The increasing deployment of end-to-end encrypted communications services has ignited a debate between technology firms and law enforcement agencies over the need for lawful access to encrypted communications. Unfortunately, existing solutions to this problem suffer from serious technical risks, such as the possibility of operator abuse and theft of escrow key material. In this work (Eurocrypt 21) we investigate the problem of constructing law enforcement access systems that mitigate the possibility of unauthorized surveillance. We first define a set of desirable properties for an abuse-resistant law enforcement access system, and motivate each of these properties. We then formalize these definitions in the Universal Composability (UC) framework, and present two main constructions that realize this definition. To illustrate the technical challenge of constructing these protocols, we conclude by investigating the minimal assumptions required to realize these systems. Finally, use the lessons learned in this work to reflect on Apple’s recent CSAM scanning proposal, a novel form of law enforcement access system.
--
Please contact the MPI-SWS Office team for the Zoom link password information