Don’t mess with encryption, Mr Cameron

After a spectacular election win for the Conservative Party, there is now concern that UK authorities will tamper with encryption. Back in January, on a visit to the US, David Cameron indicated his strong desire for intelligence agencies such as GCHQ, to have the capability to eavesdrop on encrypted communications.

Some have advocated for authorities gaining an encryption backdoor. In software engineering terms, backdoor generally refers to the concept where the software developer deliberately writes into the code a secret method for bypassing protection to provide access to the data. Backdoors are frowned upon in production code due to the maxim that there is no security through obscurity i.e. an unauthorised person will eventually discover the backdoor.

Although UK authorities have not yet specified exactly how they wish to attain access to encrypted data, the focus is not on traditional code backdoors, but on the concept of key escrow. This involves the storage of the key to decrypt the data with an independent party, or segments of the key with separate neutral parties. Intelligence agencies wishing to decrypt a communication would need to obtain the key from these parties, after going through due process such as a court order.

The concept of key escrow is not new, however it was not designed for implementation on a mass scale for this purpose. There are several major downsides.

Firstly, key escrow on a mass scale is not without risk. It introduces new points of failure. Vulnerabilities will be exploited by unauthorised parties. The widespread introduction of mass key escrow to allow intelligence agencies to eavesdrop on encrypted communication would immediately become the focus of intense attack from every major criminal network and state-sponsored attacker around the world. It is inevitable that exploits would emerge, thus weakening communications and putting everyone at risk.

Key escrow was at the heart of the Clipper Chip technology designed by the NSA in the early 1990s. Serious vulnerabilities in this technology led to it’s demise after only three years.

Another drawback of a key escrow system is the relative ease with which it could be circumvented. The bad guys would easily find a way around it to keep their communications confidential. Encryption technology is open source and freely available for download by anyone anywhere in the world. If key escrow is legislated in one country, it is relatively simple for the bad guys to download and subsequently modify an encryption method in order to thwart intelligence agency eavesdropping. A terrorist organisation could grow-their-own encryption methodology for use within their own application. Authorities would then need to ban all encryption methods that do not place their keys in escrow – technically, a monumental task for enforcement.

Even if authorities successfully managed to ban encryption within the country borders, methods are still available for the bad guys to securely communicate. The online world does not lend itself to respecting country borders very well. For example, a foreign terrorist head office wishing to communicate confidentially with a local cell could place an encrypted message on a web page, and then communicate the key and the url through stenography by for example concealing the data within a Facebook photo. Intelligence agencies would not even know that communication had taken place.

On 12 January this year David Cameron said: “The first duty of any government is to keep our country and our people safe”. Citizens and corporations use encryption for security and privacy – to keep communications and data confidential. By weakening encryption such as through a system of key escrow, citizens and corporations will be less secure rather than more secure.

Brighton-based ind.ie have said they intend relocating out of the UK because of increased government interference in this area. Many information security practitioners are concerned that if governments weaken encryption, other tech, ecommerce and finance companies that rely on strong encryption, could follow.

Strong encryption is based on mathematics. Now that mankind has discovered it’s mathematics, no amount of legislation can un-discover it. As veteran information security expert Steve Gibson summarised: “You cannot kill secure crypto – it now exists”.

2 thoughts on “Don’t mess with encryption, Mr Cameron

  1. Thomas May 21, 2015 at 1:37 pm Reply

    This article seems good, but misses some good points:
    Fellow citizens/humans:
    Continue to educate yourself (including myself) before and after you speak. When enough people with certain amount of greed and tyrannical-ego plus fully or partially ignorant people get together, they can cause unintended harm to themselves and to the good fellow humans.

    #1: Do not misunderstand or get yourself confused on 1stt and 4th Amendment.

    4th amendment protects citizens from ill minded/ignorant law enforcement officials, but does not prevents the institution “government” representing the general public (citizens) to protect itself (themselves). The issue of giving the institution “government” the access to encrypted data and communication or not has nothing to do with 4th amendment. 4th Amendments controls law enforcement officers to not search or seize citizens without proper search authority. If a law enforcement officer searches and seizes a citizen without proper search authority, the officer is guilty as a citizen who violates a law. The frustration is that the government officials represent the power of the positions in the institution “government”. When some law enforcement officials violate laws, their personal bias and person interests encourage them to ignore their own violations, and there is may not another nonbiased entity to investigate and prosecute them.

    The incidences of some government official did not use proper legal authority to obtain data and communication may violate 4th Amendment; but this does not mean the institution “government” cannot or do not need to accesses the (encrypted) data when there is a probable cause.
    The main issue at stake is the right of certain Anonymity granted by 1st Amendment for some extremely important reasons. Existing unbreakable encryption probably is the best tool ever invented to provide citizens anonymity as promised in first Amendment. The dilemma is that criminals increasingly utilize encryption to hide themselves while cause harm to others.

    Confront with such dilemma, how can we protect and preserve the anonymity of good people, but deny the anonymity of ill minded/bad/evil people in both the government and general public? This is the challenge we are facing.

    #2: Impropriate actions of some government officials do not mean the institution of government does not need to the appropriate laws.

    People combine the institution of government and the government officials in to one.
    One of the common mistakes is that some people combine the institution of government and the government officials (the actual humans in the seats of government roles) into one. In democratic countries, some citizens dislike the institution “government” due to some bad actions of some government officials. In dictatorship countries, the government officials want to combine the institution “government” and the government officials into one so when citizens go against corrupted government officials, the corrupted government officials protect themselves by punishing the citizens in the name of institution and the misguided citizens would support the corrupted officials. Fellow Humans: Wake up! Do NOT get yourself confused and do not let others confuse you.

