 Okay, good morning and welcome to the second invited presentation at crypto Professor Felton is the Robert E. Khan professor of computer science and public affairs at Princeton University He's also director of the Center for Information Technology Policy a group dedicated to studying digital technologies in public life Ed's wide-ranging career provides an exceptional bridge between academia industry and government policy Please join me in welcoming Professor Felton to crypto 2015 Thanks. Well, let me start up by talking a little bit about My background and the position that I'm in right now to give you a little bit of context on the talk my current position is Deputy US Chief Technology Officer at the White House I work in this is a view from our office suite In the CTO's office our office basically our job is to be the primary Advisors to the president and his senior advisors on issues of technology policy Really across the whole spectrum of technology policy and that includes issues that are of particular interest to this to this community I've been there about two months Before that I spent about 20 years 20 years plus as a professor at Princeton First in computer science and then for the last 10 years of that or so also in public policy And within computer science the bulk of my work has been in security and privacy Although more from a systems standpoint than from crypt than crypto. I had had a few forays into the applied crypto literature I also took a break during that time to spend a year and a half at the Federal Trade Commission as their first chief technologist The FTC is in charge of consumer protection and also does competition policy within the US government So in my current position at the White House the White House is an organization that obviously has a much broader scope of work There so I do security and privacy you may have seen me at this conference once or twice before so what I'd like to talk about today is What are the Public policy issues before the US government that relate to encryption now Of course, there is one issue that you probably want to hear about most and trust me I'll get around to that but before I do that I want to spend some time talking about the broad range of Topics which I think may surprise you a little bit How often crypto comes up in talking about? policy issues the role of the US government with respect to cryptography is Really very multifaceted the government is a user of Cryptography in building services and in its own internal operations. It's a buyer US government buys a lot of crypto related products It's a regulator meaning that the government regulates a lot of businesses that do things that might relate to crypto For example, when I was at the FTC we dealt with issues about what companies did to protect sensitive Consumer data that they were holding and in some cases we were asking Whether there might be an obligation of companies to apply encryption in certain settings to protect data And so as a regulator the government sometimes insists on people using crypto in certain ways The government is a technology developer You you might think of the government as developing defense or national security related technology, which it often does But government develops a lot of other technologies for things for more mundane tasks like time tracking and Not to mention about 1,200 different websites That reigns in complexity from very simple to something very complex like the like the health care gov website that you might have heard about Government is a system administrator runs a very large number of systems Government of course does the US government does a large amount of research through national labs and other kinds of Organizations and of course funds a lot more research Many of you probably have or have had US government research funding a government is a standard writer Mostly through the work of NIST and I'll come back to this issue and government is also an analyst trying to understand The strengths and weaknesses of different kinds of approaches in order to make decisions about what the government itself should do So it's a very multifaceted involvement with crypto and That that the US government does so I want to sort of walk through a bunch of policy issues related to crypto and let me start with this one One current theme of policy is the effort to deploy crypto across the US government and its technologies This is a memo from the federal CIO Tony Scott From from just a couple months ago Which requires all publicly accessible federal websites and web services to only provide service through a secure connection in other words all federal websites will be HTTPS only once this is implemented and If you go into page two of this memo what you see is this particular bullet that says that agencies must make all Existing websites and services accessible through a secure connection. That is HTTPS only with HSTS, which is a standard that is designed to prevent protocol downgrade attacks so that a man in the middle cannot Trick a user's browser into believing that the website is offered insecurely That has to happen by December 31st 2016 for all existing websites For all for all existing websites and services new sites and services have earlier deadlines and The government has done not only this order to its own agencies with respect to its websites But also has produced a very nice implementation guide and playbook that helps agencies actually roll these things out That was written by engineers at a group called 18f, which is kind of the open source software development arm of the government We have this nice website pulse.co.gov. That's of course HTTPS pulse.co.gov