Averting a Tragedy of the Crypto-Commons

In the annals of cryptography’s transcendence from the obscurity of geekdom to the central place it occupies in today’s privacy and human security discourse, Whitfield Diffie’s intellectual clash in the late 70s with the NSA, which was intent on limiting the spread of strong encryption it could not break, has attained the heights of legend.

But the more dramatic episodes in the crypto epics belong more aptly to the saga of Lucifer, IBM’s first major foray into commercial cryptography and the earnest efforts in the early 1970s by Horst Feistel, who had joined IBM after growing disillusioned at the NSA, to portray Lucifer as something much grander than a mere prop for banking IT security.

It is perhaps also worthy of note that it was at IBM, and within the same rarefied circles spawned by the Watson Center, that Diffie met Martin Hellman, his now equally famous co-conspirator against the 56-bit data encryption standard (DES) that the NSA induced IBM to foist on the emerging world of network computing.

In Feistel’s 1973 paper on cryptography and “computer privacy”, published well before the more celebrated Diffie-Helman monograph, he not only outlined the vision for 128-bit encryption, something considerably more robust than the NSA-preferred 48-bit ciphers, he also exhibited a prescience about modern day concerns about individual and, more vitally, group “data bank privacy” that is truly remarkable.

It would seem that Feistel’s understanding of Lucifer’s true possibility was, at least during the early development phase, connected with some of the conclusions he drew in that paper: “it would be surprising if cryptography, the traditional means of ensuring confidentiality in communications, could not provide privacy for a community of databank users.

Feistel’s strong interest in the cryptographic prospects of networking security and the privacy needs and rights of user groups cuts a direct line to today’s complex transactional and interoperable frameworks, starting with a modified Lucifer’s application to banking ATM configurations and the presaging of future e-commerce platforms by its successors.

In a cloud computing world, some of the faint echoes of Feistel’s work on Lucifer have started to ring louder again. His concerns that networking magnifies the risks of privacy breaches are now standard fare in most analyses of the need for “pervasive cryptography” and “encryption by default”, both positions that he clearly articulated half a century ago.

It is not surprising then that the same arguments made by state security and law enforcement authorities in that era concerning the risk posed by ubiquitous strong encryption to legal surveillance for crime prevention, appear to have resurrected en masse as debate over the role of cryptology in safeguarding privacy has picked up again.

This is sad because in the intervening period since the days of Lucifer so much has happened to warrant a more nuanced view of the risks addressed through, but also complicated by, ubiquitous encryption.

The crowning glory of the Diffie-Helman turn in cryptography is undoubtedly the solving of the key distribution problem through the path shown by Public Key Infrastructure (PKI) design. The core logic of PKI has, however, always been driven by a chain or web of unilateral and bilateral functions. One person encrypts, and only they or a second nominated person can decrypt. In solving the problem of how two parties can securely exchange information without fear of interception by an eavesdropping third party, a new risk was introduced: the complete repudiation of third-party rights in the transaction, however legitimate.

In a polycentric computing world, there are some important limitations to this model, which go beyond the usual discussions about private key compromise, revocation, complexity, and certificate authority integrity. There are concerns about justified access to medical records in the event of an emergency, parenting obligations towards minors, cryptoviral extortion, and the data considerations involved in executing the digital estate of deceased persons as a function of probate law. When cross-border issues arise in any of these contexts, confusion multiplies multifold. A veritable tragedy of the cryptocommons, a situation where everyone in pursuing their best privacy interests enfeeble our collective respect for privacy, may lie just across the horizon.

Yet, not only are such discussions often overshadowed by the narrower concerns and perspectives of enterprise actors, their civil implications have also become hijacked by the focus on governments’, particularly the US Government’s, desire to insert backdoors into encryption or limit the spread of strong encryption.

The US is, of course, far from being the only major country with curious export/import restrictions on encryption products or “forced decryption” rules/regulations, many of the world’s sophisticated governments have similar or even more stringent precepts.

The US however gets a lot of attention because of its completely outsized position in the global app economy. Its disproportionate influence on digital commerce means that until September 2016, many of the world’s startups were in violations of its cumbersome laws requiring advanced registration before products containing cryptographic tools could move in and out of the US. That is essentially every app today; and with the major app stores largely controlled by US owned firms but used for distribution by tech companies around the world, the notions of what constituted an “export” or an “import”, perceptions developed when software was still predominantly sold on disks, were becoming strained to breaking point.

Cloud computing and the digital distribution of software thus interacted with ubiquitous encryption in ways designed to frustrate law enforcers, a situation thrust into the limelight, but also much obscured, by the FBI-Apple iPhone forced unlocking dispute. It is fascinating how such an interesting incident raised so few of the profound issues precipitated by polycentric ubiquitous (PU) encryption.

The real, deep, problem posed by the current model of heavily interoperable digital applications hosted remotely, used collaboratively across multiple domains and geographies, and intimately intertwined with all manner of everyday services that have only recently been digitised, is that a “trust management” problem is still being treated as an “information security” one. Even worse, this dissonance has been fully globalised.

The Wassenaar Arrangement, an international soft law regime promulgated in the Netherlands by 42 states, has a few loose provisions in its infosecurity section attempting to deal with the trans-frontier issues.

It would surprise some commentators to find out that within this club of advanced cyberpowers (although missing China, Israel and emerging cyber powers such as Brazil), the US posture towards strong encryption proliferation is actually dovish, which is saying a lot about state attitudes globally.  More importantly, Wassenaar is far from offering any framework for addressing the broader transnational civil and social complications arising from PU encryption culture.

Attempting to address this complex, multifaceted, problem starts with recognising the “distributed” and “disaggregated” nature of the strong encryption – third party rights conundrum. In many ways, blockchain is a crude attempt to address this puzzle, but more in favour of transparency than of privacy. It is sad that Ralph Merkle’s ideas, co-opted for this agenda, contain at their root much more than have been realised in the crypto-trust space.

The key to unknotting the conundrum, I think, is “civil sortition”, a new institution that enables the formation of trusteeship rings and groups as a form of “trust collateral” in the deployment of strong encryption. This is precisely what “key escrows” are not.

Key escrows, having begun life as a discredited “compromise” pushed by some law enforcement authorities in response to the tech industry’s denouncement of attempts by the former to push breakable encryption and/or backdoors in ciphers, all in the name of denying criminals the safe haven of totally impenetrable communications, never really matured into anything technically significant. They have been criticised as being open to abuse because their implementation often requires reliance on legacy social institutions highly susceptible to establishment manipulation.

Civil sortition offers a radical approach whereby a pseudorandom chain of network participants (human and parahuman) receives fragments of a “scrambler/descrambler” keypad. Whilst the real-world identity of the participants are obscured, they are uniquely identified and securely and consistently reachable so long as they remain active in the network. Any member of the network can request decryption of any encrypted message backed by a pre-programmed escalation matrix. The number of lots required for descrambling or permanent scrambling, for the sequencing of lots, and for the weighting of lots must all fit into this matrix. For some data types, influence of matrix design is heavily weighted towards the data contributors, and in others less so.

In this manner, whenever strong third party rights to data arise in any context, the communal groups affected cannot be held hostage to the whims of the nominal controller of such data. The extent to which government agencies genuinely reflect strong and legitimate third party rights to any particular data would then become a matter for network adjudication without allowing for oppressive determination by arbitrary privilege.

s data repositories continue to intermingle, and the demand for stronger forms of privacy protection grows in tandem, only radical new data access regimes can reconcile all legitimate rights, and thus avert any prospective tragedy of the crypto-commons.

Leave a Comment

Log in