The Fog of Cryptowar (4/4)
Editor’s Note: This is page 4/4 of this extensive article. Click here to go back to the beginning.
Regulation undermines innovation.
Regulation in all areas creates a cost of compliance that redirects resources from developing what the customer actually needs. This is a commonplace. Furthermore, regulation in this particular field prevents the use of best practices, which actually creates harm for the customer.
However, regulation in other fields is accepted since it is perceived to provide a public good that would otherwise not be created. Here the argument cannot be simply that of arguing against regulation – since it is otherwise widely accepted – but instead it must be questioned if regulation in the field of cryptography would create any public good at all.
In our survey of the various means to regulate cryptography it should have become clear that while a primary public good – security – is attempted, all known means to provide it in this field also come with enormous risks for security itself, making regulation self-defeating.
If any specific regulation on cryptography is established, the question of certification arises. Which software and hardware implementations implement the legal requirements, and how can a customer verify this?
This requires both setting a standard for implementation, as well as verifying individual implementations of this standard. The standard will also require timely updates as technology progresses.
Since software and hardware are global markets, international cooperation will be required. It is unlikely that the majority of relevant countries, so diverse as USA, Germany, Canada, Russia, China, India (to name just a few), can agree on such a sensitive topic – especially since the necessary mutual trust is simply not present. If they don’t, a fragmentation of the market or mounting legal risks will be the result.
Enforcement and Effectiveness
For any regulation to be effective it first needs to be enforced, or adherence will be very low.
Some pro-crypto activists argue however that enforcement is impossible, since it would require censoring all sources of illegal cryptographic software, apply protocol fingerprinting to detect illegal use, and that no big vendor would adhere to regulation anyways because of market demands.
We would agree if the goal were total enforcement. However, almost no laws are completely enforced. All complete enforcement requires totalitarian systems.
Instead, pragmatic politics is aware and accepts that enforcement is necessarily incomplete. This acceptance has three reasons:
- A large number of people will obey the law simply because there is a non-negligible risk of being caught and punished. As soon as enforcement pressure is high enough, most people fall in line. This is the case for copyright infringement on the Internet, speed limits, gun laws, and drug laws. Complete enforcement fails, but the behavior of the population is nevertheless shaped according to the goal of the law.
Unless the want for cryptographic protection trumps the probability of being caught and the punishment to expect, people will obey.
This is fundamentally influenced by how much cryptographic protection adds to the satisfaction of wants and needs, since it is no primary motivator for most people. For decades, strong cryptography was available on the market, but inconvenient to use. So the vast majority of people did not use it. Will the new inconvenience of enforced crypto regulation drive down use? It certainly will.
- For those that break the law the risk of being caught will increase. This means that some of the people that hide their crimes with illegal cryptography will at least be caught for their use of illegal cryptography.
- Law changes social perception. Lawbreakers must hide the fact that they break the law in front of people that might be law abiding. This leads to social ostracism which becomes a means of enforcement. Unless a behavior is widely accepted, this mechanism is highly effective. It is not unheard of that users of cryptography are asked justify themselves, most often with the old tome: “If you have nothing to hide you have nothing to fear.” Similarly, people that are suspected by their social environment to be criminals face a much higher risk of being reported to law enforcement.
It is no question that some criminals will not forgo the protection of cryptography, but even criminals are faced with choices and trade-offs. They have to invest their time, money and risk-tolerance wisely. This will undoubtedly lead to some criminals lowering their guard in the common assumption that “it wont be me that is caught”. It is the easy access to cryptography that makes it wide-spread in some criminal circles, if the effort to procure cryptographic tools increases, some will not go the extra mile to procure it. And for those that do, if they cannot effectively hide their use of illegal cryptography, it will paint a target on their back for law enforcement to employ more targeted (and expensive) methods.
Another consideration in this case is that the lack of a public market for cryptographic software will inevitably lead to less knowledge about which products are trustworthy and which are not. There will be less recognized experts looking at illegal products, so illegal products will be harder to trust. This will certainly be exploited by intelligence agencies that then will spread fear, doubt and uncertainty about some products, while trying to lure targets into products that have been outfitted with some kind of backdoor or weak algorithm.
It must therefor be concluded that no regulation actually targets the highly professional, well equipped, deeply educated and risk aware criminal. No previous laws have – notwithstanding public assurances of the contrary, which are just for soothing the general public. Otherwise our prison would be empty and judges out of work.
It is important to get this illusion of perfectly effective enforcement out of our heads, and the debate.
It remains the question of how to lower the availability of cryptographic tools to even begin with having any enforcement pressure.
