The national intelligence services of the United States, the United Kingdom, Australia, Canada, and New Zealand have joined forces to support legislation requiring makers of encryption software to incorporate defects into their products so as to allow surveillance agencies (such as law-enforcement and espionage operations) to seize and decrypt communications between users of the software.
“Statement of Principles on Access to Evidence and Encryption”
Department of Home Affairs, Australian Government, August 29, 2018
The Governments of the Five Eyes encourage information and communications technology service providers to voluntarily establish lawful access solutions to their products and services they operate in our countries. …
Should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions.
Of course, in the United States, any government access to private communications is unlawful, indeed unconstitutional, unless it is supported by a warrant, endorsed by a judge of the relevant jurisdiction, “upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” Unfortunately, in this context, ‘lawful’ is simply a stylistic variant of ‘government’, not referring to any actual law. The threat to resort to system cracking if backdoor entries to encryption systems aren't provided reinforces this obvious indifference to the rights of citizens and subjects.
“Five-Eyes Intelligence Services Choose Surveillance over Security”
Bruce Schneier, Schneier on Security, September 6, 2018
To put it bluntly, this is reckless and shortsighted. I've repeatedly written about why this can't be done technically, and why trying results in insecurity. But there's a greater principle at first: we need to decide, as nations and as society, to put defense first. We need a “defense dominant” strategy for securing the Internet and everything attached to it.
This is important. Our national security depends on the security of our technologies. Demanding that technology companies add backdoors to computers and communication systems puts us all at risk. We need to understand that these systems are too critical to our society and — now that they can affect the world in a direct physical manner — affect our lives and property as well.
Cory Doctorow, Boing Boing, September 5, 2018
It is impossible to overstate how bonkers the idea of sabotaging cryptography is to people who understand information security. If you want to secure your sensitive data either at rest — on your hard drive, in the cloud, on that phone you left on the train last week and never saw again — or on the wire, when you're sending it to your doctor or your bank or to your work colleagues, you have to use good cryptography. Use deliberately compromised cryptography, that has a back door that only the “good guys” are supposed to have the keys to, and you have effectively no security. You might as well skywrite it as encrypt it with pre-broken, sabotaged encryption. …
Cryptography [is] the basis for all trust and security in the 21st century.
Increasing numbers of Internet Service Providers monitor or record all of their customers' interactions and distort them, when possible, by dropping ads onto Web pages and e-mail messages and redirecting some IP addresses. Customers who are concerned about privacy and/or unimpeded communication have begun using virtual private networks — agents that receive service requests from customers and forward them to the designated services, concealing their origin. The VPN receives the results and return them to the customer. All communications between the customer and the VPN are encrypted so that the customer's ISP's recordings of the transactions aren't intelligible and the ISP has no way to modify their content.
This of course means that the customer has to trust the VPN more than the local ISP, since the VPN could play the same kinds of tricks if it chose to do so. A number of VPN service providers have been found to be corrupt in exactly this way.
The mediation is also pointless if the encryption that the VPN uses when interacting with customers can be broken by eavesdroppers. It turns out that many otherwise competent and honest VPNs are using weak cryptosystems with known vulnerabilities, and that many others are using cryptosystems that well-funded state agencies such as the National Security Agency have been able to break since at least 2006, even though stronger alternatives are available.
“NSA Cracked Open Encrypted Networks of Russian Airlines, Al Jazeera, and Other ‘High Potential’ Targets”
Micah Lee, The Intercept, August 15, 2018
The National Security Agency successfully broke the encryption on a number of “high potential” virtual private networks, including those of media organization Al Jazeera, the Iraqi military and internet service organizations, and a number of airline reservation systems, according to a March 2006 NSA document. …
There are many different VPN protocols in use, some of them known to be less secure than others, and each can be configured in ways to make them more or less secure. One, Point-to-Point Tunneling Protocol, “is old and insecure and there are bunch of known security vulnerabilities since forever,” Nadia Heninger, cryptography researcher at the University of Pennsylvania, told me in an email. “I would not at all be shocked if these were being exploited in the wild.”
The NSA also appears to have, at least in some situations, broken the security of another VPN protocol, Internet Protocol Security, or IPSec, according to the Snowden documents published by The Intercept and Der Spiegel in 2014.
“For both TLS and IPsec, there are both secure and insecure ways of configuring these protocols, so they can't really be labeled as blanket ‘secure’ or ‘insecure,’” Heninger explained. “Both protocols offer a zillion configurable options, which is a source of a lot of the published protocol-level vulnerabilities, and there are cipher suites and parameter choices for both protocols that are definitely known to be cryptographically vulnerable.” Still, she was “pretty confident” that there are ways to configure TLS and IPsec that “should resist all known attacks.” …
In 2015, Heninger and a team of 13 other cryptographers published a paper, titled “Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice,” that revealed major weaknesses in the security of several of the internet's most popular protocols. Their paper described a new attack called Logjam and concluded that it was within the resources of a nation-state to use this attack to compromise 66 percent of all IPSec VPNs. “A close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved such a break,” the authors speculated.
