The US Department of Justice (DOJ), together with government representatives from six other countries, has recently re-ignited the perennial Battle to Break Encryption.
Last weekend, the DOJ put out a press release co-signed by the governments of the UK, Australia, New Zealand, Canada, India and Japan, entitled International Statement: End-To-End Encryption and Public Safety.
You might not have seen the press release (it was put out on Sunday, an unusual day for news releases in the West), but you can almost certainly guess what it says.
Two things, mainly: “think of the children,” and “something needs to be done”.
If you’re a regular reader of Naked Security, you’ll be familiar with the long-running tension that exists in many countries over the use of encryption.
Very often, one part of the public service – the data protection regulator, for instance – will be tasked with encouraging companies to adopt strong encryption in order to protect their customers, guard our privacy, and make life harder for cybercriminals.
Indeed, without strong encryption, technologies that we have come to rely upon, such as e-commerce and teleconferencing, would be unsafe and unusable.
Criminals would be trivially able to hijack financial transactions, for example, and hostile countries would be able to eavesdrop on our business and run off with our trade secrets at will.
Even worse, without a cryptographic property known as “forward secrecy”, determined adversaries can intercept your communications today, even if they aren’t crackable now, and realistically hope to crack them in the future.
Without forward secrecy, a later compromise of your master encryption key might grant the attackers instant retrospective access to their stash of scrambled documents, allowing them to rewind the clock and decrypt old communications at will.
So, modern encryption schemes don’t just encrypt network traffic with your long-term encryption keys, but add in what are known as ephemeral keys into the mix – one-time encryption secrets for each communication session that are discarded after use.
The theory is that if you didn’t decrypt the communication at the time it was sent, you won’t be able to go back and do so later on.
Unfortunately, forward secrecy still isn’t as widely supported by websites, or as widely enforced, as you might expect. Many servers still accept connections that reuse long-term encryption keys, presumably because a significant minority of their visitors are using old browsers that don’t support forward secrecy, or don’t ask to use it.
Similarly, we increasingly rely upon what is known as “end-to-end encryption”, where data is encrypted for the sole use of its final recipient and is only ever passed along its journey in a fully scrambled and tamper-proof form.
Even if the message is created by a proprietary app that sends it through a specific provider’s cloud service, the company that operates the service doesn’t get the decryption key for the message.
That means that the service provider can’t decrypt the message as it passes through their servers, or if it is stored there for later – not for their own reasons; not if they’re told to; and not even if you yourself beg them to recover it for you because you’ve lost the original copy.
Without end-to-end encryption, a determined adversary could eavesdrop on your messages by doing the digital equivalent of steaming them open along the way, copying the contents, and then resealing them in an identical-looking envelope before passing them along the line.
They’d still be encrypted when they got to you, but you wouldn’t be sure whether they’d been decrypted and re-encrypted along the way.
The other side of the coin
At the same time, another part of the government will be arguing that strong encryption plays into the hands of terrorists and criminals – especially child abusers – because, well, because strong encryption is too strong, and gets in the way even of reasonable, lawful, court-approved surveillance and evidence collection.
As a result, justice departments, law enforcement agencies and politicians often come out swinging, demanding that we switch to encryption systems that are weak enough that they can crack into the communications and the stored data of cybercriminals if they really need to.
After all, if crooks and terrorists can communicate and exchange data in a way that is essentially uncrackable, say law enforcers, how will we ever be able to get enough evidence to investigate criminals and convict them after something bad has taken place?
Even worse, we won’t be able to collect enough proactive evidence – intelligence, in the jargon – to stop criminals while they are still at the conspiracy stage, and therefore crimes will become easier and easier to plan, and harder and harder to prevent.
These are, of course, reasonable concerns, and can’t simply be dismissed out of hand.
As the DOJ press release puts it:
[T]here is increasing consensus across governments and international institutions that action must be taken: while encryption is vital and privacy and cyber security must be protected, that should not come at the expense of wholly precluding law enforcement, and the tech industry itself, from being able to act against the most serious illegal content and activity online.
After all, in countries such as the UK and the US, the criminal justice system is largely based on an adversarial process that starts with the presumption of a defendant’s innocence, and convictions depend not merely on evidence that is credible and highly likely to be correct, but on being sure “beyond reasonable doubt”.
But how can you come up with the required level of proof if criminals can routinely and easily hide the evidence in plain sight, and laugh in the face of court warrants that allow that evidence to be seized and searched?
How can you ever establish that X said Y to Z, or that A planned to meet B at C, if every popular messaging system implements end-to-end encryption, so that service providers simply cannot intercept or decode any messages, even if a court warrant issued in a scrupulously fair way demands them to do so?
Meet in the middle?
We can’t weaken our current encryption systems if we want to stay ahead of cybercriminals and nation-state enemies; in fact, we need to keep strengthening and improving the encryption we have, because (as cryptographers like to say), “attacks only ever get better.”
But we’re also told that we need to weaken our encryption systems if we want to be able to detect and prevent the criminals and nation-state enemies in our midst.
The dilemma here should be obvious: if we weaken our encryption systems on purpose to make it easier and easier to catch someone, we simultaneously make it easier and easier for anyone to prey successfully on everyone.
O, what a tangled web we weave!
There’s an additional issue here caused by the fact that “uncrackable” end-to-end encryption is now freely available to anyone who cares to use it – for example, in the form of globally available open source software. Therefore, compelling law-abiding citizens to use weakened encryption would make things even better for the crooks, who are not law-abiding citizens in the first place and are unlikely to comply with any “weak crypto” laws anyway.
What to do?
Governments typically propose a range of systems to “solve” the strong encryption problem, such as:
- Master keys that will unlock any message. The master keys would be kept secret and their use guarded by a strict legal process of warrants. In an emergency, the judiciary could access a specific message and reveal only that message to investigators.
- Sneakily engineered encryption flaws. If covertly designed in from the start, these would be known to the intelligence services but unlikely to be found or exploited from first principles by cryptographic researchers. In an emergency, this might give the state a fighting chance of cracking specific vital messages, while leaving the rest of us without enough computing power to make much headway against each other.
- Message escrow with a trusted third party. Every message that’s end-to-end encrypted would effectively be sent twice: once to the intended recipient, and once to a trusted store where it would be kept for a defined period in case of a search warrant.
- Interception triggers built into end-user apps. The apps at each end of an end-to-end encrypted message must, of necessity, have access to the unencrypted data, either to encrypt it in the first place or to decrypt it for display. By special command, the app could be forced to intercept individual messages and send them to an escrow system.
The problem with all these solutions is that they can all be considered variations on the “master key” theme.
Endpoint interception only when it’s needed is just a specialised, once-in-a-while case of general message escrow; message escrow is just a specialised case of a master key; and a deliberate cryptographic flaw is just a complicated sort of master key wrapped up in the algorithm itself.
They all open up a glaring threat, namely, “What happens when the Bad Guys uncover the secrets behind the message cracking system?”
Simply put: how on earth do you keep the master key safe, and how do you decide who gets to use it anyway?
The DOJ seems to think that it can find a Holy Grail for lawful interception, or at least expects the private sector to come up with one:
We challenge the assertion that public safety cannot be protected without compromising privacy or cyber security. We strongly believe that approaches protecting each of these important values are possible and strive to work with industry to collaborate on mutually agreeable solutions.
We’d love to think that this is possible, but – in case you were wondering – we’re sticking to what we call our #nobackdoors principles:
[At Sophos,] our ethos and development practices prohibit “backdoors” or any other means of compromising the strength of any of our products – network, endpoint or cloud security – for any purpose, and we vigorously oppose any law that would compel Sophos (or any other technology supplier) to intentionally weaken the security of its products.
Where you do stand in this perennial debate?
Have your say in the comments below. (If you omit your name, you will default to being “Anonymous”.)
41 comments on “US Department of Justice reignites the Battle to Break Encryption”
I do infosec at a financial company.
If strong encryption is banned, I would promote a mass walk off of IT/Infosec as a protest. Since they will directly be putting IT (and many more) jobs into failure mode.
Financial crime would become so large scale that banks will fail, LE will have so many criminal cases they won’t be able to resolve anything.
You would never be able to trust using a credit card again, or any digital transaction.
Remote access workers won’t be.
When uninformed/arrogant people make IT decisions,,, we’ve all seen it in the past,,,
Now governments want to make stupidity mandatory.
