What kind of effective encryption will governments accept?
Mon 30 Mar 2015
Yesterday Europol Police Chief Rob Wainwright joined a stream of high-level political figures and security heads in a lobbying bid against the uptake, or even continuance, of substantial encryption in online communications. Speaking to the BBC, Wainwright argued that terrorist elements are using strong encryption to shield their activities
This is the latest in a series of what would appear to be managed responses from governments and invested authorities to the post-Snowden zero-knowledge culture which has been creeping into the technology arena over the last 18 months, but which fulminated brilliantly last autumn when Apple wiped their hands of responsibility for user data and instituted client-side encryption in their latest update to the iOs mobile operating system.
Well, let’s admit defeat, just for hypothetical purposes, and assume a future where this frog is completely boiled – where we have become so accustomed to the white noise of complaint from government and intelligence services, so terrified by whatever singular event will finally let governments tut out a shrewd ‘We told you so’…let’s say, in short, that we are ready to abandon privacy and Benjamin Franklin bumper stickers in the sphere of communications and data storage – how, practically, can it be effected?
It’s not an easy task, as the prospect is that of sending out a heavily-armoured battleship that happens to have a man-sized, fragile rubber plug in the bottom of its keel, for the benefit of any duly-invested authorities that may need easy access behind the armour. But anyway…
One possibility is a limit or partial ban on encrypted traffic, restricting secure protocols to such apps as do not provide client-side encryption. To stay in the game, the likes of Apple and Android will need to abandon the concept of having CSE-based data centres which are opaque to proprietor, governments and hackers alike. For hackers, this is good news, as it returns the battle for other people’s data back onto a more even footing, and re-opens the way for more juvenile hacking fun.
For those communications which are not to do with money or other ‘essential’ services which must remain encrypted, presumably a return to plain-text sends is the order of the day. For the ecologists, it’s actually a bit of a boost, since the removal of CPU-heavy encryption processes is likely to drop the planet’s temperature and carbon footprint by a measurable degree. Also on the plus side, the unencrypted internet is likely to be rather quicker – no more crypto-heavy handshakes or stacked certificate look-ups.
It will of course be a field day for terrorists and cyber-malfeasants of every stripe – the equivalent of walking into a high crime-rate area and insulting the locals whilst lighting cigars with $100 bills. Interception of mail streams and a vast variety of user data will be available alike to the authorities, terrorists, psycho exes and a veritable gamut of unsavoury gawkers.
The result? Default click-through warning notices every time you use an unencrypted service…and, eventually, the mass-abandonment of these insecure channels for ones which are encrypted, but government-approved. But hey, at least we gave you the choice.
But this is all very granular – why not go to the heart of the problem? The cheapest option for government is to tell hardware manufacturers openly to install just the kind of low-level backdoor which the NSA was – at least until recently – sneakily slipping into the hard drives of major tech suppliers. China was leading the way in this field eight years ago, and appears to be expecting this to become a default hardware configuration in western tech in the future anyway.
And since the cat is out of the bag, why not put this machine-level interference directly onto the motherboard or host circuit, perhaps between the network hardware and the device input elements?
On the negative side, this does involve mandating a certain amount of expense on behalf of hardware manufacturers. On the plus side, a great deal of the R&D groundwork on this has evidently already been done, which should save the tax-payers a considerable amount.
However, it removes the ‘security by obscurity’ methodology which may previously have kept hackers away from government-approved hardware back doors. And since templating has been the foundation of engineering since the industrial revolution, attackers will find that they only have to break in once to have the keys forever. But at least the authorities will have access to the same outgoing information.
Government as Certificating Authority
This is a thorny solution for the U.S., which has a tacit aversion to big government, but apart from that seems a practical option – gather all certificating authorities under one government wing and become the only CA for the United States (with, presumably, an equally centralised authority emerging in Europe and in other intimidated partner-nations). It’s commonly thought that China’s ‘China Internet Network Information Center’ (CNNIC), answering directly to the Ministry of Information, issues MITM exploits on demand for Beijing (though CNNIC denies this) – wouldn’t it be nice to have that kind of surveillance capability whilst protecting your citizens from everybody else?
Less drastic would be legislation which plumbs authorities straight into the internal mechanism of existing CAs, so that surveillance agencies no longer need those annoying and life-threatening court edicts (or any black-hat-hacking ops needed to circumvent them). Plus, it keeps government small and doesn’t interfere with the free market.
On the negative side, this means wiring certificate authentication into processes which may use non-certificate-based procedures. It additionally leaves an attackable channel in an infrastructure which is currently very familiar to cyber-criminals and terrorists.
Abandon all current protocols
Well, this is pretty much the ‘Strangelove’ scenario, but why not maintain currently-used protocols, such as FTP, HTTP and all the others within an abstraction layer on top of a totally different router-to-router protocol, such as MaidSafe, whilst migrating users over to native equivalent services with (inevitably) better performance? If you want to really own the infrastructure and all that passes through it, you probably have to architect it yourself.
On the negative side, this means an expensive, major government IT project. On the plus side, for libertarians, it will take decades to…fail.