Coercion-Resistant Passwords: The End of Compelled Decryption?

Link

2016 was a year of massive data security breaches. Targets included Yahoo, Verizon, and the Clinton campaign, among others. Amid the alarm, cybersecurity professionals are declaring the simple numerical password — well, passé. A survey of 600 security experts sponsored by mobile ID provider Telesign revealed that 69% of the respondents did not think passwords provide enough security.

Source: Information Is Beautiful

In response to the mounting concern over data protection, 72% of businesses plan to phase out passwords entirely by 2025, foregoing them in favor of more secure alternatives such as biometric scanners and two-factor authentication.

But while biometrics and 2FA are certainly more difficult to crack than simple numerical combinations they are still not secure enough for some. They still possess a lingering vulnerability: they cannot detect when a user is being coerced to authenticate, either by typing in a code or placing their finger on a biometric scanner.

To address this vulnerability, researchers have started proposing designs for coercion-resistant passwords. A team from Stanford University has devised a proof-of-concept model for a system that issues subliminal passwords to users based on an individual 30-40 minute “training session” resembling a video game. Users of the system can never reveal their passwords — even under threat of coercion — because they simply do not know them. Additionally, researchers at California State Polytechnic University Pomona have developed an authentication system that authenticates based on user’s subconscious physiological responses to music samples. If the system detects duress, possibly resulting from the threat of coercion, during the sample designed to induce subconscious relaxation, it refuses to grant access.  

So far, experts intend these coercion-resistant password systems for government or commercial use — to restrict access to top-secret government data or sensitive aggregate financial information, for example. In this respect, they might serve to considerably enhance government and corporate data security protocols.

But there is little reason to assume that these emerging technologies, once introduced, will not be subject to function creep, particularly amid the growing public demand for more secure personal data protection. Much like encryption technology, coercion-resistant password systems may eventually become available to citizens to incorporate into their personal data protection protocols.

The proliferation of coercion-resistant password systems would pose a significant challenge for law enforcement as well as for the courts that has thus far been overlooked: the coercion-resistant password would effectively nullify government-requested compelled decryption.   

Courts at the district, state and federal levels, are encountering compelled decryption cases with increasing frequency, because private citizens have been using encryption technology to protect their personal electronic devices more frequently. As of now, encrypted devices are virtually impossible to access without knowing the encryption password. As a result, when law enforcement now seizes an electronic device during an investigation and finds itself unable to access the device’s contents because of an encryption lock, they typically appeal to the courts to compel the suspect to unlock the device.

The courts do not always compel decryption. Some courts have sided with the government and compelled the suspect to decrypt, while others have held that compelled decryption violates the suspect’s Fifth Amendment privilege against self-incrimination. But nonetheless, law enforcement has thus far had the recourse of appealing to the courts to compel a suspect to decrypt a device when they have been unable to access the device’s contents through independent investigative means. Coercion-resistant password systems, however, would void court-ordered compelled decryption. With the Stanford design, the user could not consciously recall the password required to unlock the device. With the Cal Poly system, the user would not be able control his or her subconscious physiological response under the duress of being compelled to decrypt, and the system would deny access because of detected coercion.

What is the proper balance between law enforcement’s investigatory privilege and the individual’s right to privacy and privilege against self-incrimination? How will novel technologies, such as next-generation encryption technology and coercion-resistant password systems, shift that balance?

References:

“Beyond the Password: The Future of Account Security,” Lawless Research Report, sponsored by Telesign, 2016.  

Gareth Morgan, “Scientists Mimic Guitar Hero to Create Subliminal Passwords for Coercion-Proof Security” V3.co.uk, 2012.

Max Wolotsky, Mohammad Husain, and Elisha Choe. “Chill-Pass: Using Neuro-Physiological Responses to Chill Music to Defeat Coercion Attacks.” arXiv preprint arXiv:1605.01072 (2016).

Val Van Brocklin, “4 Court Cases on Decryption and the Fifth Amendment,” PoliceOne.com.

Are We Really More Alike Than Unalike? Anchoring Vignettes in Cross-Cultural Survey Research

You are conducting an expansive international public health survey, with an ultimate goal of cross-cultural comparison. You ask your respondents the following question, adapted from a World Health Organization survey:

“Overall in the last 30 days, how much of a problem have you had with energy and vitality??”

The response categories are: None, Mild, Moderate, Severe, and Extreme/Cannot Do.

A 27 year-old woman who comes home fatigued during a particularly hard few weeks at work answers, “Severe.” An 85 year-old woman who can get out of bed in the morning and dress herself with minimal assistance answers, “Mild.” Does the younger woman have more of a problem than the older woman with energy and vitality, or are the two respondents applying differing standards for energy and vitality?

