Crypto Wars - A hidden war fought for nearly 30 years

Reading time ~8 minutes

The public are largely unaware of the losing battle security researchers have been fighting against western governments for the last 30 years. Ever since the creation of modern cryptography, western governments have sought to undermine and outlaw its use and distribution. The tactics have ranged from subverting standards, in order to require short keys sizes (GSM[1], DES[2]), banning the export and publication of cryptographic algorithms (PGP [3]), and more recently creating back-doored cryptographic components (DRBG[4]).

All of these actions have had a detrimental impact on the security of individuals. For example, the LogJam attack has its roots in degrading the security of an SSL connection to Export Grade cryptography. Browsers had to support this weak cryptography because it was the only permitted security that could be freely exported. The more recent WannaCry attack was based on a vulnerability discovered and hoarded by the NSA for its own use, which was leaked as a result of a breach of the NSA[5].

Governments have become accustomed to being able to invade the privacy of their populations. Cryptography provides an essential check on this power, it empowers the individual to protect the contents of their communications. That is not say that it provides absolute security. In 2001 Australia successfully passed the Cybercrime Act, giving the government the power to compel individuals to disclose their decryption keys, failure to do so could result in a prison sentence. A similar law was passed in the UK, in the form of the Regulation of Investigatory Powers Act in 2000. Given that the government already has this power, why is it requesting further powers to intercept encrypted communication[6]?

One possible explanation is that the government is not satisfied with the open nature of key disclosure, and wishes to be able to covertly invade privacy. Such power is deeply troubling, and liable to abuse. We have already seen examples of abuse of the power to access meta-data[7], and the Snowden revelations revealed the extent to which western intelligence agencies had abused their power. Those same revelations also gave an insight into the capability of western intelligence agencies to compromise everything from mobile phones, through to smart TVs [8]. Their ability to undertake such actions fundamentally undermines the government’s argument that terrorist communications are inaccessible to them. Those intelligence agencies are more than capable of compromising target devices, and in doing so the encryption keys and messages sent from those devices. However, such actions have onerous warrant requirements and are costly and time consuming to deploy. That isn’t unintentional, the law was written to ensure that the act of invading the privacy of an individual was not an easy or quick task, and that it would only be done where absolutely justified and not on a whim. The proposed changes are an attempt to dismantle these checks and balances, to make the invasion of privacy both quick and easy.

End-to-End encryption

In recent years the use of end-to-end encryption has become commonplace. End-to-end encryption is neither new, nor anything special in cryptographic terms. PGP (Pretty Good Privacy), over which one of the most significant crypto wars battles was fought, is a tool that provides end-to-end encryption over email, it has been around since the early 90’s and is still popular today. The challenge for end-to-end encryption is not a mathematical one, it is in the efficient and secure distribution of keys. Closed systems such as WhatsApp or Signal make key distribution easier, since everyone is using the same protocol and app to communicate with. In more open settings the distribution of keys can be prohibitively difficult, resulting in use of a simpler approach, whereby the communication between each client and the server is encrypted, but not being end points.

This is simpler and more flexible to implement because each client device need only share a single key with the server. However, crucially it requires total trust in the server to protect the privacy of the message.

Unfortunately, trust in those servers proved to be misplaced when it became apparent intelligence agencies had compelled many operators to provide access to the plaintext messages, often in a way in which the operator was not even allowed to disclose the fact that messages were being intercepted. When the extent of this interception was revealed by Snowden there was a significant push back from the public. Suddenly privacy and trust become major differentiators for end-users. The solution to this problem was for the operators to deploy end-to-end encryption. In such setups the message contents is encrypted between the two end-points, i.e between the sender and the receiver. The server still processes the message, but cannot read its contents. This allowed operators to regain trust from end-users, since they couldn’t be compelled to breach their users’ privacy because they themselves did not have access to the messages.

Intelligence agencies could still compel operators to reveal who is communicating with whom, but could not gain access to messages without resorting to the existing key disclosure legislation.

When a backdoor is not a backdoor

The government has been at pains to stress that their recent proposal does not advocate backdoors. So what is a backdoor? In essence a backdoor is a hidden way to gain unauthorised access to a system or encryption scheme. They are particularly controversial because any method that allows unauthorised access could be exploited by criminals as well as authorised government agencies. Furthermore, there is no way to know, or have oversight of, the extent to which the backdoor is being used.

What the government is asking for

The government is asking for something analogous to the technical capability notices proposed by the UK government. These notices are not warrants to intercept, instead they require a service provider to maintain the technical capability to comply with any subsequently issued interception warrant. The problem is that the technical capability notice could require a service provider to maintain the capability to remove any electronic protection of messages. Compliance with this requirement would preclude the use of end-to-end encryption. When debated in the House of Lords this very issue was raised without a satisfactory response being given by the UK government. If we look at comments made to the media, a key target of these capability notices are providers of communication services that utilise end-to-end encryption.

The most likely consequence of these capability notices is that end-to-end encryption will effectively be banned from use by service providers, with them having to revert to older and more insecure client server models. It becomes a matter of semantics as to whether banning the use of end-to-end encryption is equivalent to requiring a backdoor. The end result is the same, private communication becomes more susceptible to both government and criminal interception.

Would banning end-to-end encryption solve the problem

The banning of end-to-end encryption will primarily impact on law abiding citizens, who are the very people intelligence agencies are not supposed to be intercepting. Cryptography, and the mathematics it relies on, are common knowledge, it is too late to close Pandora’s box. Criminals and terrorists could simply switch to utilising alternative communication channels, or apply their own encryption over the top of the service provider. For example, encrypting the message using a

separate app, sending it through the client server architecture, before the receiver decrypts the received, encrypted, message in the same separate app. Whilst such a process would be possible for the public, it would be hugely inconvenient and require considerable effort to setup. For a terrorist it would be a minor inconvenience.

Consequence of the ban

There will be two likely consequences to the changes, firstly, terrorists will modify their operating procedures to counter the new interception capabilities. It will be a minor inconvenience, but will have no lasting impact. The second, and more concerning consequence, is that the general public will be exposed to easier and greater interception. They will be more vulnerable to breaches of service providers by cyber criminals, and overall they will have exchanged a portion of their privacy for almost nothing in return.

The fact that such a damaging policy could even be suggested should concern us all. More worryingly it is justified on the grounds that giving up our liberties and privacy is a reasonable exchange for security. There are two critical flaws to this argument, firstly, it incorrectly assumes we are gaining protection, when in fact we are not. Secondly, and more importantly, the very thing we are fighting to protect from terrorism is our way of life, our freedoms, our values, including our privacy. To even suggest we should sacrifice, to any degree, the very thing we are fighting for is abhorrent.

References

Assistance and Access Bill 2018

Concerns and questions about the proposed Assistance and Access Bill 2018 Continue reading

We need to talk about your data

Published on March 21, 2018

Threshold Crypto Library

Published on October 18, 2016