    Inappropriate actions of certain existing government officials in the institution of US government does not mean the institution of US government does need to access encrypted data and communication to solve crimes. To best utilize the new frontier technology: the Internet, laws need to be updated to govern human actors in both private sector and public sector.

    People misunderstand the purpose of law
    The purpose of law is to protect the situational-weaker citizens from harmful actors who may be a government official or a private citizen. People come together to form a political system because every person can be the situational-weaker at times. Harmful actors can be a government official or a private citizen.

    In order to feel the need/value of a law such as being able to access encrypted data and communication, and/or to have a mind change, a person, who does not believe the government needs access to encrypted data and communications, may need to be a victim of serious crime and the crime cannot be solved due to government’s inability to access encrypted data and communications.

    #3: CALEA was necessary in the old telephone days. In long term, CALEA is and will be necessary for communication over Internet.

    Granting access to encrypted data and communication is necessary to identifying criminals in related cases and seek justice, and to protect victims-to-be. Protection of privacy and protection from corrupted and ill minded government officials are equally important. In order to catch the harmful actors in private and public sector, online communication technologies and services needs comply with CALEA. Unless the future victims of crimes are willing suffer the loss of not able find the perpetrator due to inability to decrypted communication to investigate and to prove a crime.

    #4: Some people over valued the encryption on democratizing dictatorship countries by protecting the identity of political activists’ data and communication.

    There may be some value, but not much. One reason is that in dictatorship countries, the government officials have total/extensive control of their social-economic-political system. To find examples, just search for recent news to see how not fully democratic countries control their portion of the Internet. Dictators have the power to tighten grip even more if they feel threatened. In addition, a properly designed encryption framework still can provide methods and means for activists in depressed countries to hides themselves using encryption technology in democratic countries. So there is no value loss here compare to current situation.

    #5: It is true that giving government access to encrypted data and communication will not prevent or solve all the terrorist and criminal related problems. But giving government access to encrypted data and communications will allow law enforcement to find criminal hiding themselves using encryption. The best two places that criminals can hide themselves at current time are 1. A place in the physical world where there is no witness is around but the victim. 2. behind encryption in combination with other imperfections of current political/financial/social/technological systems.

    #6: Previous failure does not mean we as a society, we do not come together to solve the challenge of our time.
    Some people use Clipper Chip’s failure to say: “remember how government failed on the Clipper Chip project, do not the them do it. They will fail again”. Again, the failure of Clipper Chips is the failure of the government officials who were representing the institution of government of the time. Even though the current government official may fail this time, we still need to try to strengthen the institution. “Learning by trial of error” is unfortunate part of life on individual level as well as group level. The best outcome would be, like George Washington said: “Let raise to a standard in which the wise and honest can repair”.

    #7: The two statements: “the genie is out of the bottle with respect to encryption, we cannot stop criminals from using it” and “When encryption is outlawed, only outlaws will have encryption” both are only partially correct and miss the point on what needs to be done safeguard the society on usage of encryption responsibly.

    Encryption algorithms are not genies. Each specific instance of encryption application is a genie. Like a genie that needs environment/medium/infrastructure to survive and conduct itself.

    The same goes with a specific instance of encryption application. The encryption algorithms + computer devices +network infrastructure makes up the environment/medium/infrastructure for the actual encryption applications.

    If we allow increasingly more or all instances of encryption application to be unbreakable (have absolute anonymity), while we can enjoy the absolute anonymity, so does the criminals. A civil society cannot stay civil if criminals are provided safe haven. This is just human nature. The increasing use of unbreakable encryption is creating such safe haven for criminals.

    To remove the safe haven from encryption savvy criminal, we need to compromise our absolute anonymity, but preserve our full constitutional anonymity.
    Criminal generally use encryption to do two things: 1. Hide them-selves when they harm a victim. 2. Hide them-selves when they communicate to each other.

    If we eliminate the environment/medium/infrastructure for absolute anonymity, and remove genies with absolute anonymity; Criminal cannot hide themselves when they use the good genies. Criminals cannot hide themselves when they harm the good people through use of encryption. Of course, they may be able to develop their own “genie” use absolute anonymity when communicating among themselves, but their genie still need to traverse through the environment/medium/infrastructure where there is no absolution anonymity, hence can expose themselves.

    By implementing encryption infrastructure properly, we can protect our data and communication from criminals and unauthorized access as specified in our constitution.

    #8: There many ways to implement the solution do not claim problems without supporting facts; and do not use the ways does not work to stop humanity from finding a solution.

  2. Sheogorath May 25, 2015 at 11:29 pm Reply

    Please pass this on to everyone: I’m from the future, 2025 to be exact. Eight years ago, David Cameron got his Law Enforcement Cryptography Key Act passed and everyone thought he would die in power. Now Amelia Womack of the Green Party is in No. 10 after a disaster that made many people say, “No more of the same.”
    What happened was this: about three years ago, cybercriminals hacked into GCHQ’s servers and managed to copy the keys for the MOD’s network, then instead of informing anyone in government or publishing the keys online to get the security hole closed like Anonymous would have before they were forced to cease collective activities, these guys sold the keys to the highest bidder on the darknet. Because the cybercriminals left no trace of their attack and were incredibly tight-lipped about their plans, most people never got wind of this until the murders of several high-ranking military personnel and attacks on placements by Daesh (ISIS/ISIL you call them) only yesterday (Thursday 29/05/2025).
    Please, tell everyone like I asked. I know I’m probably breaking the laws of nature by creating one hell of a time paradox, but I honestly don’t give a shit at this point. If the army and that can be successfully attacked, what’s gonna happen to us ordinary citizens who can’t fight back because of most decent weapon-like objects having been made illegal?
    Sheogorath.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: