Analysis If the cops and Feds can't read people's encrypted messages, you will install backdoors for us, regardless of the security hit, US Attorney General William Barr has told the technology world.
While speaking today in New York, Barr demanded eavesdropping mechanisms be added to consumer-level software and devices, mechanisms that can be used by investigators to forcibly decrypt and pry into strongly end-to-end encrypted chats, emails, files, and calls. No ifs, no buts.
And while this will likely weaken secure data storage and communications – by introducing backdoors that hackers and spies, as well as the cops and FBI, can potentially leverage to snoop on folks – it will be a price worth paying. And, after all, what do you really need that encryption for? Your email and selfies?
“We are not talking about protecting the nation’s nuclear launch codes,” Barr told the International Conference on Cyber Security at Fordham University.
“Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations. We are talking about consumer products and services such as messaging, smart phones, email, and voice and data applications.
"There have been enough dogmatic pronouncements that lawful access simply cannot be done. It can be, and it must be."
If you're not the military nor in big business, you'll just have to suck it up, and use that backdoored encryption system for your personal communication and commercial dealings, Barr argued. Otherwise, he claimed, criminals, who are able to chat privately outside the grasp of the law, would have a free hand at the expense of society. And again, over what? Encrypted sexts and selfies? Get real, nerds.
Cryptography expert Matt Blaze likened Barr’s line – that citizens' personal and business information isn't worth protecting with top-notch encryption – to "flat Earth bizarre" thinking. "I don’t even know where to begin," the professor added.
The Attorney General also insisted that investigators accessing people's private data via backdoors – with a suitable warrant, of course – will not be in violation of the US Fourth Amendment, which protects “persons, houses, papers, and effects, against unreasonable searches and seizures.” It's one thing to respect people's privacy, but the people also expect crimes to be investigated, he said, and that's not always possible when unbreakable encryption shields evidence and suspects.
“The key point is that the individual’s right to privacy and the [police's] right of access are two sides of the same coin,” Barr said.
“The reason we are able, as part of our basic social compact, to guarantee individuals a certain zone of privacy is precisely because the public has reserved the right to access that zone when public safety requires. If the public’s right of access is blocked, then these zones of personal privacy are converted into 'law-free zones' insulated from legitimate scrutiny.”
Barr said legislation mandating backdoors in software may be avoided, though he refused to rule it out because a terror attack or some such may conveniently swing the population toward outlawing strong cryptography. “A major incident may well occur at any time that will galvanize public opinion on these issues,” he said.
It’s hardly a novel approach, piggybacking on a tragedy to push for backdoor access to private conversations, as we saw with the Obama administration’s handling of the San Bernardino shooting aftermath.
Barr echoed the familiar refrain that criminals were using encryption to “go dark,” and frustrate officers and agents' efforts to catch them. If this were true, we’d be seeing an explosion - or at least some rise in crime - here in America. However, that’s simply not the case – quite the opposite in fact:
Crime rates are dropping as law enforcement goes dark. Barr's claim that they are raising is even less true that his claim the Meuller report totally exonerates his boss. pic.twitter.com/DFr4nFHrRy— Robᵇᵉᵗᵒ Graham (@ErrataRob) July 23, 2019
Barr cited three possible methods for providing the cops and Feds with the ability to beat “warrant-proof encryption,” all of which have been mooted before, and none of which work.
His first example was previously suggested by British spies at GCHQ, and it involves putting "virtual crocodile clips" on encrypted apps. Specifically, the intelligence services would be allowed to silently enter encrypted chat groups or calls as an extra participant without anyone else in the session being aware of this intrusion and subsequent eavesdropping.
The proposal would force software developers to quietly implement such sneaky access, and Australia has already passed a law making such backdoors mandatory. The plans have been dismissed as unworkable by experts.
Jon Callas, cofounder of the PGP encryption software and the Silent Circle secure messaging and phone systems, has done an excellent in-depth analysis of why such a system is impossible to set up at scale in such a way that only law enforcement could use it. It’s a basic problem with backdoors of this kind – they are easy to set up, and impossible to control so that only officers and g-men can use them.
This kind of special secret access has already ended in disaster, as we saw in the case of Juniper’s firewalls. Persons unknown, presumably the NSA though the whole shambles remains highly classified, silently introduced backdoors into the vendor's ScreenOS firmware. Then everyone found out about the hardcoded password and weakened VPN technology in ScreenOS, and could abuse them to slip into corporate networks, or snoop on VPN traffic, via Juniper's vulnerable gateways. It’s not known how long the backdoors were in there, though what we do know is that someone found them and used them against targets to steal sensitive data.
Barr's second proposal was one touted, and patented, by ex-Microsoftie Ray Ozzie – who, while a smart dude, has very little in the way of security expertise. Ozzie’s idea, which is for smartphones only, would involve a return of the infamous Clipper chip that was dropped more than 15 years ago ago.
Ozzie’s proposal is for a key escrow system that involves a dedicated piece of hardware holding encryption keys that would be accessible to investigators and no one else. The only problem is no one has any idea how to create such a thing at scale that will remain secret.
The third suggestion was an old idea from ex-GCHQ analyst Matt Tait involving layers of encryption that would allow law enforcement access to the underlying private information. It’s a cute idea, and no one has a clue how to do it:
8. Barr goes on to claim that there are many proposals for encryption backdoors on the table. He gives three. They’re the same three we always get.— Matthew Green (@matthew_d_green) July 23, 2019
1. A (hardware, phones only) proposal by Ray Ozzie.
2. A proposal to tap chat groups by GCHQ.
3. An ancient article by Matt Tait.
Barr also said software companies use keys and certificates to sign automatic software updates, which are then pushed to users. If these keys can be kept safe, surely keys to cryptography backdoors can be stopped from falling into the wrong hands, right?
"Providers design their products to allow access for software updates using centrally managed security keys,” he said. “We know of no instance where encryption has been defeated by compromise of those provider-maintained keys. Providers have been able to protect them.”
Obviously Barr hasn’t been paying attention. This is exactly how the NotPetya ransomware that crippled businesses worldwide spread: via poisoned software updates using fake keys. Also Stuxnet used stolen digital keys to cryptographically sign itself so that it looked like legit software. Microsoft lost control of some of its secure boot system's golden keys. The list goes on.