Information Systems Security: Enabling Future Internet Applications through Cryptography STP-307: Business and the Internet Mark Bayer - KSG Jamil Ghani - FAS Raghav Chandra - KSG Nanthikesan - KSG Jaime Chambron - FAS Angelina Ornelas - KSG Alex C. Snoeren - MIT
41
Embed
Information Systems Security: Enabling Future Internet Applications through Cryptography STP-307: Business and the Internet Mark Bayer - KSGJamil Ghani.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Information Systems Security:Enabling Future Internet Applications
• Government policy is the hardware upon which future Internet applications will run– Respond to market forces– Facilitate progress– Solve information asymmetries through consumer
education– Negotiate international agreements
• Encryption is currently an almost unique tool for digital security
Topics of Discussion
• Need for domestic encryption policy
• Potential models
• Why “dumbing down” does not work
• Why “smartening up” does work
• Next steps
Need for Domestic Encryption Policy
• Crime– Terrible Triumvirate - terrorists, drug
traffickers, pedophiles– Realities of crime fighting
• Seamless world– Work-arounds to the rules
• Applications are waiting
Potential Models
• “Wild Wild Web” - Safe Act
• “Dumbing Down” - EAR
• Technical Advisory Committee on Encryption Federal Information Processing Standard (TACEFIPS)
• National Electronic Technologies (NET) Center - amendment to Safe Act
Why “Dumbing Down” Does Not Work
• Key recovery
• Limits on key length
• Review committee
Why “Smartening Up” Works
• Permits the realization of the full potential of Internet applications
• Maintains the government’s lead in encryption
• Responds to fundamental market motivations
Next Steps
• Adopt NET Center
• Standardize usage through collaborative efforts
• Baby steps
Recommendations
• “Smarten up, don’t dumb down.”– NET Center
• Alert the players in advance– KMI exception– EU Privacy Directive
• Keep talking (dialogue, not monologue)– FIPS– OECD
Recommendations (continued)
• Consumer awareness– labeling– “seatbelts and airbags”– liability rules
Beyond Cryptography
• Cryptography is merely today’s technology
• Detecting and legislating crypto is hard– Difficult to identify “plain-text”– Authentication = Confidentiality?
• Other technologies are currently available– Stenography can provide confidentiality– Biometrics can provide authentication