Title: A Proposal for Balancing Security Requirements from Law Enforcement, Corporations, and Individuals
Speaker: Ernie Brickell (Brickell Cryptology, LLC)
This proposal includes multiple aspects in a systems approach to balance a citizens need for security and privacy with the law enforcement need for exceptional access to unlock devices and access encrypted communications from devices. Characteristics of the system include:
- Minimize risk of misuse by providing a robust signing system for Law Enforcement access requests that includes non avoidable auditing of all use of the system. Use similar signing systems to those used by industry to protect extremely valuable keys.
- Maximize citizen trust in the system by providing the user a method to know as much as possible about whether their device or communications have been accessed by Law Enforcement. There could be some time delay between the time of Law Enforcement access and when a user is informed. There could also be some instances in which a user was never informed.
- Minimize impact to users and corporations if the system is compromised by allowing a user to protect some information from any Law Enforcement access, such as health data shared with health provider, sensitive employer data shared with employer, credentials used to authorize financial transactions. This is information that Law Enforcement either does not need or could obtain from some place other than the device, such as the health provider or employer.