Abstract
During the Summer of 2013, it was revealed through the documents leaked by Edward Snowden that the NSA was collecting the metadata of every US-to-foreign, foreign-to-US and US-to-US call from the largest US telephone providers. This led to public outcry and to President Obama calling for the restructuring of this program. The options initially considered included keeping the data at the providers, entrusting the data to a private entity, entrusting the data to a non-NSA government agency or ending the program all-together.
In this work, we show how cryptography can be used to design a privacy-preserving alternative to the NSA metadata program. We present a protocol based on structured encryption, in particular on graph encryption, and secure function evaluation that provides the following guarantees: (1) providers learn no information about NSA queries; (2) NSA queries can only be executed if validated by a given certification process; (3) the NSA learns nothing about the data beyond what can be inferred from the query results. In addition, these properties are achieved whether the data is stored at the providers, the NSA or on a third-party cloud.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Originally, the program allowed for \(3\)-hop queries but this was reduced to \(2\) hops by the Obama Administration as of January \(17\)th.
- 2.
Unfortunately, we could not find any details of how these mechanisms worked in public sources.
- 3.
Typically, the number of vertices is revealed but this can be hidden using padding.
References
Boneh, D., Sahai, A., Waters, B.: Functional encryption: definitions and challenges. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 253–273. Springer, Heidelberg (2011)
Cash, D., Jaeger, J., Jarecki, S., Jutla, C., Krawczyk, H., Rosu, M., Steiner, M.: Dynamic searchable encryption in very-large databases: data structures and implementation. In: Network and Distributed System Security Symposium, NDSS ’14 (2014)
Chase, M., Kamara, S.: Structured encryption and controlled disclosure. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 577–594. Springer, Heidelberg (2010)
Clarke, R., Morell, M., Stone, G., Sunstein, C., Swire, P.: Liberty and security in a changing world (2013). http://www.whitehouse.gov/sites/default/files/docs/2013-12-12_rg_final_report.pdf
United States Foreign Intelligence Surveillance Court. Primary order, April 2013. http://www.dni.gov/files/documents/PrimaryOrder_Collection_215.pdf
Curtmola, R., Garay, J., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. In: ACM Conference on Computer and Communications Security (CCS ’06), pp. 79–88. ACM (2006)
Freedman, M.J., Ishai, Y., Pinkas, B., Reingold, O.: Keyword search and oblivious pseudorandom functions. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 303–324. Springer, Heidelberg (2005)
Gentry, C.: Fully homomorphic encryption using ideal lattices. In: ACM Symposium on Theory of Computing (STOC ’09), pp, 169–178. ACM Press (2009)
Goldreich, O., Micali, S., Wigderson, A.: How to play ANY mental game. In: ACM Symposium on the Theory of Computation (STOC ’87), pp. 218–229 (1987)
Greenwald, G.: NSA collecting phone records of millions of verizon customers daily, July 2013. http://www.theguardian.com/world/2013/jun/06/nsa-phone-records-verizon-court-order
Jarecki, S., Jutla, C., Krawczyk, H., Rosu, M., Steiner, M.: Outsourced symmetric private information retrieval. In: ACM Conference on Computer and Communications Security (CCS ’13), pp. 875–888 (2013)
Kamara, S.: Are compliance and privacy always at odds? July 2013. http://outsourcedbits.org/2013/07/23/are-compliance-and-privacy-always-at-odds/
Kamara, S.: Restructuring the NSA metadata program. In: Böhme, R., Brenner, M., Moore, T., Smith, M. (eds.) FC 2014 Workshops. LNCS, vol. 8438, pp. 235–248. Springer, Heidelberg (2014). http://research.microsoft.com/en-us/projects/metacrypt/
Kamara, S., Papamanthou, C., Roeder, T.: Dynamic searchable symmetric encryption. In: ACM Conference on Computer and Communications Security (CCS ’12). ACM Press (2012)
Kroll, J., Felten, E., Boneh, D.: Secure protocols for accountable warrant execution, April 2014. http://www.cs.princeton.edu/~felten/warrant-paper.pdf
Office of the Inspector General of the Department of Defense. Requirements for the trailblazer and thinthread systems (2004). https://www.fas.org/irp/agency/dod/ig-thinthread.pdf
Yao, A.: Theory and application of trapdoor functions. In: IEEE Symposium on Foundations of Computer Science (FOCS ’82), pp. 80–91. IEEE Computer Society (1982)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFCA/Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kamara, S. (2014). Restructuring the NSA Metadata Program. In: Böhme, R., Brenner, M., Moore, T., Smith, M. (eds) Financial Cryptography and Data Security. FC 2014. Lecture Notes in Computer Science(), vol 8438. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44774-1_19
Download citation
DOI: https://doi.org/10.1007/978-3-662-44774-1_19
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-44773-4
Online ISBN: 978-3-662-44774-1
eBook Packages: Computer ScienceComputer Science (R0)