A new security protocol walks the fine line between legitimate interception of communication and protection of privacy rights.
Researchers at the University of Luxembourg and the KASTEL Security Research Labs have devised a security protocol that enables court-authorised monitoring of end-to-end encrypted or anonymous communications, while simultaneously detecting illicit or extensive surveillance activities.
"Our aim is to bolster public trust in the integrity of operators and law enforcement agencies significantly", explains Dr Andy Rupp , research scientist at the Faculty of Science, Technology and Medicine of the University of Luxembourg.
In today’s digital landscape, the right to respect for private life, as enshrined in Article 7 of the EU Charter of Fundamental Rights (and Article 8 of the European Convention on Human Rights) holds a paramount significance. Privacy is key for democracy and for ensuring human dignity, self-determination and personal development. The demand for anonymity and data confidentiality aligns closely with legal instruments, such as the General Data Protection Regulation (GDRP).
At the same time, there is a push by law enforcement agencies to extend the coverage of laws and regulations for legitimate interception, such as the European Council Resolution on the Lawful Interception of Telecommunications from classical telecommunication providers to modern once like instant messaging providers. In Germany, the Act to Restrict the Privacy of Correspondence, Posts and Telecommunications (G10 Act) allows the German domestic intelligence services to intercept and record telecommunications so as to avert imminent danger to the free democratic basic order or to the existence or security of Germany and its federal states. Niovi Vavoula , Associate professor in cyber policy at the Faculty of Law, Economics and Finance , explains: "Germany has in parallel recently published a draft law requiring messaging platforms, email, and cloud service providers to offer users the possibility,"wherever it is technically possible", to encrypt their data". In April 2024, the European Police Chiefs issued a Joint Declaration calling on EU Member States to take action against end-to-end encryption roll-out in instant messaging services, stating this technology prevents the fight against crime. "Many applications are confronted with legal requirements that restrict individual’s privacy and anonymity guarantees, for instance in electronic payments or lawful interception of telecommunications, where surveillance is mandated to investigate suspected crimes".
As a result, many systems have backdoors embedded into the systems, allowing law enforcement agencies to disclose information about a suspect. These bear the risk of silently misusing these backdoors by other agencies, malicious employees, or also external "hackers", due to a lack of robust technical components to prevent ensuing clandestine mass surveillance or illicit targeted surveillance. This unlawful interception is precisely what the security protocols proposed by Andy Rupp’s team aim to prevent.
The research team has introduced a framework for targeted auditable surveillance, offering honest users multifaceted protection. Digital backdoors operate only for short periods of time and exclusively for designated individuals. At the heart of their framework are cryptographic protocols that force law enforcement agencies to first deposit a (encrypted) surveillance warrant at a tamper-proof public storage, a blockchain, before they are able to access a suspect’s backdoor. A large committee of entities are responsible for checking the legitimacy of the warrant and assisting in providing the backdoor.
How are trusted entities established? "We try to establish trust by a large committee of anonymous people which also change frequently to make collusion and corruption harder. The system is robust in the sense that it still works securely if some minority of committee members are malicious or unresponsive," explains Andy Rupp.
Since immutable records of surveillance measures are left on the blockchain, this enables subsequent in-depth audits by an impartial examiner. Moreover, by counting the number of records for a specific service, e.g. some instant messaging service, the general public can be reassured that no mass surveillance is deployed by government agencies. Of course, as the records deposited on the blockchain can be accessed by anyone, special care needs to be taken to not leak sensitive information about surveillance actions to the public and a potential suspect. The prospective applications of this auditable surveillance framework span across various sectors, from mobile communication systems like 5G and instant messaging services to anonymous electronic payment transactions and privacy-enhancing video surveillance. "We have outlined an initial auditable surveillance framework.", emphasises Andy Rupp. "Numerous technical and legal hurdles would need to be addressed before a real-world application. This will be the focus of our interdisciplinary research endeavours moving forward."