Well,,, I guess it guarantees cash will stay, and digital currencies will fail,,,, so maybe it’s not all bad lol
To be fair, the DOJ is not actually saying, “Strong crypto should be banned.” (The US had a bunch of strict export regulations on strong crypto until the start of the 21st century – it didn’t work out well, so you have to hope that was a lesson learned. It ended up hurting the US software industry, and leaving software products littered with a bunch of weak crypto code that took years to get rid of even after the regulations were lifted.)
I’m not quite sure what they are saying, though 🙁
To me, it’s like they’re saying, “we still want you to have strong encryption, but we want to access it if we need to,” which I honestly don’t know how I feel about. That is a slippery slope. ☹️
I always love the “Make sure your network traffic and data is always encrypted, wait don’t do that because we need to see the data and traffic to ensure there is nothing criminal being done” attitude of the government.
The way I see it, the government wants everything strongly encrypted except for social media, messaging, phone calls and messages, phones, computers, and everything else because they need to snoop, I mean ensure there is no evidence of something illegal.
“They all open up a glaring threat…”
There is another problem though: how can you be sure that everyone will use the systems with a master key?
It is most likely that the vast majority of people will be subject to the potential of having their messages decrypted for “the greater good”. If this defeats some crime then it will be short-lived and only catch those who are not tech-savy. Those who really don’t want to have their messages decrypted, whether they be criminals or state actors, will simple layer on additional encryption, or use bespoke applications that do not have a “master key” – or simply communicate off-grid.
I alluded to that in the article (second sidebar, just above “What to do?”). Law-abiding citizens who comply with “weak crypto” regulations will not only be at more risk of compromise than crooks who don’t, they’ll be at risk *from* those self-same crooks, because they’re the same people who can be most expected to abuse those master keys when the inevitable data spillage happens and the master keys can be purchased on the Dark Web for $5 a thousand.
I think of it as a situation that’s best described as “heads they win, tails we lose,” where they refers to the crooks.
I would dare to suggest that your question “how can we be sure everyone will used the master-keyed systems?” would better be phrased as “we can be jolly sure that the crooks are not going to use them”.
they (the 5 eyes “spooks”) are idiots. or at least, their political masters are.
the “bad guys” have enough money to buy/develop their own “uncrackable” end to end encryption tools.
the result would be the “honest” people would be put at risk (as mentioned in the article) and the bad guys continue with business as usual.
They don’t need money. There’s already plenty of open source software that will do the trick, and no regulatory djiin is going to be able to stuff all that code back into Pandora’s box (if you will pardon my mixed metaphor).
Let the U.S Congress know you oppose the act and sign petition that “Fighting For The Future”, a group of American online activists, who in their words :
“Are a group of artists, engineers, activists, and technologists who have been behind the largest online protests in human history, channeling Internet outrage into political power to win public interest victories previously thought to be impossible. We fight for a future where technology liberates — not oppresses — us.”
are gathering signatories globally.
This isn’t quite the same thing. To me, the spirit and tone of the DOJ’s release feels rather different from the EARN IT bill. TBH, I sympathise strongly with the DOJ’s plight… and I get the metaphor that sometimes you can strengthen some aspects of a system by weakening other parts of it (shear-off bolts that snap first under excess load to control certain sorts of failure better; crumple zones in automobiles; and so on) but I just don’t think that sort of approach can work where cryprography is concerned. (And if anyone is a passed master at metaphors that don’t work, it is I.)
Government: always coming up with dumber and dumber ideas. Everyone is better off if government has less ability to unconstitutionally search and seize, yet they want more.
Actually, there’s no suggestion in the DOJ’s press release about weakening the Fourth Amendment.
They wouldn’t admit it, but they would unconstitutional searches anyway. You’ve probably already read the reports and news articles about the many thousands of unauthorized communication searches that have occurred under the USA PATRIOT Act in the name of keeping every American safe from terrorists.
This argument is focused on American elements, but I’m sure it would be the same story with any government that wanted more power over surveillance. It’s always just a matter of time before protective Big Brother becomes abusive Big Brother. In the case of holding secret keys, when the keys become leaked, they would become forgetful Big Brother or incompetent Big Brother. You might get an eloquent “oops” or other half-hearted apology, but no real restitution will be forthcoming, once an innocent citizen’s precious secrets are exposed. And the leaks just seem to come so fast now….
