CY 2550 - Foundations of Cybersecurity

Project: Cybersecurity Ethics

This project is due at 11:59pm on Friday, March 19, 2021.

Description and Deliverables

In this assignment, you will perform part of a Value Sensitive Design (VSD) critique of the so-called “going dark” debate. This is an exercise in applied ethics, critical thinking, and creativity – we expect written answers, not code, pseudocode, or mathematical formulas. For your reference, there is general information available about VSD and the methods it employs at the following website: https://vsd.ccs.neu.edu.

To receive full credit for this project, you will complete a series of writing prompts on Gradescope.

This is a Group Project

Unlike other projects in this class, this is a group project. You may work in groups of up to four students. You are free choose your partners (we suggest posting on Piazza if you are looking for partners). Partners are helpful on this project because they bring additional perspectives to the ethical questions at hand, thus we highly recommend that students work in groups!

Summary of the Problem

In the U.S., law enforcement agencies may obtain legal access to computing devices and electronic communications. For example, the police may obtain a warrant that permits them to seize and analyze a computer belonging to a suspect in a crime, in order to search for evidence. The police may also obtain a warrant for a wiretap that allows them to surveille the electronic communications of a suspect. Finally, the police may obtain a subpoena that compels a communication company (e.g., a phone company or online messaging service like Facebook) to turn over electronic records and communications relating to a suspect.

In recent years, however, powerful encryption has begun to proliferate across the consumer electronics space. Laptops and smartphones are often “encrypted by default”, meaning that a password or cryptographic key must be provided to unlock the data stored on the device. Similarly, end-to-end encrypted messaging apps like Signal are free and widely available. In both cases, the secrets necessary to decrypt the data are known only to end-users. Even if law enforcement were to try to compel the device maker, software developer, or service provider to grant access to data, they cannot comply – only end-users can decrypt their data.

Law enforcement agencies claim that they are “going dark” because of the proliferation of strong cryptography. They claim that data that is necessary to solve crimes, and that they otherwise have lawful access to, is now inaccessible. High-profile law enforcement officials like James Comey, Rod Rosenstein, and William Barr have called on tech companies to develop solutions that preserve the lawful access capabilities of law enforcement agencies to digital data and communications.

For their part, tech companies and cryptographers assert that they cannot comply with the demands of law enforcement officials. They argue that any “back door” added to encryption systems to facilitate access by law enforcement would inevitably also be exploited by adversaries – in other words, that there is no way to build a back door just for the “good guys”. Further, this side argues that if U.S. law enforcement were to demand back door access to data and communications, law enforcement officials in other (possibly more authoritarian) countries would also demand similar access capabilities.

Submitting Your Project

On Gradescope you will find a series of prompts related to the above problem. Answer these questions to complete the project.

Grading

This project is worth 5% of your final grade. The point value of each question is available on Gradescope.