The Hill We Must Die On: Cryptographers and Congress Shaanan Cohney - - PowerPoint PPT Presentation

the hill we must die on cryptographers and congress
SMART_READER_LITE
LIVE PREVIEW

The Hill We Must Die On: Cryptographers and Congress Shaanan Cohney - - PowerPoint PPT Presentation

Nov 22, 2023 241 likes •680 views

The Hill We Must Die On: Cryptographers and Congress Shaanan Cohney Gabriel Kaptchuk University of Pennsylvania Johns Hopkins University January 9, 2019 1 / 32 Who Are We? Gabe Kaptchuk Shaanan Cohney 4 th year PhD Student at 5 th

slide-1
SLIDE 1

The Hill We Must Die On: Cryptographers and Congress

Shaanan Cohney Gabriel Kaptchuk University of Pennsylvania Johns Hopkins University January 9, 2019

1 / 32

slide-2
SLIDE 2

Who Are We?

Gabe Kaptchuk

  • 4th year PhD Student at

JHU

  • Co-advised by Avi Rubin

and Matt Green

  • American

Shaanan Cohney

  • 5th year PhD Student at

UPenn

  • Co-advised by Nadia

Heninger and Jonathan Smith

  • Australian
  • We worked together in Senator Ron Wyden’s (D-OR) personal
  • ffice in Washington DC
  • Neither of us had prior political experience
  • Both of us have research mentors with policy interests

2 / 32

slide-3
SLIDE 3

This Talk is NOT...

An advertisement for a set of political views

3 / 32

slide-4
SLIDE 4

This Talk is NOT...

A talk about the merits/evils of exceptional access mechanisms

4 / 32

slide-5
SLIDE 5

This Talk is NOT...

A US civics lecture

5 / 32

slide-6
SLIDE 6

This Talk is NOT...

A view into the secrets happening behind closed doors

6 / 32

slide-7
SLIDE 7

This Talk IS... Two perspectives on what we learned from our summer

  • n Capitol Hill

7 / 32

slide-8
SLIDE 8

“Cryptography rearranges power: it configures who can do what, from what. This makes cryptography an inherently political tool” — Phillip Rogaway

8 / 32

slide-9
SLIDE 9

Why Work in Policy?

  • Governments struggle with complex systems
  • Governments set trends
  • Loudest voices on our issues not from our community

9 / 32

slide-10
SLIDE 10

Why Work in Policy?

  • Governments struggle with complex systems
  • Governments set trends
  • Loudest voices on our issues not from our community
  • IMPACT

9 / 32

slide-11
SLIDE 11

US Federal Government Reminder

The Executive Branch

(President and most departments)

The Judicial Branch

(Courts) 10 / 32

slide-12
SLIDE 12

US Federal Government Reminder

The Legislative Branch

(House and Senate)

The Executive Branch

(President and agencies)

The Judicial Branch

(Courts) 11 / 32

slide-13
SLIDE 13

Legislative Branch

12 / 32

slide-14
SLIDE 14

Legislative Branch

13 / 32

slide-15
SLIDE 15

Senate Office

  • Approx. 15 people in DC
  • Issue areas are “owned” by particular staffers
  • Staff identify problems and suggest actions
  • Problems also sourced from constituents, lobbyists, and

experts

14 / 32

slide-16
SLIDE 16

Summer Goals

  • What are the government’s ground rules?

15 / 32

slide-17
SLIDE 17

Summer Goals

  • What are the government’s ground rules?
  • Can two people make substantive impacts?

15 / 32

slide-18
SLIDE 18

Summer Goals

  • What are the government’s ground rules?
  • Can two people make substantive impacts?
  • Is there overlap between academically interesting problems

and policy interesting problems?

15 / 32

slide-19
SLIDE 19

Summer Goals

  • What are the government’s ground rules?
  • Can two people make substantive impacts?
  • Is there overlap between academically interesting problems

and policy interesting problems?

  • How can we best represent our community?

15 / 32

slide-20
SLIDE 20

What our mothers think we did

16 / 32

slide-21
SLIDE 21

What our manager thinks we did

Can’t share details but... We care about

  • Widespread crypto protocol

deployment

  • FIPS Standardization

Process

  • Government CAs
  • Old and outdated VPN

protocols

  • Government transparency

Our Senator cared about

  • HTTPS

disabled/misconfigured on agency websites

  • Lack of StartTLS
  • FBI misrepresenting

decryption difficulties

  • Voting

...high overlap, but not exactly the same

17 / 32

slide-22
SLIDE 22

What we actually did

  • Wrote lots of letters - both nice and angry
  • Drafted legislation
  • ‘Cryptographic’ investigations
  • Advised the Senator and senior staff
  • Met with representatives from government agencies and

private corporations

  • Argued about lots of things.

18 / 32

slide-23
SLIDE 23

What we actually did

  • Wrote lots of letters - both nice and angry
  • Drafted legislation
  • ‘Cryptographic’ investigations
  • Advised the Senator and senior staff
  • Met with representatives from government agencies and

private corporations

  • Argued about lots of things. Productively.