The problem is secrecy. For untold years, governments had the technological advantages to tap communications lines, surreptitiously install interception equipment while most communications were in cleartext. Progress was being made but Snowden turned that upside down and accelerated the encryption of even mundane communication. Since government chose not to cooperate with the technology industry since the 1990s and go their own way with secret methods, _now_ they complain their methods are foiled. Let’s start by building trust and maybe there is some solution possible other than “we give up, now help us”
I hear you, but I think that there are at least a few things we can point to where “the government” has been pretty open and co-operative. AES? Tor? The post-quantum crypto project?
Yes, it depends on what you mean by “the government.” AES? (NIST). Tor? (NRL/DARPA). Even within the NSA there are teams that protect (Information Assurance) and attack (Tailored Oprations)…
In this context, when I say “the government”, I mean “the public service”, which certainly (in my book, anyway) includes NIST, NRL/DARPA, NSA, FTC and so on.
Given the nature of this topic, if I had meant “government” in the strict sense of the legislature I’d probably have said “legislature” or “parliament” (or “Congress” if I wanted to be US specific).
‘ Let’s start by building trust and maybe there is some solution possible other than “we give up, now help us”’
Yes. Keyword there, “trust”. There is no security without trust….
Criminal groups and governments already use “illegal” software and methods. Passing any laws that weaken encryption are not going to affect how they operate in the least. They write their own code and create their own apps. They have been using end to end encryption for over a decade to set up their attacks. No law is going to change that, it will just leave the victims with even less defense.
Encryption should not be weakened. It becomes a two-edged sword, as while the good guy can use it to access our private data, the bad guys can too. There’s no such thing as “responsible encryption”, as that would compromise VPNS and teleconferencing. The governments in question also use encryption, so they’d be vulnerable. They don’t think about this fact. Encryption is all or nothing. They can’t have their cake and eat it too. It can’t be done. I have a degree in IT, and I refuse to enter that field because of this.
Where I stand is simple. No back doors.
1. The feds were handed a gold plated heads up on the marathon bombers and ignored it. All the back doors in the world wouldn’t fix that.
2. How were crimes prevented and solved before? Informants, infiltration and so forth. In other words, hard work. Now they basically want to kick back relax and make copies of all communications and they claim that will work. I think it’s garbage.
3. Freedom. In the US the 4th Amendment says it is not citizens who must be transparent to government at the drop of a hat, but government which must be transparent to citizens. They are trying to turn things upside down. I’m not willing to accept totalitarianism to get safety.
4. Anything that can be abused, will. This is the government that brought us MK Ultra and heaven only knows what else. “Just trust me, I’m not like the others” rings hollow.
5. Even if you could trust them it’s just a matter of time before a spy from some other country gets access to the keys.
No back doors.
Data stored from weakened encryption systems is unlikely to be accessed and used exclusively by benevolent governments. A benevolent government today may not be so tomorrow. In fact a benevolent government today cannot guarantee that its public servants are also benevolent.
Windows updates are cryptographically signed, right? and it would be pretty catastrophic if the key were to be revealed, right? Therefore Microsoft are fairly good at keeping those keys secret.
So a master key system seems feasible to me. What are your main counter-arguments?
I get your point, but I think the comparison falls down in two ways: Microsoft’s private keys for signing its own programs aren’t directly responsible for encryption and decryption (secrecy/confidentiality); and even if they were, they wouldn’t allow Microsoft or anyone the company decides to trust with those keys any direct cryptographic power to read or to fake communications made by everyone else, in all cases, by force of law.
It’s also directly and seriously in Microsoft’s commercial interest to look after those signing keys with great care – they aren’t universal keys, they are basically part of Microsoft’s intellectual property and therefore of its commercial value.
In short, Microsoft’s code signing keys aren’t really a “master key” situation for bulk decryption on demand, as various governments have envisaged “master keys” in the past.
When you’re talking about having centralised keys not just to the castle but to the entire kingdom and all its dominions, at all times and in all places, for now and forever…
…then it’s no longer just the most outspoken sort of libertarian who should be asking the question, “Is that really such a good idea?”
These guys (the government) want to be GOD !!! This is very funny ! Lol !!!