Which which will show you how we're doing against this goal when I took this screenshot, which was a few weeks ago 29% of federal websites used HTTPS and on the right side it talks about how many as support Analytics that are accessible to the public So we have this dashboard and you can click through on the bottom here and get information about The status of all the different federal websites. There are about 1200 of federal government websites in all So here you can see for example that white house.gov does use HTTPS only with HSTS enabled and a preloaded cert so we get an a on the SSL labs test, which is a fairly stringent test of of HTTPS best practices You can click on the a and you get all of the details in excruciating detail You can see for example that our website the white house website provides forward secrecy for modern browsers for older browsers of forward secrecy is Really not possible So we get an a rather than a plus because one of our intermediate certs uses sha one instead of a stronger hash function So you can see all across the government who's doing how and what we hope and expect and what in fact has been ordered is that these Lines will fill in with more and more Implementations as we approach that date at the end of 2016 Okay, so that's crypto deployment internally another thing that we're looking at is deployment of encryption for for stronger authentication We want to move beyond the password Right, we've known for a long time Everyone has known for a long time that passwords are not the best way of authenticating people passwords are not very secure Their human factors are not good And we've known that for a long time and we've known that there are cryptographically better ways of doing it But actually getting those deployed at scale Across a large organization or across the entire online ecosystem has really been a challenge for just about everybody And so one of the policy areas that we're looking at is what we can do about this What we as a government can do about this and for the US government There are really three scenarios to consider that I'm pointing at here The first scenario is an employee or contract or someone who works for the government who needs to authenticate themselves to a government service of some kind And for this we have a system that is based on a bunch of NIST standards That in which people get an employee ID card that's called the PIV card personal identity verification I think that stands for the Department of Defense calls it a CAC common access credential It's the same thing. It's this smart card. That is your employee ID, which you can use to authenticate in various ways So the second case is the public authenticating to government sites and here there's an existing Initiative called connect gov. This is a diagram from connect gov. The idea is that you the users can get credentials from a bunch of private sector credential providers and they can use those to authenticate to The connect gov service and the connect gov service provides a single sign-on which can be used across some federal sites And so the plan is to build this out into something which is has been the plan has been to build this out into something that has broader deployments with more possible source approved sources of Credentials in the private sector and more government websites able to use this so that when an American or an overseas person who wants to get for Example a visa is going to engage in repeated interactions with the government site that we have a better way of authenticating them The third piece is the most difficult and this from a from a policy standpoint And this is the case of authentication of anybody to to any service And we would like to do what we can in the government not to impose a solution on people But to try to be a catalyst for the development and deployment of something that's better than what we currently have in a lot of settings And so there's this effort called the national strategy for trusted identities in cyberspace. I'm not going to go into this in a lot of detail, but what and this n-stick Effort has been trying to do is to try to be a catalyst for for broader deployment of of Authentication and we to put it bluntly. We'd like that to go faster But this is an area again in which government we believe has something to contribute to trying to be a catalyst for the emergence of a better Of a better crypto ecosystem for regular people in practice Now here's an example This this photo is an example of an important change that's happening right now in the US government that relates to deployment of crypto And that is the arrival of serious technologists across government for a long time This comes from fast company magazine For a long time there has been technical expertise in government But within what you might call the science agencies within agencies that have a particular Connection to or a particular history or mission that relates to technology and you can you know you can make a list of those What's changing now is that we're seeing Technologists move into government really across the whole spectrum of the government beyond those few technology focused agencies Now this photo shows most of the tech workforce that's working within the White House Organization these people are serious engineers user experience designers some of them have been founders and senior engineering leaders in In companies that you've heard of they're now working for the government and they are building And they are building technologies that are That that can actually serve public needs in in a better way than than before This is what grew out of the government's response to the