Security without IoT Mandatory Backdoors: Using Distributed Encrypted Public Recording to Catch & Prosecute Suspects

Abstract : This article explains how Citizens' civil liberties can be preserved by banning Internet of Things (IoT ) mandatory backdoors while at the same time effectively catching and prosecuting suspects (such as alleged “terrorists”). IoT devices are becoming pervasive in all aspects of life including personal, corporate, government, and social. Adopting IoT mandatory backdoors ultimately means that security agencies of each country surveil and control IoT in their own country and perhaps swap surveillance information with other countries. Burr-Feinstein have proposed that it must be possible for security agencies to be able to secretly access and take control of any individual IoT device. However adopting their proposal would make it very difficult to prevent security agencies from accessing and controlling large numbers of devices and abusing their surveillance and control capabilities. Also, adopting IoT mandatory backdoors would be corrosive to civil liberties because any IoT device could be secretly accessed and controlled without any awareness by those using the device. A critical security issue is that after a backdoor has been exercised to take control of a citizen’s IoT device without their awareness, the device thereby becomes somewhat less secure because of potential vulnerabilities in the new virtualized system used to take control of the device. Distributed Encrypted Public Recording (DEPR) is system in which distributed public and private organizations keep encrypted electronic records of all activity that takes place in outside the homestead including tracking automobiles, cell phones locations, humans (using facial recognition), and all financial transactions. The records can be decrypted only by court warrant using both a key kept by the recording establishment and a key provided by the court. If not court ordered within a time set at recording, the recordings cannot read by anyone (enforced by cryptography using a trans-national distributed Internet time authority). In addition to ensuring that outdated information cannot be decrypted, the trans-national time authority can provide continual statistics on the amount of decrypted information as a deterrent to mass surveillance and control. Advanced Inconsistency Robust information technology can be a very powerful tool for catching and prosecuting suspects using DEPR. Using DEPR is a less risky to civil liberties than requiring IoT mandatory backdoors for all IoT devices. The DEPR proposal brings out the issue that massive amounts of information are being collected and disseminated with almost no regulation whatsoever. Soon there stands to be even greater collection and dissemination, which will inevitably lead to increasingly severe scandals. This above proposal aims to balance the Constitutional requirement to protect citizens’ civil liberties and for law enforcement to catch and prosecute suspects (such as alleged “terrorists”). It would uphold the U.S. Constitution’s Fifth Amendment right against self-incrimination by prohibiting mandatory IoT backdoors that could provide access to sensitive personal information. At the same time, it would not prohibit access to “distributed encrypted public recording” (such as videos in public places, all financial transactions, and locations of cell phones from cell towers) so all recorded activities except those in personal IoT devices could be subpoenaed.
Type de document :
Pré-publication, Document de travail
2016
Liste complète des métadonnées

Littérature citée [51 références]  Voir  Masquer  Télécharger

https://hal.archives-ouvertes.fr/hal-01152495
Contributeur : Carl Hewitt <>
Soumis le : mardi 14 juin 2016 - 20:16:24
Dernière modification le : mercredi 15 juin 2016 - 16:01:08
Document(s) archivé(s) le : jeudi 15 septembre 2016 - 10:45:12

Fichier

backdoors-275.pdf
Fichiers produits par l'(les) auteur(s)

Licence


Copyright (Tous droits réservés)

Identifiants

  • HAL Id : hal-01152495, version 14

Citation

Carl Hewitt. Security without IoT Mandatory Backdoors: Using Distributed Encrypted Public Recording to Catch & Prosecute Suspects. 2016. 〈hal-01152495v14〉

Partager

Métriques

Consultations de
la notice

248

Téléchargements du document

429