Because of the two women’s ages, you can assume that it is very likely that the two women do not possess the same latent level of “energy and vitality” – the older woman probably has objectively less. In addition, your survey spans different countries, so these two women are not only of different ages, but they come from different cultures.
Classic anthropological as well as clinical studies, suggest that culture influences perceptions of pain. In some countries, similar self-reports of health correlate negatively with objective measures of health (King 2009, Sen 2002). This problem is called differential item functioning (DIF). While it has been studied most extensively in the public health literature, but it poses a problem for political science survey research, too – especially in cross-cultural comparisons of political attitudes (on engagement, efficacy, corruption).

Anchoring vignettes represent one possible solution to DIF. By presenting a set of hypothetical scenarios that correspond to each value of a variable, researchers establish absolute variable thresholds for all respondents. Establishing these thresholds allows for interpersonal comparability across cultures.
Anchoring vignettes rest on the following two assumptions, however:

1. Response consistency: Despite the hypothetical nature of the vignette scenarios, respondents apply the same absolute scale to evaluating the vignette characters as they would to evaluating themselves.

2. Vignette equivalence: Although respondents have differing life experiences, socioeconomic backgrounds, and personalities, they use the same absolute scale to judge the levels of the variables presented in the vignettes (King et al. 2004)

Researchers rarely test the assumptions of response consistency and vignette equivalence, although they do not always hold, especially in cross-cultural survey research.

When they do test them, and the assumptions do not hold, they conclude by questioning the validity of the anchoring vignettes method in correcting for DIF and interpersonal incomparability.

Rather than discount the method all together, however, why not establish, as Kapteyn et al. (2011) suggest, a “systematic experimental approach to the design of anchoring vignettes”?

References
Kapteyn, Arie, et al. “Anchoring Vignettes and Response Consistency.” RAND. (2011).

King, Gary, et al. “Enhancing the Validity and Cross-cultural Comparability of Measurement in Survey Research.” American Political Science Review 98.01 (2004): 191-207.

King, Gary. “The Anchoring Vignettes Website.” 2008-08—25). http://gking. harvard. edu/vign (2009).

Sen, Amartya. 2002. “Health: Perception versus Observation.” BMJ 324:860–861.

The Downstream Effects of Recurring Daily Exposure to Online Emotional Content: A Self-Experiment

Several months ago, I came across a Chrome browser extension developed by Lauren McCarthy, an artist and programmer based in Brooklyn, NY, called the Facebook Mood Manipulator. With a cheeky nod to the Facebook data science team’s 2013 massive-scale emotional contagion experiment, the extension asks you to choose how you’d like to feel — the four options are positive, emotional, aggressive, and open — and filters your feed accordingly through the text and sentiment analysis program Linguistic Inquiry Word Count (LIWC).

It looks like this:                                                          Source. http://lauren-mccarthy.com/moodmanipulator/

I downloaded the extension and reactivated my Facebook account for a week to test it out on my own. The sentiment analysis component is definitely imperfect, perhaps because LIWC is less accurate with shorter bits of text like Facebook status updates and comments than longer excerpts. Nonetheless, I got some interesting results. Setting the manipulator to “positive” promoted a couple of personal status updates about friends and family, but “open” did not change my feed at all. Setting it to “aggressive” once caused my whole feed to go blank, and then to refresh with no change in the initial distribution of posts. The “emotional” filter, however, was particularly strong — it consistently brought some contentious political and social discussion threads to the top of my feed, as well as certain breaking news stories. After about a week of checking my Facebook News Feed daily on the “emotional” setting, I noticed that after logging off, the effects of the “treatment” lingered — I found myself downright concerned about some of the commentary I had come across, and I initiated face-to-face conversations about the news stories I saw posted more often than I typically do. Recurring daily exposure to “emotional” posts thus seemed not only to produce some sort of downstream effect on my mood, but affected my social behavior offline.*

I am wary of drawing any conclusions from this self-experiment — because I knew I was being “studied,” I probably overestimated my responses to the mood manipulator — but nonetheless, assessing my self-report results highlighted the utility of tracking downstream effects in social media experiments. Initial exposure to a disagreeable online political post or a contentious comment thread may trigger an initial emotional response or encourage someone to engage with the online content, for example, but recurring daily exposure to such content may also alter mood, lead people to reconsider opinions, or affect their motivation to engage in more traditional forms of political action,  such as face-to-face deliberation or protest. For political scientists and social psychologists alike, it is these downstream effects on individuals’ attitudes and behavior, rather than individuals’ initial reactions to treatments, that matter most — social science experiments should thus take particular care to capture them.

*Note: I don’t think the “emotional” filter accounts for valence — when it works correctly, it displays both “positive” and “negative” posts. I wish the “positive” and “aggressive” filters had worked properly, so I could test whether repeated exposure to valence-charged posts affected my offline behavior differently than exposure to mixed-valence posts.