healthcare gov website rollout Which you might have heard didn't go so well at first But was fixed by a bunch of by some of these people coming in and and applying better engineering practice to to the problem So there's a there's been a serious effort to deploy serious engineering talent across the government and these are 130 people who have come to to do that So these are not people who update windows on your desktop. These are people who build and design serious systems And I want to point you I just want to refer to oh and this is unfortunately You can barely see him over here on the left Mikey Dickerson is it is one of the heroes of this effort and he gave this talk at South by Southwest Why we need you in the government, which I just want to refer to He basically talks about waking up one day and saying I'm spending my professional life Making it so that some pile of dollars goes to billionaire a rather than billionaire B I would prefer to spend my days Trying to solve important public problems of which technology is part of the solution and he talks about sort of finding a mission to work in government to try to actually solve these problems And I would just urge you if you're interested in in why people do this Why serious engineers go to work for the government to to watch the YouTube video of Mikey's talk itself by Southwest? All right another role for government is as a standard writer. This is Des the first NIST crypto standard This document is dated January 1977 the very first version back then NIST of course was called the National Bureau of Standards There was of course a bunch of drama around the design of des there was a discussion of the key size and why it was only 56 bits But probably more drama over the design of the S boxes, which was initially secret And that led to a lot of suspicion about what the secret was We later learned of course that the secret was that Des was designed to be resistant against a kind of crypt analysis Which wasn't publicly known yet So Des turned out to be as strong as it appeared to be at the end of the day Here we have AES AES of course was the successor to des this was chosen by NIST again after an extensive and public competition process AES has the stature it has now among symmetric ciphers partly because of its design But frankly partly because of the open and transparent process that led to it This is one of the big successes of government policy with respect to crypto standards is the design of AES And of course just a couple weeks ago NIST issued the shot three standard a new hash function and some related functionality again the result of an extensive public discussion and debate so clearly the government NIST knows how to design crypto standards that that can get extensive buy-in from the community And then there's this thing you might have heard about the dual EC DRBG standard And in case you haven't heard for the two people who haven't heard about this This was one option in a NIST standard for generating pseudo random bits P and Q down here at the bottom are Public parameters they are points in an elliptic curve And if P and Q are chosen in a random and independent way Then as far as we know the algorithm seems to be secure with one caveat that I'm not going to go into here But a party who can choose P and Q themselves can choose a P and Q that will look random to observers But which allow the party who made that choice to defeat the generator all right? So who chose P and Q and How do we know that they didn't choose it in a way that leaves a back door? Well, we can dig into this a little bit more Maybe not All right, so NIST did a really admirable postmortem on this NIST convened an expert panel as part of that postmortem and I was I served on that panel before I joined the government along with some people who frankly know a lot more about crypto than I do including Bart Praniel and Ron Rivest and That was part of NIST process of figuring out what had happened in this case and And and what NIST should be doing going forward. So was this a deliberately inserted backdoor? I'll let you reach your own conclusions based on the evidence and I think I can guess where most of you will come down in that question I Was convinced before I joined the government and I haven't seen anything to contradict this that NIST was trying to make a strong standard But by NIST's own admission as part of this postmortem NIST did not do enough to create a standard that the public could trust as being backdoor free In other words the question to be asking here is not is there a backdoor? But the question that NIST should have been striving to answer is how can we convince people that there's not a backdoor? How can we get that public confidence and this is a case where NIST by its own admission didn't Do enough and NIST's process has led to Changes in the way it does its its encryption standardization NIST reissued the standard with dual EC removed And more importantly it rethought its procedures for standard setting to try to get the necessary trust in the future Now that trust can't be rebuilt overnight But I'm convinced that NIST is is doing what it can to create new standards in ways that we can trust and NIST Really, I think has an indispensable role to play in crypto standards There are different sources for crypto standards and they have their pros and cons from a public standpoint But I think NIST's role is one that is difficult to replace with any other standard maker Cryptography is also a free trade issue We'd like to avoid a world where every country has its own crypto standards and we can't communicate securely across borders because of incompatibility So we want people to be able to choose which crypto algorithms. They're going to use of Course every government can choose which crypto it wants to use for its own communications on the White House website We're a little bit picky about which crypto we use. We don't use RC4 or MD5 We prefer AES and SHA-256 And but Interoperation and a set of crypto standards that work internationally are an important goal And they're one of the things that we strive for when we think about trade policy So as you can see there are lots of policy issues that touch crypto, but these days There's the one issue that gets most of the attention. So let me talk about that Let me start by by quoting from James Comey the director of the FBI And he's talked about What the FBI calls the going dark problem that people are switching to crypto that gives users exclusive control over the access to data That is both in cases of encrypted storage and encrypted communications, which in many technical respects are our different scenarios and This trend reduces law enforcement's ability to get data in certain cases from a technology provider Even in response to a valid warrant or a court order Director Comey's spoken pretty forcefully about this and the NSA director Admiral Mike Rogers has talked about the impact on foreign intelligence Of these trends in in crypto and this has brought the issue of encryption policy back into the spotlight I want to take some time to talk about this issue and where we are on it and the first thing I want to say is that this Argument about going dark is the opinion and position of the FBI But it's not It's not necessarily the opinion and position of the US government as a whole If you want to understand what the position of the government is the first person to listen to is this Guy the boss We always look to the boss for guidance and here's what he had to say in an interview back in February He starts out by saying we all want to know that if we're using a smartphone for transactions or sending messages Etc. We don't want to have a bunch of people compromising that so there's no scenario in which we don't want really strong encryption Where there's a situation where there's a specific case of possible national security threat Is there a way of accessing it? If not, then we're really going to have to have a public debate So I'm in Silicon Valley and probably a lot of people in this room would argue That the harms done by having any kind of compromised encryption are far greater and then he acknowledges this and says this is a public Conversation we should end up having I lean probably further in the direction of strong encryption Then some do inside of law enforcement But I'm sympathetic to laws enforcement because I know the kind of pressure they're under to keep us safe So the president here is acknowledging that strong crypto is important and that we shouldn't lightly dismiss the a desire for strong crypto, but we also shouldn't lightly dismiss the The job that law enforcement is tasked to do in protecting us In other words So the president recognizes that and those of us who work on this issue day to day Inside the government see it the same way. There are some important equities at stake And it's really important to get the policy right Okay, so what is the state of of us government policy right now? Here's the current state of play within the administration There are extensive internal discussions going on about the issues about the facts and about what we should do as a result of Of what we know we've been talking to as many stakeholders as we can That includes companies that includes civil society groups that includes experts Some of you in this room have come in and talked to me have talked to my colleagues have talked to my colleagues in the White House in law enforcement and elsewhere in the government And we appreciate the input and the information that we get from doing that We'd like to get to a decision About the administration policy sooner rather than later because we recognize that it's not ideal To have uncertainty about what our position is going to be But we also recognize that we want to end up adopting the right policy and to be in a position to execute that policy Successfully when we do decide it so an issue this complex can't be resolved overnight But we do recognize the importance of getting to a decision as quickly as we reasonably can Okay, so how do we how do we actually make decisions like this? Well, it wouldn't be appropriate for me to talk about our internal process and where we are Specifically on this specific issue So let me talk in general about how the administration about how this White House decides issues like this And here's a rough Algorithm for doing it We we talk about identifying the issue we identify the equities at stake equities are anything that government is Legitimately trying to optimize or obtain any any good thing that that its government's job to cause to happen Or bad thing that its government's job to prevent that is an equity. We identify the equities we consult with stakeholders We consult internally It is generally a mistake to think of the government as a unitary entity Government is made up of many different offices and branches and departments Each one has its own mission and each one tends to see the equities that are closely related to its own mission the most clearly and tends to and tends to argue Based on the equities related to its own mission But it's the job of the government to work across this organization to come to a policy that can be Decided in a uniform way so We consult with stakeholders consult internally identify what are the policy options what choices can be