Workshops‎ > ‎cs-ga-2012‎ > ‎

Richard Aldrich

Senior Computer Network Operations Policy Analyst, Information Assurance Technology Analysis Center
Lead Associate, Booz Allen Hamilton


Biography:


Rick Aldrich is the Senior Computer Network Operations Policy Analyst for the Information Assurance Technology Analysis Center and a Lead Associate for Booz Allen Hamilton.  He has been awarded several grants by the Institute for National Security Studies to study the legal and policy implications of cybercrime and information warfare.  He has multiple publications in this field, including a chapter on information warfare in the widely used textbook, National Security Law.   He has taught cyberlaw at the collegiate level and has been a faculty member of the Institute for Applied Network Security.  He has presented at several national and international conferences including HTCIA, Infowarcon, SANSFIRE, FiestaCrow, IA Conference of the Pacific, Southeast Cybercrime Summit, a conference on Arms Control in Cyberspace in Berlin, Germany and a forum on cyberterrorism in Bogota, Colombia.  He was a primary contributor to the award-winning Cyberlaw course distributed by the Defense Department.  He has a Bachelor of Science degree in Computer Science from the US Air Force Academy, a Juris Doctor from UCLA, and a Masters of Law in Intellectual Property Law from the University of Houston.  He is also a Certified Information Systems Security Professional (CISSP) and a Certified Information Privacy Professional with an Information Technology designation (CIPP/IT).

 




Abstract:

Encryption and Privacy Post-9/11:  A Double-Edged Sword

[E]ncryption technologies are the most important technological breakthrough in the last one thousand years. -- Lawrence Lessig, Code and Other Laws of Cyberspace 35 (1999)

In a globalized, post-9/11, post-Facebook world, ensuring information remains private has become increasingly challenging.  Wi-Fi signals, Bluetooth signals, web form data, e-mails, Internet searches, text messages, chat sessions and more can all be intercepted, revealing potentially sensitive information.  To maximize privacy, governments, corporations and individuals are increasingly turning to encryption.   Encryption can be used for good or evil, however, so nations have taken various approaches to its regulation.  This paper focuses on the laws, policies and standards around the world that have impacted the efficacy of encryption as a means of ensuring privacy.

1.       Laws addressing corporate use of encryption to ensure privacy of information

·         Laws vary on Safe Harbor protection for encrypted electronic protected health information

·         Safe Harbor protection varies under various national data breach statutes

·         Laws requiring financial data protection do not often direct encryption, but suggest it

2.       Laws addressing encryption and the right against self-incrimination

·         Laws vary on whether suspects must provide their decryption key

3.       Laws vary on restrictions relating to the importation or exportation of encryption technologies

4.       Government policies that require encryption backdoors

·         Efforts in various countries have largely failed or backfired

·         Government escrowed keys provides an alternate with its own risks

5.       Government policies that punish those who provide decryption technologies that can enable serious human rights abuses

·         Executive Order 13606 (April 2012)

·         Regional and international human rights legal systems

6.       Payment Card Industry Data Security Standard addresses the encryption of both data at rest and in transit, impacting transactions around the world

7.       Encryption and border searches

8.       How real-world analogies for encryption can make or break a legal case

·         Padlock and key

·         Combination and safe

·         Encoding in a foreign language



Presentation:

Comments