The Institute of Electrical and Electronic Engineers has issued a straightforward statement endorsing the use of strong encryption both by governments and by individuals and opposing requirements to insert backdoors into software packages that implement strong encryption.
“In Support of Strong Encryption”
IEEE Board of Directors, IEEE, June 24, 2018
Exceptional access mechanisms would create risks by allowing malicious actors to exploit weakened systems or embedded vulnerabilities for nefarious purposes. Knowing that exceptional access mechanisms exist would allow malicious actors to focus on finding and exploiting them. Centralized key escrow schemes would create the risk that an adversary would have an opportunity to compromise security of all participants, including those who were not specifically targeted. …
Efforts to constrain strong encryption or introduce key escrow schemes into consumer products can have long-term negative effects on the privacy, security, and civil liberties of the citizens so regulated. Encryption is used worldwide, and not all countries or institutions would honour the policy-based protections that exceptional access mechanisms would require. A purpose that one country might consider lawful and in its national interest could be considered by other countries to be illegal or in conflict with their standards and interests.
The Department of Justice has indicted a former aide to the Senate Intelligence Committee, James Wolfe, and several journalists, including Ali Watkins of the New York Times. The indictment is based on inferences from detailed and comprehensive surveillance of Wolfe and Watkins and many of their colleagues and friends, including interception of their telephone communications, e-mail, travel and financial records, and so on.
“Ex-Senate Aide Charged in Leak Case Where Times Reporter's Records Were Seized”
Adam Goldman, Nicholas Fandos, and Katie Benner, The New York Times, June 7, 2018
“Trump's Justice Department Escalates Its Disturbing Crackdown on Leaks by Seizing New York Times Reporter's Phone and Email Records”
Trevor Timm, Freedom of the Press Foundation, June 7, 2018
Some of the exchanges were transmitted through Signal, an application that uses strong end-to-end encryption. The second article speculates that the feds must have acquired these messages by seizing Wolfe's mobile phone and breaking into it.
Some of the bureaucrats in charge of the federal government's efforts to recruit and then punish domestic terrorists have been giving public speeches in which they advocate “responsible encryption.” It seems that encryption is an occasionally effective way for American citizens to protect their rights under the First, Fourth, Fifth, and Sixth Amendments against eavesdropping and unwarranted searches and seizures by government officials and their corporate accomplices. The G-men would prefer us to use only encryption systems that register plaintexts, keys, or both either with service providers or specialized escrow companies that can be relied on to yield our protected information to the authorities whenever they demand it.
A researcher at the Stanford Center for Internet and Society lists the ways in which such escrow systems undermine their users' security:
(A) There will be so many requests from counterterrorism and law-enforcement officials that the organization charged with the responsibilities of escrow will find it difficult to manage and restrict the distribution of their own keys:
The exceptional-access decryption key would have to be accessible by far more people than those currently entrusted with a software update signing key. That puts the key at risk, and also makes it harder to detect inappropriate use of the key. … Increasing frequency of use and the number of people with access unavoidably means increasing the risk of human error (such as carelessly storing or leaking the key) or malfeasance (such as an employee releasing the key to an unauthorized outside party in response to extortion or bribery).
(B) The organization charged with the responsibilities of escrow will find it difficult to reliably distinguish authentic requests for access to escrowed information from requests generated by attackers, particularly since counterterrorism and law-enforcement officials are likely to grow impatient with strict authentication procedures and look for ways to bypass them even when making legitimate requests.
(C) Attackers, knowing that a device uses an escrowed-key encryption mechanism, will seek out vulnerabilities related to the implementation of this mechanism:
The information the attacker obtains from the device could then be sold or otherwise exploited. That is, compromised devices would lead to identity theft, intellectual property misappropriation, industrial espionage, and other economic harms to American individuals and businesses. These are the very harms from which phone manufacturers are presently protecting Americans by strengthening their device encryption in recent years. An exceptional-access mandate would not only hurt U.S. smartphone manufacturers and app makers, it would end up taking a toll on other people and industries as well.
The premise is that end-to-end encryption systems are not subject to these particular vulnerabilities because they do not provide the access mechanisms (and so do not contain the hardware or software support) in which the vulnerabilities would be found.
(D) Users who want to protect their information can apply a second level of encryption, using a different key, before turning it over to the application that escrows its key, or use other techniques (such as steganography) to conceal information. Alternatively, such users can switch to apps made in free countries or develop their own, using free-software libraries that are already widely available. Any of these approaches would render the escrowed-key system pointless.
If the most commonly-used devices or messaging apps are exceptional access-compliant, then not only will the majority of bad actors — the average, unsophisticated criminals — be using weakened encryption, so will the majority of innocent people. By imposing an exceptional-access mandate, law enforcement officials charged with protecting the public would create a world wherein the shrewdest wrongdoers have better security than the innocents they victimize, who, in turn, would by law have worse smartphone and communications security than they do now, leaving them even more vulnerable to those same criminals.
“The Risks of ‘Responsible Encryption’”
Riana Pfefferkorn, Stanford Center for Internet and Society, February 5, 2018