backdoor – Alice, Eve and Bob

Encryption “backdoor”? No, it’s an gaping archway.

Backdoors are just a non-starter.

Note: this is probably one of those posts where I should point out that the views expressed in this article aren’t necessarily those of my employer, Red Hat. Though I hope that they are.

I understand that governments don’t like encryption. Well, to be fair, they like encryption for their stuff, but they don’t want criminals, or people who might be criminals to have it. The problem is that “people who might be criminals” means you and me[1]. I need encryption, and you need encryption. For banking, but business, for health records, for lots of things. This isn’t the first time I’ve blogged on this issue, and I actually compiled a list in a previous post, giving some examples of perfectly legal, perfectly appropriate reasons for “us” to be using encryption. I’ve even written about the importance of helping governments go about their business.

Unluckily, it seems that the Government of Australia has been paying insufficient attention to the points that I have[2] been making. It seems that they are hell-bent on passing a law that would require relevant organisations (the types of organisations listed are broad and ill-defined, in the coverage that I’ve seen) to provide a backdoor into individuals’ encrypted messages. Only for individuals, you’ll note, not blanket decryption. Well, that’s a relief. And that was sarcasm.

The problem? Mathematics. Cryptography is based on mathematics. Much of it is actually quite simple, though some of it is admittedly complex. But you don’t argue with mathematics, and the mathematics say that you can’t just create a backdoor and have the rest of the scheme continue to be as secure.

Most existing encryption/decryption schemes[3] allow one party to send encrypted data to another with a single shared key. To decrypt, you need that key. In order to get that key, you either need to be one of the two parties (typically referred to as “Alice” and “Bob”), or hope that, as a malicious[5] third party (typically referred to as “Eve”[6]), you can do one of the following:

get Alice or Bob to give you their key;
get access to the key by looking at some or all of the encrypted messages;
use a weakness in the encryption process to decrypt the messages.

Now, number 1 isn’t great if you don’t want Alice or Bob to know that you’re snooping on their messages. Number 2 is a protocol weakness, and designers of cryptographic protocols try very, very hard to avoid them. Number 3 is an implementation weakness, and reputable application developers will be try very, very hard to avoid those. What’s more, for applications which are open source, anyone can have a look at them, so putting them in on purpose isn’t likely to last for long.

Both 2 and 3 can lead to backdoors. But they’re not single-use backdoors, they’re gaping archways that anyone can find out about and exploit.

Would it be possible to design protocols that allowed a third party to hold a key for each encryption session, allowing individual sessions to be decrypted by a “trusted party” such as law enforcement? Yes, it would. But a) no-one with half a brain would knowingly use such a scheme[7]; b) the operational overhead of running such a scheme would be unmanageable; and c) it would only a matter of time before untrusted parties got access to the systems behind the scheme and misused it.

Backdoors are just a non-starter. Governments need to find sensible ways to perform legally approved surveillance, but encryption backdoors are not one of them.

1 – and I’m not even intentionally addressing any criminals who might be reading this article.

2 – quite eloquently, in my humble opinion.

3 – the two tend to go together as there isn’t much point in one without the other[4] .

4 – in most cases. You’d be surprised, though.

5 – at least as far as Alice and Bob are concerned.

6 – guess where the name of this blog originated?

7 – hint: not me, not you, and certainly not criminals.

Helping our governments – differently

… we may live in a new security and terrorism landscape

Two weeks ago, I didn’t write a full post, because the Manchester arena bombing was too raw. We are only a few days on from the London Bridge attack, and I could make the same decision, but think it’s time to recognise that we have a new reality that we need to face in Britain: that we may live in a new security and terrorism landscape. The sorts of attacks – atrocities – that have been perpetrated over the past few weeks (and the police and security services say that despite three succeeding, they’ve foiled another five) are likely to keep happening.

And they’re difficult to predict, which means that they’re difficult to stop. There are already renewed calls for tech companies* to provide tools to allow the Good Guys[tm**] to read the correspondence of the people who are going to commit terrorist acts. The problem is that the preferred approach requested/demanded by governments seems to be backdoors in encryption and/or communications software, which just doesn’t work – see my post The Backdoor Fallacy – explaining it slowly for governments. I understand that “reasonable people” believe that this is a solution, but it really isn’t, for all sorts of reasons, most of which aren’t really that technical at all.

