March 11, 2002
See
Prof. Zittrain if you want to talk about your paper topic live.
-
Last
week – Commercial Surveillance (Slide):
o Summary of difference
between 2nd and 3rd party surveillance. (Where the data
comes from.)
o What happens to the data.
o Remedies
§
Tort
is a remedy (Not yet mentioned)
§
Tech
remedies (trusted systems)
-
Government
Surveillance
o The 4th Amendment
constrains government actors.
o Debates about encryption are
fundamental to this discussion.
§
Traditional
“Donut Truck” way of doing surveillance had many constraints (limited number of
trucks, only do it for the very, very bad, etc.)
§
The
fear of government investigators is that their spying will be defeated by
various forms of encryption.
§
See
“Encryption in 3 easy steps” slide
·
Keys,
·
One-way
mathematical fxns that block the ability to determine the message without
private key (in any reasonable amount of time),
·
Publicize
the public key.
·
This
is a way for people who do not know each other to exchange information
securely…
·
…AND
it’s good for authentication – gives you a digital signature.
o This works by flipping
public and private key.
o Each signature is specific
to the data to be signed (private key creates “junk” and then only the public
key deciphers it).
·
Can
erase key to encryption
o An issue in Discovery
o Allows destruction of data
immediately
·
“Web
of Trust” is another possible system.
o Validated by personal
contact or authoritative list maintained, e.g. by Verisign.
·
Could
use authentication to fight Spam.
§
So…
government hates encryption
·
Want
to slow it down. Options:
o Ban it – too extreme (want
to keep the authentication fxn that comes with because it makes money)
o Export controls – no sending
good stuff overseas.
§
Compromise
between law enforcement and national security
§
Annoying
to implement
o “The Clipper Chip” – adding
a skeleton key
§
escrowed
somewhere safe – civil libertarians would guard
§
BUT
government would have access to it with warrants
§
Problem
if you forget your key (weirdos would lock their property without some back-up)
·
What
do we think about this? Why not just let the 4th Amend. Protect?
o Room split between
unbreakable encryption and just trust the law.
o MIT people seem to prefer
encryption
o Law students trust the law
Discussion:
o We trust the IRS even though
we hate it.
o What do we do about
Hackability?
o Fear government or
criminals?
§
Key
Escrow is actually dead – Clinton administration couldn’t rally support for it.
o How do we feel about a
Net-wide Search?
Not okay with it
§
It’s
not okay because on the boarders, as government gets used to rely on this tool,
they will use it for non-contraband. (The Hoover fear).
§
Problem
of who decides what is fair to search for. “People are untrustworthy”
·
Person
with unsavory/embarrassing but not illegal data is potentially hurt. (senator with porn example).
§
Chilling
effect on the things that are legal
·
Rebuttal:
how do you feel about the squealing computer (that would volunteer illegal
content)?
§
In
war time and in times of less prosperity we feel differently – if you were a
communist, in another era you would have had a big problem. We can’t assume
that we will never have this kind of situation again. Prevent the government
from having that tool now.
§
Very
focused search for contraband okay
§
Why
would there be a privacy right in things which are illegal to own?
·
Rebuttal:
This would apply to all evidence excluded in trials – this is the 4th
and 5th Amend. protection in current jurisprudence.
o What standard applies?
§
Adler
article
·
Note:
doctrine wrong, not a balancing test.
§
Reasonable
expectation of privacy is actual standard. What does that mean on the Net?!
§
Kyllo
case (533 US 27)– thermal imaging technology used to discover marijuana in a
house.
·
Holding:
using tech not “in general public use” to gain information violates “reasonable
expectation of privacy” therefore it was an illegal search.
o New technology/factors
§
Tempest
§
Magic
Lantern – “cruddy Trojan horse program” to get passwords.
§
Carnivore
§
Databases
– supply creates demand (once you have a database for a reasonable purpose –
too tempting to use it for law enforcement purposes).
o Architectural battles
o Intrusions become less
offensive over time – so in order to halt their progression, need principles
that can be articulated.