The past several years have seen a fundamental change in the way that individuals use technology to communicate. One aspect of this change has been the widespread deployment of new encrypted communications systems that are used by billions of users. With the emergence of new, practical encrypted messaging protocols and storage technologies, encryption is now available to the public in a quantity and quality that could only be imagined in previous decades. With the deployment of secure encryption technology comes new challenges. These span the traditional domains of cryptography, software design, and usable security. Technical flaws in these systems have already exposed hundreds of millions of users to the threat of data compromise. At the same time governments around the world have called for the introduction of new potential points of failure, in the form of exceptional access systems that would allow law enforcement to access communications on demand. This project studies problems arising from the often contradictory requirements of providing user security and providing exceptional access to government agencies. The work involves research into many aspects of the problem, ranging from cryptographic protocol design through the careful consideration of legal and administrative procedures. Research outputs will include development of requirements for these systems; analysis of concrete proposals put forward by government agencies; and the design of meaningful auditing systems and revocation mechanisms to maintain security for such systems in the event of a catastrophic breach. The research results have been integrated into graduate and undergraduate courses, and are disseminated through news publications and a public blog.
CAREER: Towards Secure and Policy-Compliant Encrypted Communications