Book Review: Burdens of Proof

benrothke writes "When the IBM PC first came out 31 years ago, it supported a maximum of 256KB RAM. You can buy an equivalent computer today with substantially more CPU power at a fraction of the price. But in those 31 years, the information security functionality in which the PC operates has not progressed accordingly. In Burdens of Proof: Cryptographic Culture and Evidence Law in the Age of Electronic Documents, author Jean-François Blanchette observes that the move to a paperless society means that paper-based evidence needs to be recreated in the digital world. It also requires an underlying security functionality to flow seamlessly across organizations, government agencies and the like. While the computing power is there, the ability to create a seamless cryptographic culture is much slower in coming." Keep reading for the rest of Ben's review.

Burdens of Proof: Cryptographic Culture and Evidence Law in the Age of Electronic Documents
author	Jean-François Blanchette
pages	288
publisher	MIT Press
rating	9/10
reviewer	Ben Rothke
ISBN	978-0262017510
summary	Excellent overview and history of using cryptography to build a trust framework

The so called Year of the PKI has been waiting for over a decade, and after reading Burdens of Proof, it is evident why a large-scale PKI will be a long time in coming. More than that, getting the infrastructure in place in a complex environment that exists in the USA with myriad jurisdictions and technologies may prove ultimately to be impossibility.

The irony is that an effective mechanism for digital authentication would seem to be an indispensable part of the digital age. The lack of such an authentication infrastructure may be the very reason that fraud, malware, identity theft and much more, are so pervasive on the Internet.

The premise of this fascinating book is that the slow decline from the use of paper from a legal and evidentiary perspective has significant consequences. For the last few hundred years, paper has been ubiquitous in modern life; from legal and health records, school, employment and everything in between.

The book details the many challenges that businesses and governments face in moving from a paper-based record society and the underlying trust mechanisms that go along with it, to a new digital-based record system, and how a new framework is needed for such a method. The book details part of that new framework.

The book opens with an observation on the authenticity of President Obama's birth certificate. While Blanchette is not a birther, he does note that if the moral authority of paper records has diminished, then the electronic documents replacing them, which are what the Obama administration provided, appear to be even more malleable. And that is precisely the issue that he addresses.

Blanchette details a compelling story and writes it as an insider. He was a member of a task force appointed in 1999 by the French Ministry of Justice to provide guidance on the reform of the rules governing the admissibility of written evidence in French courts, into a digital format.

The first few chapters provide an excellent overview of the history of cryptography. Chapter 3 – On the Brink of a Revolution– gives an excellent summary of cryptography from 1976 on, starting with seminal research that was done by Diffie and Hellman, and Rivest, Shamir and Adleman (RSA).

In chapter 5, Blanchette details his narrative about how France embraced and moved to a more digital governmental framework. He notes that the challenge was that France was the country that gave bureaucracy its name, and is a place where citizens must carry at all times their papers d'identite and is a society enmeshed in paper. Blanchette writes of the many French bureaucracies that had to let go of their protectionist stances as they moved down the path to letting electronic documents have legal validity.

Blanchette writes that in France, one of the biggest impediments to moving to a digital framework were the French civil-law notaries or notaire. French notaries are much more powerful than a notary public in the US, and are closer to being what a paralegal does in the US.

The French notaire are a wealthy and powerful monopoly when it comes to issues of purchases, sales, exchanges, co-ownerships, land plots, leases, mortgages and the like. A notaire can form a corporation prepare commercial business leases and much more. The entire French notary profession had been dependent on its monopoly to grant authenticity, and no definition of electronic authenticity could emerge and succeed if it did not meet its criteria.

While paper trust may be intuitive now, Blanchette writes that it wasn't always the case. When documents were first created (whenever that may have been), they did not immediately inspire trust. As with other innovations, there was a long and complex period of evolution needed to gain accepted levels of trust.

In chapter 6, the books notes that many people assumed cryptography would be the mechanism that would inspire trust in the digital world. Blanchette writes that the mistake cryptographers made and sometimes continue to make; is that they often assumed that the properties of cryptographic objects will translate transparently into the complex social and institutional setting in which they are deployed in.

This was incisively noted in Why Johnny Can't Encrypt, which was a usability evaluation of PGP by Whitten and Tygar. The author's observed that user errors cause or contribute to most computer security failures, yet user interfaces for security still tend to be clumsy, confusing, or near-nonexistent. While the paper was written in 1999, most of its findings are still relevant.

Chapter 6 provides 3 fascinating case studies that show have different approach to security technology and cryptographic deployments are imperative in ensuring that they work.

In just under 200 pages, the books 7 chapters provide both a fascinating overview of the history of cryptography, in addition to showing how cryptography can be effectively used to authenticate digital documents. The book also has a high-level framework (a comprehensive framework would require at least 5 times as many pages) for an effective cryptographic framework for digital trust.

As Blanchette notes many times in the book, the challenge with getting digital signatures to work is not with the technology; rather it is with the underlying societal infrastructure in which to make it work. France was brought kicking and screaming into the age of electronic authentication, and is one of the few countries that have had such widespread success.

The book is a fascinating read that details how frustrating difficult it has been to create a comprehensive mechanism for digital authentication. The book raises many beguiling questions, and Blanchette is smart enough to notes that there are no simply answers to these multifaceted problems.

Burdens of Proof: Cryptographic Culture and Evidence Law in the Age of Electronic Documents is both a fascinating overview of the history of paper and electronic authentication, in addition to providing a synopsis of what it will take to make create a cryptographic culture, where digital evidence will be as accepted in the courtroom, as its antique paper cousin.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Burdens of Proof: Cryptographic Culture and Evidence Law in the Age of Electronic Documents from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

It is already done.

[stanlyb]

The security, the protocol, the encryption, BUT, as you already guessed, our sweat government does not want us to have secure and secret documents, without the ability to spy on them, whenever they want to, and for whatever funny reason.

Re:

[stanlyb]

You do realize that the full blown encryption between person A and person B does not involve anything but the public keys from A and B for encryption, and the private keys from A and B for decryption? You do realize that there is no need of third party (government) to assist you of securing an encrypted tunnel between A and B? Again, do you really know what secure connection is?

Re:It is already done.

[SuricouRaven]

Almost. Such an encryption protects entirely against passive interception, but has a serious weakness: MITM attacks. There are only two ways to solve this problem. One is to pre-exchange keys over a secure channel. That's fine for connecting to the company VPN and such situations when someone has to physically set up the endpoints, but it's not a lot of use on the internet. The other is to have a trusted third party provide confirmation of identity, and in turn authenticate this third party by keys exchanged over a secure channel. It's a really ugly method (Can you *really* trust any of those CAs? Of course not!) but as of now, it's the only option there is. Some protocols rely on a web-of-trust system, but again it isn't suitable for all situations, particually those in which nodes are many and connections infrequent and transient.

Re:

[kwerle]

Almost. Such an encryption protects entirely against passive interception, but has a serious weakness: MITM attacks...

It seems like you are conflating security and encryption. Perfect encryption exists and is trivial for any two parties to use. There is no MITM problem. Security is only possible insofar as you trust someone or something - whether it be the person you are handing/receiving your public key to, or the web of trust, or whatever else.

And, of course, once you have exchanged public keys and can start an *encrypted* conversation, verification of identity can be established by external (what was our previously a

Re:

[stanlyb]

Actually, what i am trying to imply is that if I, and my Friend decide to establish secure tunnel between us, and having before that exchanged the private keys, then it will become extremely difficult for anyone else to decode our conversation, or to pretend to be one of the parties (yes, that's true, the man in the middle has to have one of the private keys too if he wants to succeed). In most cases, this is enough, as the only way for the Evil guy to take your keys is to do it in person, physically. And i

Re:

[kdemetter]

Unless he manages to convince each party that the public key has changed, without the secure connection.

For example, you have JohnA@gmail.com and JohnB@gmail.com , and they have a secure connection through assymetric encryption.
I create my own private keys JohnA@gmail.com and JohnB@gmail.com , and corresponding public keys.

I send a mail from JohanB@gmail.Com to JohnA@gmail.com , stating that I've changed my key, and this is the new public key.
I do the same from JohanA@gmail.com to JohnB@gmail.com.

Now, I can

Re:

[kwerle]

Actually, what i am trying to imply is that if I, and my Friend decide to establish secure tunnel between us, and having before that exchanged the private keys,

Public keys.

then it will become extremely difficult for anyone else to decode our conversation, or to pretend to be one of the parties (yes, that's true, the man in the middle has to have one of the private keys too if he wants to succeed).

It is *impossible* unless they have your private key *and the ability to use it* (your passphrase).

In most cases, this is enough, as the only way for the Evil guy to take your keys is to do it in person, physically. And if he has to do it for 300 million people...you make the math.

Right. Or compromise your system in such a way that they can view what you do when you decode the conversation.

Re:

[SuricouRaven]

You skip over the problem - exchanging public keys. If the channel isn't secure then what is there to stop an attacker from intercepting the keys in transit and replacing them with his own? You need to have either a secure channel for key exchange or a pre-shared secret. Neither of which is an option when you just want to view a website you've never visited before over SSL.

Re:

[stevetruelord]

Isn't Diffie Hellman key xchange secure to do that?

Re:

[SuricouRaven]

It's secure against a passive evesdropper. It isn't secure against an active MITM, able to modify traffic as well as intercept. Such an attacker can easily just impersonate both parties.

