amen. Set your stopwatches: the death watch for the third-party doctrine has finally begun.

4. This was the wrong case for a privacy overhaul of the Fourth Amendment. Most importantly, I’ve had misgivings about using Jones as the vehicle for fixing what is broken with the Fourth Amendment. GPS vehicle tracking comes laden with lots of baggage–practical, jurisprudential and atmospheric–that other actively litigated areas of modern surveillance do not. GPS vehicle tracking happens on public streets, meaning it runs into dozens of Supreme Court pronouncements about assumption of risk and voluntarily disclosure. It faces two prior precedents, Karo and Knotts, that need to be distinguished or possibly overturned. It does not suffer (as far as we know) from a long history of use against innocent people, but instead seems mostly used to track fugitives and drug dealers.

For all of these reasons, even the most privacy-minded Justice is likely to recognize caveats and exceptions in crafting a new rule for GPS tracking. Imagine if Justice Sotomayor had signed Justice Alito’s opinion instead of Justice Scalia’s. We would’ve been left with a holding that allowed short-term monitoring but not long-term monitoring, without a precise delineation between the two. We would’ve been left with the possible new caveat that the rules change when the police investigate “extraordinary offenses,” also undefined. These unsatisfying, vague new rules would have had downstream negative effects on lower court opinions analyzing URL or search query monitoring, or cell phone tower monitoring, or packet sniffing.

Better that we have the big “reinventing Katz” debate in a case that isn’t so saddled with the confusions of following cars on public streets. I hope the Supreme Court next faces a surveillance technique born purely on the Internet, one in which “classic trespassory search is not involved.” If the votes hold from Jones, we might end up with what many legal scholars have urged: a retrenchment or reversal of the third-party doctrine; a Fourth Amendment jurisprudence better tailored to the rise of the Internet; and a better Constitutional balance in this country between privacy and security.

Filed Under: Uncategorized Tagged With: ,

This Week in Copyright – SOPA, Golan, and Megaupload

January 20, 2012 by

It has been an exceptionally busy week for copyright policy. We heard from all three branches of the US Federal Government in one way or another, while the citizens of the Internet flexed their muscles in response.

The most covered story of the week was the battle over SOPA and PIPA — the twin proposed bills that aimed to cut down on online piracy of copyrighted works by giving the government significant new authority to block access to allegedly infringing web sites. Other authors on this blog have pointed out how the bills show inconsistency in the copyright industry’s position on regulating the internet, could threaten free speech in repressive regimes, and may ultimately be found by the courts to violate fundamental constitutional liberties. On Wednesday some of the most popular sites on the web “went dark” or otherwise heightened awareness of the issue, and the surge citizen pleas to Congress caused a surprising reversal of momentum in the House and Senate. [Update: Both PIPA and SOPA have now been shelved.]

Buried in the day’s developments was the Judicial branch’s copyright contribution. In a highly anticipated decision, the Supreme Court ruled on the case of Golan v. Holder. At issue was the question of whether or not Congress had the right to make a law that moved public domain works into copyright. Opponents of this law claimed that such a move violated not only the First Amendment, but also the purpose of the Copyright Clause — not to mention and age-old legal principles. The majority did not agree, and in a 6-2 vote it stated that individuals do not have any particular right that guarantees their use of the public domain, so they have no claim if Congress removes materials from it. Justices Breyer and Alito dissented, explaining that the ruling upset the delicate balance that the Founders had struck in affording limited monopoly rights to content creators. Nevertheless, the majority clearly demonstrated that the Judicial branch continues to trend toward greater expansion of copyright protection.

On Thursday, the Executive Branch weighed in. The Department of Justice announced that it had seized the domain name and servers of the popular file-sharing site Megaupload and had indicted several of the site’s operators. Although Megaupload claimed to be complying with US copyright law — in particular the notice-and-takedown provisions of the Digital Millennium Copyright Act — the feds claimed that the operators knew full well that the majority of the content on the site was infringing. Within minutes of the announcement, hacktivist group Anonymous had launched a denial-of-service attack on the Department of Justice web site, which remained unreachable for hours [Update: days].

Opponents of SOPA and PIPA welcomed the opportunity to reflect on why these developments demonstrated the shortcomings of the proposed bills. Some of them noted that the DoJ’s actions were done without any additional authority from harmful new bills, while others observed that such approaches to enforcement are ultimately ineffective — they observed that it was only a matter of time until Megaupload returned, or the many other file-sharing sites filled their shoes. By Thursday night, all four GOP presidential candidates had come out against SOPA.

It is hard to consolidate all of these developments into a coherent story of where things are headed. However, a few things seem clear. First, the SOPA/PIPA backlash is shows us that the internet can help citizens to rally a truly remarkable effort that penetrates the beltway bubble. Second, internet freedom is a compelling and accessible counter-narrative to copyright maximalism and government policing. Third, the courts continue to favor an approach to copyright that emphasizes property rights of those who have already created works over the free speech rights of those who may rely on those works to create new works. Fourth, the enforcement arms of the government are interested in taking ever-more-extreme measures to take down those accused of infringement, and are committing more taxpayer resources to a problem that continues to grow despite their approach.

But perhaps most significantly, this week shows us that there is just plain turmoil in this area. Policymakers are struggling to find good answers, and sometimes their “solutions” provoke far more criticism than praise.

Filed Under: Uncategorized Tagged With: ,

RECAP Featured in XRDS Magazine

January 10, 2012 by

Harlan Yu and I recently wrote an article for XRDS Magazine entitled Using Software to Liberate U.S. Case Law. The article describes the motivation behind the CITP project called RECAP, and it outlines the state of public access to electronic court records.

Using PACER is the only way for citizens to obtain electronic records from the Courts. Ideally, the Courts would publish all of their records online, in bulk, in order to allow any private party to index and re-host all of the documents, or to build new innovative services on top of the data. But while this would be relatively cheap for the Courts to do, they haven’t done so, instead choosing to limit “open” access.

[…]

Since the first release, RECAP has gained thousands of users, and the central repository contains more than 2.3 million documents across 400,000 federal cases. If you were to purchase these documents from scratch from PACER, it would cost you nearly $1.5 million. And while our collection still pales in comparison to the 500 million documents purportedly in the PACER system, it contains many of the most-frequently accessed documents the public is searching for.

[…]

As with many issues, it all comes down to money. In the E-Government Act of 2002, Congress authorized the Courts to prescribe reasonable fees for PACER access, but “only to the extent necessary” to provide the service. They sought to approve a fee structure “in which this information is freely available to the greatest extent possible”.

However, the Courts’ current fee structure collects significantly more funds from users than the actual cost of running the PACER system.

You can read the full article on the XRDS site.

Filed Under: Uncategorized