made? How would each option affect the equities and then we frame the decision for senior decision makers here are the Reasonable here are the best options here the trade-offs between them This is how the equity would equities would be affected if you do a versus B And then we'll go to senior decision makers and say here. Here's where we are. They might say great I choose a I choose B. I choose C or they might say well We need more information about this such and such part of your analysis isn't complete enough go back and do it again Eventually decision is made and we then explain that decision to the public and to internal stakeholders This is roughly how we go about making the decision making making decisions about important issues All right, so when we talk about encryption and we talk about this issue of the going dark problem or the backdoor issue There are several equities that are relevant. We start by numerating the equities In this case here are four of the equities that would be affected by a decision about about encryption policy the first one is public safety And that is the ability of law enforcement in the intelligence community to get information that they're entitled to get when they have a Court order in order to protect the public this has to do with this has to do with gathering evidence it has to do with Prosecuting crime and so on which is an important equity and it's something which law enforcement is in many cases at least Allowed to do under our legal system. Of course subject to the rule of law Second is well, I'm not gonna say the C word. I do work for the government and I might say it internally Let me just say security here That is the need to prevent and deter attacks There's a lot of discussion about what the implications of what the risk would be that would be brought on by by some kind of encryption mandate and That's something that we take into account To the extent that a policy would increase the risk of an attack make it more difficult to respond to an attack That's something that we will take into account as one of the equities the third equity is the third equity Here is economic competitiveness and generally economic development That has to do with the ability of technology providers to compete for usage globally having a global competitive market for Encryption and security related products is we think a good thing We think it's good for American companies to be able to sell overseas and we think generally having a Having products that can work together across borders is a good thing and anything that undermines that is Is a negative and then last on the list but not But not necessarily the least important is civil liberties and human rights And that is protecting people around the world from abuses of power by governments and by others We recognize that the actions the decisions made by the US government have international implications That the decision that the US government makes the position that it takes May embolden other countries to take similar actions whatever it is that we do and That therefore that the decisions that we make are are going to have international implications And we need to take that into account and we need to think about the implications of what we're doing for civil liberties and human rights around the world so these are the equities and Generally, if one is deciding between alternatives one will look at how those alternatives affect the equities and then do a Kind of weighing to the extent that the equities are incomparable by nature. That's a matter for senior decision-makers to deal with Okay, one question people often ask us is is Is to what extent are we taking? Technical factors into account in our discussion. We haven't talked. I think it's fair to say we haven't talked in public about specific Technical analysis or technical approaches and trade-offs And I know this has led some people to jump to the conclusion that the government US government is not thinking about the technical issues Around this encryption decision. That's not correct Let me assure you that we are thinking and talking about the technical issues as part of our internal discussion And of course, it's useful and helpful to the process if the crypto community in other words you Talk about the technical details of these questions and the technical trade-offs that that they open Let's talk about it publicly and to talk about it with us They're probably interesting and challenging research questions here as well as applications of existing knowledge And we're always happy to hear from people in the community and to hear new ideas My email address was on the initial slide It will be on the slide that's up during the Q&A and I want to invite you to to contact me about this Here's a little peek into the technical discussion that we've had internally This is an actual diagram used in our internal discussions This is drawn by me an Alice and Bob diagram That comes from about minute five of a one-hour briefing and discussion that I've done with senior people in the government Of course, no crypto discussion would be complete without Alice and Bob So this is from this Excuse me This gives some background about how encrypted communication often works with public key crypto here You have Alice and Bob at the top they start out with a with what I'm calling here a long-term identity key They engage in an initial handshake protocol Which in which each authenticates the other and they negotiate a session key and the later down here They use the session key in phase two to transfer data between themselves by symmetric encryption, right? so this is a description of how of how Encrypted communication