Security Protocols Against Misuse of Digital Surveillance

image provided by pixabay

This post is also available in: עברית (Hebrew)

In our increasingly digital society, privacy is getting more and more important, and according to the European General Data Protection Regulation there is a strong demand for anonymity and confidentiality of data.

The issue is that laws and directives regarding these matters require the revocation of anonymity or uncovering the users’ encrypted communication under certain circumstances (like when surveillance of suspects is ordered by a judge). For this reason, many applications are subject to requirements or regulations restricting unconditional anonymity.

However, the problem with this type of “digital backdoors” is that they allow for unnoticed mass surveillance, so experts claim a need for independent, trustworthy offices for the surveillance of surveillants. Moreover, the existing systems lack strict technical mechanisms- a system is needed to force a court order that cannot be changed later on when the backdoor is to be used in order to ensure the lawfulness of this measure.

Nevertheless, there might be an appropriate solution. Dr. Andy Rupp, Head of the Cryptographic Protocols Group of the KASTEL Security Research Labs of KIT, states: “We have developed security protocols that can do both: They enable surveillance of encrypted or anonymous communication and, at the same time, prevent or at least uncover illegal surveillance. We want to significantly increase the trust of the public in the honesty of operators and prosecution authorities.”

According to Interesting Engineering, the research team developed a module for auditable surveillance that protects users in several ways: Digital backdoors open for a short time and for specific users only, are shared by trustworthy parties, and access to them is provided under certain conditions only.

Moreover, users are forced to leave unchangeable documents when opening the backdoors, which allows for a later check of the lawfulness of surveillance by an independent auditor and for publicly verifiable statistics on the use of backdoors.

When it comes to potential applications of these auditable surveillance systems, these range from mobile communication systems (like 5G and instant messaging services) to electronic payments and legal video surveillance.