There’s an underlying premise here that the Government is both entitled to collect–and capable of collecting–any communications where they can show a judge there’s probable cause evidence of a crime exists. (There are also the National Security cases and laws, but the principal is the same.)
But this is not true. People have ALWAYS been able to communicate in ways that the government can’t eavesdrop and they always will have the means to do so. Conspirators have only to be very careful to avoid opportunities for the gov’t to record their conversations. (Loud background noise, soft voices, no phones/emails, rotating locations, coded language, etc.)
The issue is that eavesdropping on electronic and/or telephonic communications can make investigations just. so. damned. EASY. Law Enforcement does not want to lose such an efficient way to gather evidence. But being unable to intercept communications does not preclude investigations and convictions. In my 25 years as a US Federal Law Enforcement Officer, most of the evidence I used to put people behind bars had nothing to do with interception of communications. Truth be told, for the few cases where I did use IOC, the hurdles to be allowed to collect were significant. (From a Libertarian/citizen point of view, that’s wonderful. From a worker-bee/cop point of view, it sometimes seemed to just be an unnecessary burden.)
To be sure, there are cases that would be very difficult (perhaps impossible) to make without IOC. But there are also thousands of violent crime cases that have proven to be impossible to make because we don’t have a global DNA database. I look at that as a similar, undesirable invasion of privacy. It’s a double-edged sword. And not a new one. We can convict more people, easier if we just give up some freedoms; with the converse being true: if we retain [more of] our freedoms, there will be some people who are able to avoid justice.
I’m willing to accept that it will be harder to convict some, than to give up any more of our rights.
These issues are just too complex for any one person to really wrap their head around without serious injury. Independent IT contractors (like me) have learned to do their research into finding reliable companies that can fill security voids for us. Stuxnet showed me that going ‘all in’ on security is the only to go and (here comes the commercial) the products from this company continue to impress me. This forum also continues to impress me. Stick to your guns Sophos and thanks from an ‘Old Fart’ IT guy (over 40 years working with/on computers and systems) that’s right I said 40 years and that doesn’t include the Altair and Cosmac years.
Cosmac! Did you have an ELF or a VIP?
8-bit arithmetic and 12 bits (4KB) of address space.
If today’s government thinks about chasing potential terrorists and pedo-criminals by weakened the encryption tools that people can use, who is going to become their target tomorrow? Political activists? Ecologists? Journalists? You must be extra very careful when you plan to give your keys to an entity who’s agenda can radically change over time.
Just as importantly, if we’re all using weakened encryption, who else is going to be targeting us tomorrow? The crooks must be rubbbing their hands with glee at the thought of cybercrime becoming easier to *commit* under the guise of making it easier to *investigate*. You can just imagine the race-to-the-bottom that might cause: “Weakening encryption has helped us catch more criminals, but it has also increased the number of people who are getting into cybercrime in the first place by making it easier, which means more investigations are needed, so we need to weaken encryption a bit more to catch up again.” (I am being facetious here… but possibly only just.)
I leave in a country (Switzerland) where the government once stated “use whatever encryption scheme you want with whatever algorithm you want, and use whatever key size you want” more than 20 years ago.
The reason was that they don’t want to spend multi-billions just for the pleasure to be like the multiple eyes who want to peek over our shoulders… and it was better for the Swiss banking system, of course.
I much prefer this way than the others, of course…
Crypto AG was Swiss.
No matter where you’re or what company or country or political preferences (communism, capitalism, socialism, democracy, nationalism, dictatorship, …) , intelligence agencies will have their hands on 🙁
Brett Markham nailed it, esp. #2.
am I missing something here? why would this be any different from anything else? in my view it should happen something like this.
1) I encrypt whatever data I want, and share it with whoever I want
2) IF law enforcement wants to look at it, they need to go to a judge and provide proof that they have the right to look at it.
3) the Judge (for whatever reason) decides Johnny Law should be able to look at this data and serves ME a search warrant.
at this point I have 2 choices I can either comply with the warrant or not. Just like everything else if I decide not to comply there is consequences for this action. If I do comply, then obviously I turn over the keys.
something like my (pretend) dooms day bunker. Law enforcement might want to look in there, heck they might even get a judge to tell them they can look in there. But if i have secured it well enough they will have no ability to get in there. I would then have a warrant put out for my arrest, and would have to answer to why I do not want them in.
