Page Body

Page Main

Post Main

Post Article

Statement of Principles on Access to Evidence and Encryption

Linked by Paul Ciano on September 10, 2018

Bruce Schneier:

To put it bluntly, this is reckless and shortsighted. I’ve repeatedly written (PDF) about why this can’t be done technically, and why trying results in insecurity.

…we need to decide, as nations and as a society, to put defense first. We need a “defense dominant” strategy for securing the Internet and everything attached to it.

This is important. Our national security depends on the security of our technologies. Demanding that technology companies add backdoors to computers and communications systems puts us all at risk. We need to understand that these systems are too critical to our society and – now that they can affect the world in a direct physical manner – affect our lives and property as well.

We need to have this debate at the level of national security. Putting spy agencies in charge of this trade-off is wrong, and will result in bad decisions.

Cory Doctorow:

…working crypto isn’t just how we stay private from governments (though god knows all five of the Five Eyes have, in very recent times, proven themselves to be catastrophically unsuited to collect, analyze and act on all of our private and most intimate conversations). It’s how we make sure that no one can break into the data from our voting machines, or push lethal fake firmware updates to our pacemakers, or steal all the money from all of the banks, or steal all of the kompromat on all 22,000,000 US military and government employees and contractors who’ve sought security clearance.

Also, this is bullshit.

Because it won’t work.

It’s impossible to overstate how bonkers the idea of sabotaging cryptography is to people who understand information security. If you want to secure your sensitive data either at rest – on your hard drive, in the cloud, on that phone you left on the train last week and never saw again – or on the wire, when you’re sending it to your doctor or your bank or to your work colleagues, you have to use good cryptography. Use deliberately compromised cryptography, that has a back door that only the “good guys” are supposed to have the keys to, and you have effectively no security. You might as well skywrite it as encrypt it with pre-broken, sabotaged encryption.

What these leaders think they’re saying is, “We will command all the software creators we can reach to introduce back-doors into their tools for us.” There are enormous problems with this: there’s no back door that only lets good guys go through it.

For this proposal to work, they will need to stop Britons, Canadians, Americans, Kiwis and Australians from installing software that comes from software creators who are out of their jurisdiction. The very best in secure communications are already free/open source projects, maintained by thousands of independent programmers around the world. They are widely available, and thanks to things like cryptographic signing, it is possible to download these packages from any server in the world (not just big ones like GitHub) and verify, with a very high degree of confidence, that the software you’ve downloaded hasn’t been tampered with.

…GNU/Linux variants, BSD and other unixes, macOS, and all the non-mobile versions of Windows. All of these operating systems are already designed to allow users to execute any code they want to run. The commercial operators – Apple and Microsoft – might conceivably be compelled by Parliament to change their operating systems to block secure software in the future, but that doesn’t do anything to stop people from using all the PCs now in existence to run code that the PM wants to ban.

More difficult is the world of free/open operating systems like GNU/Linux and BSD. These operating systems are the gold standard for servers, and widely used on desktop computers (especially by the engineers and administrators who run the nation’s IT). There is no legal or technical mechanism by which code that is designed to be modified by its users can co-exist with a rule that says that code must treat its users as adversaries and seek to prevent them from running prohibited code.

If any commodity PC or jailbroken phone can run any of the world’s most popular communications applications, then “bad guys” will just use them. Jailbreaking an OS isn’t hard. Downloading an app isn’t hard. Stopping people from running code they want to run is…and what’s more, it puts every 5 Eyes nation, individuals and industry, in terrible jeopardy.

That’s a technical argument, and it’s a good one, but you don’t have to be a cryptographer to understand the second problem with back doors: the security services are really bad at overseeing their own behaviour.

Once these same people have a back door that gives them access to everything that encryption protects, from the digital locks on your home or office to the information needed to clean out your bank account or read all your email, there will be lots more people who’ll want to subvert the vast cohort that is authorised to use the back door, and the incentives for betraying our trust will be much more lavish than anything a tabloid reporter could afford.

If you want a preview of what a back door looks like, just look at the US Transportation Security Administration’s “master keys” for the locks on our luggage. Since 2003, the TSA has required all locked baggage traveling within, or transiting through, the USA to be equipped with Travelsentry locks, which have been designed to allow anyone with a widely held master key to open them.

What happened after Travelsentry went into effect? Stuff started going missing from bags. Lots and lots of stuff.

Making it possible for the state to open your locks in secret means that anyone who works for the state, or anyone who can bribe or coerce anyone who works for the state, can have the run of your life. Cryptographic locks don’t just protect our mundane communications: cryptography is the reason why thieves can’t impersonate your fob to your car’s keyless ignition system; it’s the reason you can bank online; and it’s the basis for all trust and security in the 21st century.