It does make interception of communications much more expensive and detectable though, potentially making mass-interception prohibitively expensive.

Re:

[stevetruelord]

ok, thank u for clarify.

Re:

[SuricouRaven]

It is secure against a passive evesdropper, but not an active MITM able to modify as well as intercept communications. Such an attacker could simply impersonate both parties to communicate with the other.

Re:

[kwerle]

Which is just about what I said:

Security is only possible insofar as you trust someone or something - whether it be the person you are handing/receiving your public key to, or the web of trust, or whatever else.

That's the purpose of well signed and maintained SSLs. Whether or not they achieve that is up for debate.

Re:

[TwezerFace]

Sorry...who u directing this query to?

Re:

[TwezerFace]

I guess you never saw how much staff the NSA has....

Re:

[stevetruelord]

Nice conspiracy theory...u have the slightest bit of evidence to back up your claim?

Re:It is already done.

[Antique Geekmeister]

There's the prosecution of Phil Zimmerman for publishing PGP, the failed attempt to publish the "SkipJack" algorighm with all keys held for law enforcment use, the new "Trusted Computing" toolkit with all keys held by Microsoft with no legal assurance of their privacy against warrant-free access under the "Patriot Act", there's the Patriot Act isself, and then there is US federal law at http://www.ecfr.gov/cgi-bin/text-idx?SID=9ae4a21068f2bd41d4a5aee843b63ef1&c=ecfr&tpl=/ecfrbrowse/Title15/15cfrv2_02.tpl#730 [ecfr.gov].

It's frightening reading. Widespread domestic security for electronic documents is being sacrificed to permit government access to communications, both foreign and domestic, with and without court order or knowledge of anyone being monitored. The fiber optic taps in AT&T's core data center planted by the NSA were quite real, quite illegal, and the personnel involved have been given immunity.

Re:

[stevetruelord]

that was soooo long ago. And phil z. was never procsecuted...only investigated.

Re:

[TwezerFace]

::: prosecution You mean ‘investigation’. He was not charged with a crime, and therefore never prosecuted for a crime.

Re:

[stanlyb]

The key length for all the bank transaction is a joke. Any sane government with enough computer power could crack it. Translated: USA, USSR, China... Just for comparison, the key length for encrypting the traffic in Microsoft Windows platform is 2048. I wonder why!!!!

Re:

[stevetruelord]

what 'key length' u referring to? AES is now very strong and 100% unbreakable.

Re:

[OeLeWaPpErKe]

2048 bit encryption is far beyond the capabilities of any entity on earth (or even all combined) to brute-force. 256 bit AES is still considered beyond the reach of government to decrypt, but it is perhaps out of reach only by a factor 1000 or so. 2048 bit is perfectly secure.

Besides, since private entities cannot guarantee their physical security, how many bits they use is completely inconsequential : this is why [xkcd.com]. To protect a few files on your harddrive from your employer or your mom, 3bit encryption is p

Re:

[stevetruelord]

Nice technical reply to a silly question/comment.

Re:

[Zero__Kelvin]

Well, this guy [slashdot.org] is dead now, so there might be less sweat [thefreedictionary.com] government than you think!

Re:

[stevetruelord]

As to our govt., you do realize the the mayan apocolypse really did happen...the govt. just covered it up.

Re:

[TwezerFace]

I think there is a lot of hype around the NSA and their capability to encrypt. We have never seen a single instance where thy have gone to the courts and shown they decrypted strong encryption without some external vulnerability.

Re:

[etash]

a minute late and a post short.

Re:

[TwezerFace]

There seems to be a /. tradition in some cases that the first poster wins...irrespective of its content. can the /. historian clairfy?

ah

[M0j0_j0j0]

i can assume this was written by a moderate person by is qualification of "substantially".

Re:

[M0j0_j0j0]

Edit!!!!!

Re:

[stevetruelord]

Rastered!

Re:

[stevetruelord]

Awesome comment! Even more awesome that via anon coward...you really should out yourself...

Re:

[Smauler]

I think many future political activists who were very 'open' on the net when young and stupid will end up paying for it hugely down the line when they mature and want to change the world for the better and then find out your political enemies goons know about things that could discredit you in the public eye.

Part of the problem is that there's this expectation that everyone be squeaky clean, and never have had made a mistake. It shouldn't matter all that much if someone did something stupid when they wer

Re:

[TwezerFace]

good point...but at the end of the day....the NSA gets more via clueless and stupid end users, who make security mistakes, then by all their mainframes.

Yes of course

[gelfling]

EVERYTHING related to PC's is still, after 30 years, a clumsy bolt-on. Hell, networking and printing still have to be added, tweaked and configured and VPN is still a mess. As long as we tolerate companies like MS shoveling Windows 8 at us while the guts under the covers are garbage, this is what we'll get. I mean with a multicore processor there's no way to make one of those cores a security specific ASIC that does all the heavy lifting for security across the board in hardware. But we'll never get that be

Re:

[stevetruelord]

>>>EVERYTHING related to PC's is still, after 30 years, a clumsy bolt-on. thanks to Windows!

