Security Without IoT Mandatory Backdoors: Using Distributed Encrypted Public Recording to Catch & Prosecute Suspects

19 Pages Posted: 15 Jun 2016 Last revised: 8 Mar 2017

See all articles by Carl Hewitt

Carl Hewitt

Massachusetts Institute of Technology (MIT)

Date Written: June 16, 2016

Abstract

This article explains how Citizens' civil liberties can be preserved by banning Internet of Things (IoT) mandatory backdoors while at the same time effectively catching and prosecuting suspects (such as alleged "terrorists").

IoT devices are becoming pervasive in all aspects of life including personal, corporate, government, and social. Adopting IoT mandatory backdoors ultimately means that security agencies of each country surveil and control IoT in their own country and perhaps swap surveillance information with other countries. Burr-Feinstein have proposed that it must be possible for security agencies to be able to secretly access and take control of any individual IoT device. However adopting their proposal would make it very difficult to prevent security agencies from accessing and controlling large numbers of devices and abusing their surveillance and control capabilities. Also, adopting IoT mandatory backdoors would be corrosive to civil liberties because any IoT device could be secretly accessed and controlled without any awareness by those using the device. A critical security issue is that after a backdoor has been exercised to take control of a citizen's IoT device without their awareness, the device thereby becomes somewhat less secure because of potential vulnerabilities in the new virtualized system used to take control of the device.

Distributed Encrypted Public Recording (DEPR) is system in which distributed public and private organizations keep encrypted electronic records of all activity that takes place in outside the homestead including tracking automobiles, cell phones locations, humans (using facial recognition), and all financial transactions. The records can be decrypted only by court warrant using both a key kept by the recording establishment and a key provided by the court. If not court ordered within a time set at recording, the recordings cannot read by anyone (enforced by cryptography using a trans-national distributed Internet time authority). In addition to ensuring that outdated information cannot be decrypted, the trans-national time authority can provide continual statistics on the amount of decrypted information as a deterrent to mass surveillance and control. Advanced Inconsistency Robust information technology can be a very powerful tool for catching and prosecuting suspects using DEPR. Using DEPR is a less risky to civil liberties than requiring IoT mandatory backdoors for all IoT devices. The DEPR proposal brings out the issue that massive amounts of information are being collected and disseminated with almost no regulation whatsoever. Soon there stands to be even greater collection and dissemination, which will inevitably lead to increasingly severe scandals.

This above proposal aims to balance the Constitutional requirement to protect citizens' civil liberties and for law enforcement to catch and prosecute suspects (such as alleged "terrorists"). It would uphold the U.S. Constitution's Fifth Amendment right against self-incrimination by prohibiting mandatory IoT backdoors that could provide access to sensitive personal information. At the same time, it would not prohibit access to "distributed encrypted public recording" (such as videos in public places, all financial transactions, and locations of cell phones from cell towers) so all recorded activities except those in personal IoT devices could be subpoenaed.

Keywords: backdoors, Internet of Things (IoT), Burr-Feinstein proposal, European Court of Justice (ECJ), FBI, 5th Amendment

Suggested Citation

Hewitt, Carl, Security Without IoT Mandatory Backdoors: Using Distributed Encrypted Public Recording to Catch & Prosecute Suspects (June 16, 2016). Available at SSRN: https://ssrn.com/abstract=2795682 or http://dx.doi.org/10.2139/ssrn.2795682

Carl Hewitt (Contact Author)

Massachusetts Institute of Technology (MIT) ( email )

77 Massachusetts Avenue
50 Memorial Drive
Cambridge, MA 02139-4307
United States

Register to save articles to
your library

Register

Paper statistics

Downloads
204
rank
139,483
Abstract Views
1,000
PlumX