In short, I do not think we need new laws to address this, we need to better adapt existing laws.
Some countries are doing just that, though for a genuine crook hiding evidence of truly dire crimes, not complying with the warrant may still offer a judicial short-cut of sorts.
In some jurisdictions, if you fail to decrypt your data (which need not be the same as revealing your password) when required by law, and the court decides that you have no reasonable excuse – e.g. the jury is sure that you are lying when you say you “forgot” the password, perhaps because you were shown to have accessed the account long after the time you claim you last “knew” the password – you may be guilty of an offence.
This is analogous to the law saying that if you refuse to provide a specimen of breath when lawfully required to do so following a drink-driving stop, you can be charged with “failing to provide a specimen of breath when lawfully required to do so”. And guess what? The penalties are about the same as failing the breath test. (Otherwise, who would ever agree to breathe?)
Unlike drinking and driving, however, the maximum penalties for refusing to decrypt are AFAIK typically much lower than the maximum penalties for the sort of crimes that generally lead to “must decrypt” orders. So a crook who knows they’ll get a life sentence for murder if the disk is decrypted, but two years for disrupting the course of justice if it isn’t, might gamble on the “password slipped my mind” defence. If the jury buys it, they get off; if the jury doesn’t, they are out in two years (though they have to hope the data stays encrypted for the rest of their lifetime).
My understanding is that because the alleged data on the disk is not considered “your testimony”, but is objective evidence just like a written letter or a credit card slip, rules about avoiding self-incrimination (e.g. that you cannot be compelled to be a witness at your own trial) do not apply. (In the US, I guess this is like saying that the Fourth Amendment is in play, not the First.)
it doesn’t make sense. The utopia ecosystem has already squeezed out some users. In this battle, the utopia ecosystem will win.
The defining principles and drive of law enforcement are control and regulation.
What cannot be controlled and regulated must be attacked and brought under control and be regulated.
Any area marked and protected by signs saying: “Personal freedom, protected in this area” is seen as a barrier that must be breached.
It has always seemed to me that the reasons given were more of device to breach the privacy of the individual and the problems listed only an excuse to affect this invasion.
Recent events and actions in China have made it clear that you cannot trust governments, and that in the digital age strong encryption is the last fortress of personal freedom
Awkward as it is, I must begin with a question: In what capacity does anyone, any entity, singular or plural, business or government expect to do with, use in any beneficially tangible way, the bloat caught from ALL global communications being vacuumed up, down to the last sound and syntax, which the politicians love to call “intelligence,” in a net supposedly owned by the taxpayer? Surely somewhere someone down the line has seen soap operas therefore are aware that 94.7% of human interaction is worthless; at least from a national security standpoint. It is pathetic to think, and I love the US constitution and the country based upon it, my government considers it essential to maintain 18 acres of underground mainframes hoping the keywords bomb, shotgun, and killer appear being used simultaneously by one person; suffice it to say the middle-aged gal that said those words was a repeat survivor of the natural onslaught the Gulf Coast has had to reckon with, describing a few fine marijuana strains she grows for sell, legally, to our upstanding representatives in Washington DC to make ends meet. Glad we chose not to deploy the A 10 Warthog with a bunker buster. We need the Police and any fool stating, via serenade or riot, otherwise is as bright as a burnt out light bulb. Anyone even slightly acquainted with Eric Blair can work up this simple algorithm: if you can’t keep a closet clean what pray tell gives you the idea you can clean something larger? Or how about someone in the metal salvage industry. Picture a giant scoop lifting everything into its gaping maw. Until they understand a magnet, it’s certain the most valuable stock they own, the stainless steel, the aluminum, copper, and brass, the silver and gold will be sold at scrap price. He wouldn’t, no he couldn’t remain solvent. And if the trend of gathering all the worldly trash continues no government will be either and every last tax paying(because the crooks are bright enough to understand this) citizen will be a sorter.
Reinforce it further.
Make heavy security measures anywhere it is reasonably possible/performance viable.
Start work on Quantum Encryption schema to futureproof systems. Start ramping up bugfinding and encourage more complex attack pathways.
There’s a so-called “post-quantum cryptography” project already (PQC) that’s taking a frank and open look at how crypto might look if quantum computing ever delivers on the parallel crypto-cracking capaibilities it claims.
It’s run by the US government :-)