Re:

[TwezerFace]

Windows and their commitment to backwards compatability is what makes the PC industry 20 years behind Apple. Simple as that.

Lolno.

[Corwn of Amber]

I should begin crowdsourcing a slew of form documents, in the style of "here is why your spam solution won't work".

Beginning with "So you wrote up a cyber law. It won't work. Here's why it won't work."

NOTHING can be saved if it can't be freely copied by anyone from anywhere. Most documents won't survive anyway, lacking interest in making copies for all of the time they're available.

The one and only way to keep a document is to have it freely copyable by everyone everywhere forever, end of story. Everything

Re:Jean-François Blanchette

[stevetruelord]

some stupid little Anonymous Coward.....

P vs. NP

[sugarmotor]

Amazon "search inside this book" has no results for "NP" as in P vs. NP. How can that be? The book doesn't draw the connection to this major relevant open question on one hand, but has "burden of proof" in the title on the other hand?

Re:

[stevetruelord]

One of those...if you have to ask the question...you dont understand it.

Re:

[sugarmotor]

Don't understand what?

Re:

[stevetruelord]

Precisely!

Re:

[sugarmotor]

Now getting the impression you don't know what you're talking about.

Re:

[DamnStupidElf]

Cryptography has a poor track record of trying to use NP-hard or NP-complete problems to form ciphers. Even if P = NP it may still be possible to find algorithms with constant factors that make encryption and decryption practical but brute-force decryption impractical.

640KB, actually.

[TheSHAD0W]

And 64KB on the motherboard. I know, I had one.

Re:

[WhirledOne]

Y'know, I wondered if anyone was going to point out something along those lines. Actually, IIRC, the original maximum "official" memory capacity of the early 64K PC1 was in fact 256K if you only used official IBM memory expansion cards, but the memory map officially allowed up to 512K of RAM (and was supported by some 3rd party expansion cards). A few years later, IBM apparently realized that there wasn't really a need to reserve the entire remaining 512K of addressing space for ROM and device-specific RA

Re:544KB (?) on the 64KB MB - details matter

[old_fortran]

The original 64KB 5150 motherboard (4 banks of 16KB each) supported 512KB AST and other 3rd-party option cards, but carried ROMs that had a total system limit less than 640KB. The second gen motherboard supported 4x 64KB, of 256 KB on the motherboard, and 640KB of main memory overall. My recollection is of some number like 512KB + 32KB, for a total of 544KB, but it could have been 512KB+64KB, or 576KB; STILL not 640KB. I remember this because I once had to replace ROMs from gen 1 motherboards so I could

The cost-benefit tradeoff.

[DamnStupidElf]

In the paper world you have to invest significant resources to forge each paper document. In the digital world if you can forge one document with a free tool you can forge as many as you want. To raise the cost of being able to forge a digital document beyond what an attacker is willing to pay the cost of legitimate use becomes greater than the benefit.

One possible solution is a hierarchy of security where the higher layers increase both the cost of forgery and the cost of legitimate use and let the mark

Re:

[stevetruelord]

Good point...Bruce Schneier has written tons on this topics.

Re:

[starfishsystems]

We need to be clear about what EV is. It's not about SSL, it's about X.509. It doesn't solve a technical problem because EV identifies no technical problem with X.509 certificates. EV promises a procedural solution to a procedural problem, namely the failure by Certificate Authorities to take reasonable care to check the real-world credentials of certificate requestors in order to determine that they are who they claim to be. In effect, the CAs are saying, "Yeah, well, we were a bit negligent the last

Re:

[rfc1394]

To raise the cost of being able to forge a digital document beyond what an attacker is willing to pay the cost of legitimate use becomes greater than the benefit.

Exactly why we have spam. Make sending forged address and spammy e-mail require prepaid costs such that it was as expensive as snail mail and spam would drop from 90% of mail to less than 0.1%. It's only because it costs nearly nothing either directly for small quantities (like phishing scams) or via botnets to send huge quantities of spam (for bulk ads for fraudulent products including erectile disfunction drugs) that so much can be generated. We have some partial solutions but the entire solution requires

&#$!%* Slashdot!

[AmiMoJo]

Jean-François Blanchette

When TFA text is managed by Slashdot's encoding you know something is wrong. I know Unicode has its problems but it really should be a priority at this point.

Re:

[stevetruelord]

what is TFA? the above is due to HTML coding errors....

Re:Jean-François

[stevetruelord]

>>>We sure have a lot to worry Actually ZERO to worry about. dont sweat the small stuff.