In her Dimbleby lecture, Martha Lane Fox recalled Aaron Swartz’s words: “It’s not OK not to understand the internet anymore.” That goes double for cryptography: any politician caught spouting off about back doors is unfit for office anywhere but Hogwarts, which is also the only educational institution whose computer science department believes in “golden keys” that only let the right sort of people break your encryption.

In distinct, but related, news via Danny O’Brien at the EFF:

…the latest challenge to our collective security comes not from Facebook or Google or Russian hackers or Cambridge Analytica: it comes from the Australian government. Their new proposed “Access and Assistance” bill would require the operators of all of that technology to comply with broad and secret government orders, free from liability, and hidden from independent oversight. Software could be rewritten to spy on end-users; websites re-engineered to deliver spyware. Our technology would have to serve two masters: their customers, and what a broad array of Australian government departments decides are the “interests of Australia’s national security.” Australia would not be the last to demand these powers: a long line of countries are waiting to demand the same kind of “assistance.”

In fact, Australia is not the first nation to think of granting itself such powers, even in the West. In 2016, the British government took advantage of the country’s political chaos at the time to push through, largely untouched, the first post-Snowden law that expanded, not contracted, Western domestic spying powers. At the time, EFF warned of its dangers —- particularly orders called “technical capability notices”, which could allow the UK to demand modifications to tech companies’ hardware, software, and services to deliver spyware or place backdoors in secure communications systems. These notices would remain secret from the public.

Last year we predicted that the other members of Five Eyes (the intelligence-sharing coalition of Canada, New Zealand, Australia, the United Kingdom, and the United States) might take the UK law as a template for their own proposals, and that Britain “… will certainly be joined by Australia” in proposing IPA-like powers.

That’s now happened.

If the passage of the UK surveillance law is any guide, Australian officials will insist that while the language is broad, no harm is intended, and the more reasonable, narrower interpretations were meant. But none of those protestations will result in amendments to the law: because Australia, like Britain, wants the luxury of broad, and secret powers. There will be — and can be no true oversight — and the kind of malpractice we have seen in the surveillance programs of the U.S. and U.K. intelligence services will spread to Australia’s law enforcement. Trust and security in the Australian corner of the Internet will diminish — and other countries will follow the lead of the anglophone nations in demanding full and secret control over the technology, the personal data, and the individual innovators of the Internet.

“The government,” says Australia’s Department of Home Affairs web site, “welcomes your feedback” on the bill. Comments are due by September 10th. If you are affected by this law — and you almost certainly are — you should read the bill, and write to the Australian government to rethink this disastrous proposal. We need more trust and security in the future of the Internet, not less. This is a bill that will breed digital distrust, and undermine the security of us all.

Stilgherrian, ZDNet:

Without a doubt, law enforcement agencies will have to find ways of dealing with the changes being wrought by the fourth industrial revolution. We all will. But politicians need to consider all of the implications, and all of our needs, not just those of the cops.

Our governments have agreed to “encourage” service providers to “voluntarily” establish lawful access solutions, with an implied threat of coercion if they don’t. Yet the suspicion of such capabilities in, say, Chinese-made 5G equipment, or Russian-made anti-virus software, gets them banned.

It strikes me as a bit rich to accuse other nations of dodgy surveillance practices, while at the same time building the legislative and technical infrastructure to do much the same thing to your own citizens.

If the governments want to bring the citizens along with them on this journey, then their statements need to do more than just start with the same “we value your privacy” bulldust as all the commercial operators we’re beginning to despise.

Indeed.

I thought this dovetailed nicely with a recent comment on Hacker News:

It was a fun 25 years for me personally. Time to re-think my entire online existence and take up knitting or something.

I don’t even do anything “wrong”, I make games, and tinker with electronics, but I do NOT like knowing that every single private chat I have is monitored, collected, stored, and searched. I’ve used lots of encrypted chat programs and encrypted data storage because MY stuff is MINE, not theirs.

They don’t let us read their private documents and emails, or read their private chats. Increasingly, it’s the people in power who are caught being the ones doing fucked up things to children (concentration camps in the US, child rape rings in the UK, etc)… yet WE are the ones who have to give up all privacy, all rights, so they can monitor us?

In the great words of my countrymen: Yeahnah.

It’s despicable how our (AU) country’s sycophant nature has dragged us down the authoritarian well with the US/UK. We had a chance to stand up on our own, with a good strong economy while the rest of the world struggled with the GFC, our own tech companies showing they can stand up on an international stage, and the beginnings of a world class fibre network that would’ve propelled us into the future comfortably.

Instead, we get this. Bow down to your masters, do as we say not as we do, and be happy we’re not locking you up (yet) for wanting to talk to your wife about personal medical things in private, or store your personal belongings (photos of our kids, banking details, passwords) in a secure place where no one can steal them. Why won’t we think of the children?! Says the same people stealing them, raping them, and ruining their future.

The enemy is real. It’s always been real.

Paul Ciano

Enjoyed this post?

Subscribe to my feed for the latest updates.