IPB The encryption bothering parts of the UK's Investigatory Powers Bill have left IT security experts flabbergasted.
Introducing the draft internet surveillance law in the House of Commons on Wednesday, Home Secretary Theresa May presented it as consolidating and updating existing investigatory powers. She spun it as a break from measures in the ultimately unsuccessful Communications Data Bill of 2012, adding "it will not ban encryption or do anything to undermine the security of people's data." The reality is far more complex and less reassuring than this bland assurance might suggest.
The draft law [PDF] states it "will not impose any additional requirements in relation to encryption over and above the existing obligations in RIPA [the Regulation of Investigatory Powers Act, 2000]" before summarising what these entail:
RIPA requires CSPs [communications service providers] to provide communications data when served with a notice, to assist in giving effect to interception warrants, and to maintain permanent interception capabilities, including maintaining the ability to remove any encryption applied by the CSP to whom the notice relates.
Look, ma – no backdoors! (Because they won't be called that)
El Reg understands the UK's security and intelligence agencies are already talking to makers of popular messaging software – most of which are based in the US – about how best to tap into people's chatter. This includes those providing strong end-to-end encryption for normal folks, such as WhatsApp and Apple's iMessage; reliable encryption that's easy to install and use, unlike tough-to-crack but infuriating-to-use PGP packages.
Truly secure end-to-end crypto systems allow only the two people chatting to decrypt each other's messages, calls or other information exchanged. The app makers, network providers and any eavesdroppers along the line have no hope of cracking the ciphered bytes if intercepted.
One way to do this is use the Diffie-Hellman protocol, which allows two people to create a shared secret known only to them using prime-number maths. No one in between the pair can figure out the secret, which can be used as a key to encrypt and decrypt data. There's nothing communications providers can hand over when the g-men come knocking except useless scrambled bits.
There are also sorts of end-to-end encrypted communications available now, especially in the wake of the Edward Snowden revelations of NSA-GCHQ mass surveillance, but it's the main providers the UK authorities are interested in, we hear.
That focus on the mainstream – Facebook-owned WhatsApp and Apple – may spark an exodus to software perceived as being beyond the radar of the UK authorities. Make sure whatever code you decide to use is verified and trusted to work as advertised.
Implementation flaws (such as weak keys or bugs in the programming) and slip ups by users (such as accidentally leaking private keys) are enough to break cryptographic systems. "The true security in 'end-to-end' encryption depends on how it's implemented and how it is used. Key generation, management, forward secrecy all matter," Professor Alan Woodward of the University of Surrey noted on Twitter.
What the security agencies really want is a backdoor in the cryptography: a way to forcibly decrypt messages and calls. Mathematically, it's not possible to build such a system in a secure way. If the snoops can flick a switch and defeat the encryption, so can anyone else, in theory. Criminals, bored teenagers, you name it; everyone loses.
Critics charge that the UK government is trying to effectively ban secure cryptography, a suggestion ministers deny. Despite this, sections of the bill suggest that communications providers operating in the UK may be ordered to "provide technical assistance" and remove electronic protections, possibly under a gagging order along the lines of a US National Security Letter.
The UK government wants to promote the use of good crypto to further its established goal of making the UK the best place in the world to do e-commerce. Alongside this, GCHQ and MI5 still want to be able to decrypt communications and identify suspects in terrorist plots, child abuse, and other serious crimes.
The bill also provides a rationale for why police and intel agencies should be allowed to hack computers and network equipment to circumvent encryption:
Equipment interference plays an important role in mitigating the loss of intelligence that may no longer be obtained through other techniques, such as interception, as a result of sophisticated encryption.
The proposed law is being spun as a means of ensuring there are "no 'no go' areas of the internet for law enforcement – so that the entirety of cyberspace can be policed in the face of technological advances" as well as giving the security services a "license to operate."
Privacy advocates such as Liberty argue that the Investigatory Powers Bill contains "sweeping new powers for public bodies to track and hack British people's communications – while failing to include the most basic privacy safeguards."
"Far from attempting to create a more targeted and effective system, the bill places the broad mass surveillance powers revealed by Edward Snowden on a statutory footing, including mass interception, mass acquisition of communications data, mass hacking, and retention of databases on huge swatches of the population," Liberty argues.