Advancing Security: Developing Misuse-Resistant Digital Surveillance Technologies

Digital surveillance of suspects must be silent so as not to alarm them. However, systems currently in use lack stringent technical mechanisms to ensure the legality of these measures. Researchers at the Karlsruhe Institute of Technology (KIT) and the University of Luxembourg have now designed a security protocol that enables, for example, court-ordered monitoring of end-to-end encrypted or anonymous communication, but at the same time prevents or uncovers mass and unlawful surveillance. The team presented its first results in a publication for the Asiacrypt 2023 conference ( https://eprint.iacr.org/2023/1343 ).

Privacy is becoming increasingly important in our digital society. There is a strong demand for anonymity and confidentiality of data, which is justified by the European Data Protection Regulation. On the other hand, laws and regulations such as the European Council Resolution on the Lawful Interception of Telecommunications or the EU Directive on Combating Money Laundering and Terrorist Financing make it necessary to abolish the anonymity of users or to disclose their encrypted communications in certain, well-defined circumstances, for example when a surveillance measure against suspects was ordered by a judge. Many applications are therefore subject to requirements or regulations that prohibit a guarantee of unconditional anonymity.

Unauthorized mass surveillance through the back door

However, the problem with such “digital backdoors” is that they also enable unnoticed mass surveillance. To prevent this, independent, trustworthy bodies are needed to monitor those who are monitoring, so to speak. A system is also required that technically enforces a court order that cannot be subsequently changed if a back door is to be used in order to ensure the legality of the measure. The systems currently used lack strict technical mechanisms for this. “In our research work, we have designed security protocols that do both: They enable the monitoring of encrypted or anonymous communication and at the same time offer the possibility of preventing or at least detecting unlawful surveillance measures,” says Dr. Andy Rupp, head of the “Cryptographic Protocols” research group at the KASTEL Security Research Labs at KIT. “Our goal is to significantly increase the public’s trust in the honest behavior of operators and law enforcement authorities.”

Controlled use of digital backdoors

In its work, the research team developed a building block for verifiable monitoring. In this security protocol, users are protected in several ways: digital backdoors only open on a short-term and user-specific basis, they are shared between trusted parties, and access to the digital backdoor is only granted under certain conditions. In addition, leaving behind unchangeable documents to open the back doors is technically enforced. This allows for later verification of the legality of surveillance measures by an independent auditor as well as publicly verifiable statistics on the use of backdoors.

The possible applications for these auditable surveillance systems range from mobile communication systems such as 5G and instant messaging services to electronic payments and data protection-compliant video surveillance. “Our work provides an initial concept for auditable surveillance. However, for practical use, further technical and legal challenges must be addressed. This will be the subject of our future interdisciplinary research,” says Rupp. (rl)