18 / 32

slide-24
SLIDE 24

19 / 32

slide-25
SLIDE 25

Highlight: Meeting with National Security Agency

  • When Senators ask, people show

up

  • Met with senior officials and

cryptographers from NSA

  • One official commented that it was

refreshing to have a direct conversation with members of the academic cryptographic community

  • Can’t disclose any of the details

20 / 32

slide-26
SLIDE 26

Lessons

21 / 32

slide-27
SLIDE 27

Lesson #1: Crypto is everywhere

  • FIPS

22 / 32

slide-28
SLIDE 28

Lesson #1: Crypto is everywhere

  • FIPS
  • Census department will be using differential

privacy in the 2020 census

22 / 32

slide-29
SLIDE 29

Lesson #1: Crypto is everywhere

  • FIPS
  • Census department will be using differential

privacy in the 2020 census

  • More government services are available online

22 / 32

slide-30
SLIDE 30

Lesson #2: Talk is Cheap, but Powerful

  • Politics is performance. Hearings are for the public.
  • Politicians actually do listen (or at least their staff do)
  • It’s not hard to get one meeting
  • Ideas seeded today, become law tomorrow

23 / 32

slide-31
SLIDE 31

Media and Spin The member won’t read your paper The member won’t read your twitter The legislative aide will read your twitter

24 / 32

slide-32
SLIDE 32

Priorities

Golden Rules:

  • 1. Don’t make the member

look bad

  • 2. Make the member look good
  • 3. Really, Don’t make the

member look bad

25 / 32

slide-33
SLIDE 33

Priorities

Golden Rules:

  • 1. Don’t make the member

look bad

  • 2. Make the member look good
  • 3. Really, Don’t make the

member look bad Don’t forget the other rules:

  • 1. Don’t do bad
  • 2. Do good
  • 3. Don’t do bad

25 / 32

slide-34
SLIDE 34

Lesson #3: Learn to Talk like the other Kind of Nerd

  • It’s hard to sell 0-RTT handshakes or isogeny based

cryptography, tell stories

  • Politicians valorize and demonize, consider their mental model
  • Master the art of the concrete ask
  • Not all legislation is intended to pass!

26 / 32

slide-35
SLIDE 35

Concrete Asks

Easier Asks I’d like the Congressperson to request this document from... I want the Congressperson to ask the relevant agency to... I want the Congressperson’s cybersecurity staffer to investigate... Harder Asks I’d like a public letter from the Senator to... about... I want the Congressperson to vote in favor of...

27 / 32

slide-36
SLIDE 36

Communicating with a Member Call Meet Write

28 / 32

slide-37
SLIDE 37

Lesson #4: Don’t Ignore “Incremental” Problems

  • Big ticket and controversial issues have friction
  • The issues you can move won’t always be the sexy ones
  • Compromise can get you real change

29 / 32

slide-38
SLIDE 38

Lesson #4: Don’t Ignore “Incremental” Problems

Good Problems

  • We should be using MPC for

Social Good

  • Why does the government

misconfigure Y?

  • The industry standards for L

are broken, and it is affecting population M Harder Problems

  • Don’t backdoor our crypto
  • We need more funding for Z

29 / 32

slide-39
SLIDE 39

What you can do

If you’re an academic...

  • Embrace the moral nature of your work
  • Start telling your stories
  • Don’t shy away from taking moral stances
  • Consider doing some work in the legislature of your respective

country

  • Be active in learning how to talk about your work

non-technically

30 / 32

slide-40
SLIDE 40

What you can do

If you’re in industry...

  • Reach beyond your particular company to bring together the

industry

  • Start telling stories about how privacy actively helps your

customers and a member’s constituents

30 / 32

slide-41
SLIDE 41

What you can do

If you’re a concerned human...

  • Take part in your political process

30 / 32

slide-42
SLIDE 42

Thank You!

  • Please reach out with any questions or thoughts!
  • Thanks to Wharton for funding Shaanan and Tech Congress

for funding Gabe!

  • Big thank you to Senator Wyden, his staff, and our fellow

fellows for having us over the summer! Shaanan Cohney https://cohney.info shaanan@cohney.info Gabe Kaptchuk https://kaptchuk.com gabe@kaptchuk.com

31 / 32

slide-43
SLIDE 43

Image Citations

Presented in order of appearance

https://thehill.com/blogs/blog-briefing-room/news/ 275092-generic-presidential-campaign-ad-mocks-political-cliches http://chicagopolicyreview.org/2016/05/25/ exceptional-access-how-a-back-door-could-create-large-scale-security-threats/ https://commons.wikimedia.org/wiki/File: Taiwanese_Junior_High_School_Students_Sleeping_in_School_2007-10-09.jpg https://commons.wikimedia.org/wiki/File:The_closed_door_at_The_Jahangiri_Mahal.JPG https://commons.wikimedia.org/wiki/File:Seal_of_the_President_of_the_United_States.svg https://www.publicdomainpictures.net/en/view-image.php?image=72186&picture=scales-of-justice http://hero.wikia.com/wiki/Bill_(Schoolhouse_Rock!) https://www.iagreetosee.com/portfolio/throwback-thursday-im-just-a-bill-yea-right/ https://thestreetwhereyoulive.files.wordpress.com/2011/08/oversight-cartoon.jpg https://www.nsa.gov/about/cryptologic-heritage/center-cryptologic-history/insignia/ https://aws.amazon.com/compliance/fips/ https://en.wikipedia.org/wiki/United_States_Census https://government.diginomica.com/2015/10/22/ denmark-has-made-digital-mandatory-for-government-citizen-interactions/ 32 / 32