works and it as I said, this is for minute five of a much longer discussion This gives you a little window into How our discussions tend to go Encrypted storage of course is a different scenario and one that has a different Alice and Bob diagram Okay, so where are we going to go on this issue We honestly don't know yet, and I don't want to get ahead of the policy process by trying to predict where we're going to go But there are two things I can say That I think have emerged pretty clearly from the public discussion that's happened so far The first one is that nobody wants to do the clipper chip again Nobody is proposing a requirement that everyone has to use the same specific algorithm Or the specific same specific government mandated technical approach Those who do support a mandate of some sort would be mandating a capability and leaving implementers Some freedom to decide how to achieve that capability and that of course makes sense If you're going to go in the direction of having a mandate and again, I emphasize some people are advocating that within the government It's not a decision that has been made by any means But if one were to go in this direction Giving implementers if some freedom to decide exactly how to do it for their particular product make some sense Now saying that that that mandate advocates would give implementers some discretion Does not exempt us from the need to think hard about what are the technical options and what are the technical trade-offs? That implementers would face Because the decision the policy decision that needs to be made Does depend on the real options that real implementers would have and the real trade-offs they would have to face so we don't get out of the ability to Talk about and consider the real technical trade-offs by just saying don't worry you guys can work it out Proponents want the proponents of a mandate want implementers to have to have freedom as to how to do this to be absolutely clear That's not a thing. We've decided to do have I said that enough times Thanks Right, and I want to make one last point about lawful access before we open it up to Q&A and discussion What law enforcement is asking for what they would like to get and what they And what they need to do their job as effectively as possible is to be able to get access to data when they have a valid warrant encryption They argue can be a barrier to that access and it's hard to argue that certain kinds of encryption can be a barrier to law enforcement getting access but other factors can be barriers to and If we want to talk about what can be done technologically to help law enforcement protect us We can talk about other ways of lowering those other barriers For example when law enforcement shows up with a warrant at a company with a warrant for data And the company does have that data How quickly can the data be delivered? Of course, the company will want their lawyers to look over the warrant to make sure the warrant is good But after that if the warrant is valid and the rule of law has been followed and the company does have the data How quickly can the data be delivered and how well can the company separate the data that is responsive to the warrant? From the data that is just nearby and that law enforcement doesn't have any legitimate desire to get By doing a better job at those things companies can help law enforcement do their job but without requiring the kind of changes to crypto that That that are being talked about in the other discussion So my point is companies can be more helpful to legitimate law enforcement needs And they can do more to protect their users and the public from harm even if they don't change their crypto And and to the extent that it's possible to do that with lower security risk That is a thing that I think companies should think about doing Right, so this is a hard problem But if we want to end up in the right place, I suggest that maybe we should take a cue from this guy and chill out a bit So we need to figure out what's possible and what's not possible We need to figure out actually what are the options and one of the trade-offs for reconciling Two things that are both important Which is the legitimate need for law enforcement to be able to enforce the law and catch dangerous people who do exist while protecting everybody else from from security risk from risk to civil liberties and Human rights and from the economic impact of some of the policies that have been suggested The fact is that we can't have everything that we want We can't achieve all of those equities perfectly and there's no solution that gets us there So we're going to have so the decision will involve making trade-offs And that's exactly the reason that we need to have a rational conversation So finally, I want to remind you that there's a lot more for government to do on security besides this one issue We can always use more smart people helping out both inside and outside of government at solving Genuinely hard social problems There are a lot of things that all of us or that all reasonable people agree should be happening That are not happening in the world or things that are happening that we can agree should not we would like to prevent And I don't want this one issue to become a barrier to working together on those things where we do agree Across the board on what should be happening We can always use more help inside of government and we can always use more people outside of government Working to make good things happen Even if we disagree on some things. So thanks for your time I've left a good chunk of time for conversation and I look forward to conversation in the Q&A now and afterwards Thanks