So what can we do? Three things spring to mind, and before I go into them, I’d like to make something clear, and it’s that I have a huge amount of respect for the men and women who make up our security services and intelligence community. All those who I’ve met have a strong desire to perform their job to the best of their ability, and to help protect us from people and threats which could damage us, our property, and our way of life. Many of these people and threats we know nothing about, and neither do we need to. The job that the people in the security services do is vital, and I really don’t see any conspiracy to harm us or take huge amounts of power because it’s there for the taking. I’m all for helping them, but not at the expense of the rights and freedoms that we hold dear. So back to the question of what we can do. And by “we” I mean the nebulous Security Community****. Please treat these people with respect, and be aware they they work very, very hard, and often in difficult and stressful jobs*****.

The first is to be more aware of our environment. We’re encouraged to do this in our daily lives (“Report unaccompanied luggage”…), but what more could we do in our professional lives? Or what could we do in our daily lives by applying our professional capabilities and expertise to everyday activities? What suspicious activities – from traffic on networks from unexpected place to new malware – might be a precursor to something else? I’m not saying that we’re likely to spot the next terrorism attack – though we might – but helping to combat other crime more effectively both reduces the attack surface for terrorists and increases the available resourcing for counter-intelligence.

Second: there are, I’m sure, many techniques that are available to the intelligence community that we don’t know about. But there is a great deal of innovation within enterprise, health and telco (to choose three sectors that I happen to know quite well******) that could well benefit our security services. Maybe your new network analysis tool, intrusion detector, data aggregator has some clever smarts in it, or creates information which might be of interest to the security community. I think we need to be more open to the idea of sharing these projects, products and skills – proactively.

The third is information sharing. I work for Red Hat, an Open Source company which also tries to foster open thinking and open management styles. We’re used to sharing, and industry, in general, is getting better about sharing information with other organisations, government and the security services. We need to get better at sharing both active data from systems which are running as designed and bad data from systems that are failing, under attack or compromised. Open, I firmly believe, should be our default state*******.

If we get better at sharing information and expertise which can help the intelligence services in ways which don’t impinge negatively on our existing freedoms, maybe we can reduce the calls for laws that will do so. And maybe we can help stop more injuries, maimings and deaths. Stand tall, stand proud. We will win.

*who isn’t a tech company, these days, though? If you sell home-made birthday cards on Etsy, or send invoices via email, are you a tech company? Who knows.

**this an ironic tm***

***not that I don’t think that there are good guys – and gals – but just that it’s difficult to define them. Read on: you’ll see.

****I’ve talked about this before – some day I’ll define it.

*****and most likely for less money than most of the rest of us.

******feel free to add or substitute your own.

*******OK, DROP for firewall and authorisation rules, but you get my point.

The Backdoor Fallacy: explaining it slowly for governments

… I literally don’t know a single person with modicum of technical understanding who thinks this is a good idea …

I should probably avoid this one, because a) everyone will be writing about it; and b) it makes me really, really cross; but I just can’t*. I’m also going to restate the standard disclaimer that the opinions expressed here are mine, and may not represent those of my employer, Red Hat, Inc. (although I hope that they do).

Amber Rudd, UK Home Secretary, has embraced what I’m going to call the Backdoor Fallacy. This is basically a security-by-obscurity belief that it’s necessary for encryption providers to provide the police and security services with a “hidden” method by which they can read all encrypted communications**. The Home Secretary’s espousal of this popular position is a predictable reaction to the terrorist attack in London last week, but it won’t help. I literally don’t know a single person with modicum of technical understanding who thinks this is a good idea. Or remotely practicable. Obviously, therefore, I’m not the only person who’s going to writing about this, but I thought it would be an interesting exercise to collect some of the reasons that this is monumentally bad idea in one short article, so let’s examine this fallacy from a few angles.

It always fails – because a backdoor isn’t just a backdoor for authorised users: it’s a backdoor for anyone who can find it. And keeping these sort of things hidden is difficult, because:
- academic researchers look for them
- criminals look for them
- “unfriendly state actors” (governments we don’t like at the moment) look for them
- previously friendly state actors (governments we used to like, but we don’t like so much anymore) look for them
- police and security services mess up and leak them by accident
- insiders within police and security services decide to leak them
- source code gets leaked, giving clues to how they’re implemented -for those apps which aren’t Open Source in the first place
- the people writing them don’t always get it right, and you end up with more holes than you expected***
- techniques that seem safe now often seem laughably insecure in a few years’ time.

There is just no safe way to protect these backdoors.

You can’t identify all the providers – today it’s Whatsapp. And Facebook, and Twitter, and Instagram, and Tumblr, and … But if I’d asked you for a list a year, or five years ago, what would that list have looked like? And can you tell me what should be on the list for next week, or next year? No, you can’t. And I suspect you (as a learned reader of this blog) are a lot more clued up than the UK Home Office.

You can’t convince all the providers – and that’s assuming that all of the providers are interested or can be convinced to care adequately to sign up anyway.

You can’t hit all channels – even if you could identify all the providers, what about online gaming? And email. And ssh. I mean, really.

The obviousness issue – presumably, in order to make this work, governments need to publish a list of approved applications. I suspect, just suspect that the sort of bad people who want to get around this will choose to use different apps, or different channels to the approved ones … but so will people who aren’t “bad people”, but just have legitimate reasons for encrypting their communications.

The business problem – there are legitimate uses for encryption. Many, many of them. And they far outnumber the illegitimate uses. So, if you’re a government, you have two options:
1. you can convince all legitimate business, including banks, foreign corporations and human rights organisations and everyone who communicates with them to use your compromised, “backdoor-enhanced”***** encryption scheme. Good luck with this: it’s not going to work.
2. you can institute a simple, fast, unabuseable red-tape free process by which you hand out exemptions to “legitimate” businesses who you can trust to use non-compromised, backdoor-unenhanced encryption schemes.******

I’m guessing that we don’t expect either of these to fly.

The “nothing to hide” sub-fallacy – “But if you have nothing to hide, then you have nothing to fear” argument. Well, I may have nothing to hide from the current government. But what about future governments? Have the past 100 years of world history taught us nothing? Hitler, Franco, Stalin, Perón, … the list goes on and on. From “previously friendly state actors”? And from the criminals who are the main reason most of us use encryption in the first place? Puh-lease.

The who-do-you-trust question – this leads on from the “police and security services mess up” sub-bullet above. The fewer people to whom you give the backdoor details, the more hard work and expense there is in using that backdoor for your purposes. So there’s an obvious move to reduce costs by spreading knowledge of the backdoor. And governments tend towards any policy which reduces costs, so… And, of course, the more spread the knowledge, the more likely it is it leak.

Once it’s gone, it’s gone – and once it’s leaked, it’s leaked, whether by accident or intention (Chelsea Manning, Julian Assange, Edward Snowden, …). You can’t put this genie back in the bottle. The cost and complication of re-keying a communications channel for which the key has leaked is phenomenal. I’m assuming that this is just a re-keying exercise, but if it’s a recoding exercise, it’s even harder. And how do you enforce that only the new version is used, anyway?

The jurisdiction issue – do all governments agree on the same key? No? Well, then I have to have different versions of all apps I might use, and choose the correct one for each country I travel in? And ensure that neither I nor any businesses ever communicate across jurisdictional boundaries. Or we could have multiple backdoors, each for a different jurisdiction? Let’s introduce the phrase “combinatorial explosion” here, shall we?

Let’s work as an industry to disabuse governments of the idea that this is ever a good idea. And we also need to work them to come up with other techniques to help them catch criminals and stop terrorist attacks: let’s do that, too.

*believe me: I tried. Not that hard, but I tried.

**they probably want all “at-rest” keys as well as all transport keys. This is even more stupid.

***don’t get me wrong: this is going to happen anyway, but why add to the problem?

****inverted commas for irony, which I hope is obvious by this state in the proceedings

*****”I can’t even”, to borrow from popular parlance. This is the UK government, after all.