Auditable Surveillance in Digital Monitoring
Digital monitoring of suspects must be silent so as not to alert them. However, the currently used systems lack stringent technical mechanisms to ensure the legality of these measures. Researchers from the Karlsruhe Institute of Technology (KIT) in the Helmholtz Research Field Information and the University of Luxembourg have now designed a security protocol that allows, for example, judicially ordered monitoring of end-to-end encrypted or anonymous communication, while at the same time preventing or detecting massive and unlawful surveillance. The team presented the initial results at the Asiacrypt 2023 conference. (Source: Karlsruhe Institute of Technology – Press Releases)
Privacy is becoming increasingly important in our digital society. There is a strong demand for anonymity and confidentiality of data, justified by the European Data Protection Regulation. On the other hand, laws and regulations such as the European Council Resolution on the Lawful Interception of Telecommunications or the EU Directive on Combating Money Laundering and the Financing of Terrorism require the anonymity of users to be lifted or their encrypted communication to be disclosed under certain, precisely defined circumstances, for example when a surveillance measure against suspects has been ordered by a judge. Therefore, many applications are subject to requirements or regulations that prohibit a guarantee of unconditional anonymity.
Unauthorized Mass Surveillance through Backdoors
The problem with such “digital backdoors” is that they also enable undetected mass surveillance. To prevent this, independent, trustworthy bodies are needed to essentially monitor the monitors. Furthermore, there needs to be a system that technically enforces an unalterable court order when a backdoor is to be used, thus ensuring the legality of the measure. The currently used systems lack these stringent technical mechanisms. “In our research, we have designed security protocols that achieve both: they enable the monitoring of encrypted or anonymous communication and at the same time offer the opportunity to prevent or at least detect unlawful surveillance measures,” said Dr. Andy Rupp, head of the “Cryptographic Protocols” research group at KASTEL Security Research Labs at KIT. “Our goal is to significantly increase public trust in the honest behavior of operators and law enforcement agencies.”
Controlled Use of Digital Backdoors
In their work, the research team developed a component for auditable surveillance. In this security protocol, users are protected in several ways: digital backdoors open only briefly and are user-specific, they are shared between trusted parties, and access to the digital backdoor is granted only under certain conditions. Additionally, the technical enforcement of leaving unalterable documents when opening the backdoors is required. This allows for later verification of the legality of surveillance measures by an independent auditor, as well as publicly verifiable statistics on the use of backdoors.
The application possibilities for these Auditable Surveillance Systems range from mobile communication systems like 5G and instant messaging services to data protection-compliant video surveillance. “Our work provides an initial concept for Auditable Surveillance. However, for practical implementation, further technical and legal challenges need to be addressed. This will be the subject of our future interdisciplinary research,” said Rupp.”
KIT/A. Seebauer, 12.10.2023
Note: This is a translation from the original German article provided.
The original press release can be found at:
Missbrauchsresistente digitale Überwachung (only in german)
The original publication can be found at (Open Access):
V. Fetzer, M. Klooß, J. Müller-Quade, M. Raiber, and A. Rupp. Universally Composable Auditable Surveillance. Accepted at the 30th International Conference on the Theory and Application of Cryptology and Information Security — ASIACRYPT, 2023. https://eprint.iacr.org/2023/1343
Localization in the Helmholtz Research Field Information:
Helmholtz Research Field Information, Program 1: Engineering Digital Futures, Topic 3: Engineering Secure Systems
Contact:
Prof. Dr. Jörn Müller-Quade
KASTEL: Cryptography and Security Group
Karlsruhe Institute of Technology (KIT)
Tel.: +49 721 608-44327
E-Mail: mueller-quade@kit.edu
Contact for this press release:
Aileen Seebauer
Press Officer
Karlsruhe Institute of Technology (KIT)
Phone: +49 721 608 41156
E-Mail: aileen.seebauer@kit.edu