The vast majority of all installations of cryptographic software is either shipped with the operating system (hard disc encryption) or delivered via App Stores (almost exclusively messenger software). The current majority usecase clearly points at smartphones and tablets, as well as netbooks. Sales of personal computers and laptops have been plummeting, except for gaming.
This puts the platform operators into a position of substantial control. While side-loading of applications is possible on most devices, it is inconvenient and not emplyed by the majority of users.
One approach then could be to enlist the support of these platform operators, that control both hardware, operating system and application delivery. A simple request could be to ban certain software from the App Stores. This has precedent, for example Apple banning VPN applications, and Google removing the Catalonian Referendum App because of a mere court order.
Such a ban on illegal cryptographic software does not need to be total, it is sufficient if vendors remove those applications on a case by case basis as prompted by law enforcement. If vendors do not comply, they could be held liable.
It is probably unfounded to believe that platform providers will actually stand up against government demand if they do not have public opinion strongly on their side. This should be concluded from their behavior towards China, Iran and India, where they cooperated with local government against the security and freedom interests of the population.
Do those corporation risk losing customers when they go along with regulation? Certainly they do, though the impact is hard to measure. If public opinion can be swayed in favor of regulation, the impact will be minimal. Especially since most consumer decisions will not be primarily informed by privacy issues, but rather by convenience, availability, network effects, and low risk (through certification). This should have become clear in the wake of the Snowden leaks – neither Google, nor Facebook, nor Apple lost substantial numbers of customers – even though everybody now knew that they participated in mass surveillance programs.
Unless public opinion firmly opposes regulation of cryptography, enforcement will be no major hindrance. And to accomplish public resistance, sound arguments are required.
Plausible regulation to mitigate the Going Dark Problem. A prediction.
After describing the motives for regulation and various technical approaches to implement it, we have to ask what actual means of regulation are realistic today. The survey of technologies has revealed that hard-handed approaches like those of the 1990s are hard to implement, and even harder to keep secure enough in a digital society.
Furthermore government is confronted with a much wider landscape of cryptography vendors and international stakeholders than before.
Various approaches can be ruled out:
- Undermining algorithms and outlawing strong cryptography: Both lower the security of critical systems, and the general security of the population so far that the risks posed by cybercrime and cyberwar would become unacceptable.
- Mandatory government backdoors: Again, the security impact here is out of control. Risking the computing and storage of whole nations to be subverted by criminals and foreign enemies cannot be justified.
- Domestic or international key escrow, content escrow and key discovery schemes: The costs of implementation, maintenance, verification and certification would make this the biggest coordinated information technology project ever. The risks of project failure, insufficient security and stifled innovation are enormous. The required international coordination to prevent market fracture goes beyond what is possible in the current global political climate.
It is not clear if it can be ruled out that protocols would be undermined. While the risks posed by this approach are uncontrollable and many international technical standards would need modification, the repeated focus of some politicians on end-2-end encryption is concerning. Maybe this points at an actual attempt to persuade vendors to limit its use, or it is a position taken to shift the future compromise further into the field of the anti-crypto faction.
This apparently leaves government hacking and to convince software vendors to ship software with less secure default settings, especially to hide key ownership verification (to support man in the middle attacks) and to automatically backup communication logs and recovery keys to the cloud.
We think that this conclusion is a bit rushed and not in line with the (apparently) coordinated statements of politicians from various countries. The pressure generated by public opinion and law enforcement interest groups, and specific statements by politicians that they “just want frontdoor access” and “providers need to be able to provide plaintext” should give us pause and allow us to outline a few plausible additional regulatory steps.
Let’s first remember that the goal of regulation can only be to influence mass market availability and adoption of cryptographic tools that preserve confidentiality of content and communication relationships (metadata) against targeted government investigatory powers (1). That is where the going dark problem rests, and it is the minimal request by law enforcement. An extension of this goal would be to make users of strong, unregulated cryptography easier to identify and consider the use of these technologies as circumstantial evidence for criminal intend (as is today the possession of a “weapon” while committing any other crime).
Second, it seems that the problem with most regulatory approaches is that they create the centralization of control (escrow keys or access keys) in systems that are hard to build, maintain, secure and certify (2).
Third, international coordination of detailed regulation does not seem realistic in the current global political context (3).
Lastly, fourth, the technical context is currently dominated by few platform providers that control operating systems, application delivery and to some extend hardware (4).
Can there be a regulatory approach that recognizes these four points and incorporates them? We argue that five regulatory approaches are both realistic, and likely:
- Defense of metadata access: Convince vendors to refrain from creating systems that do not produce or retain metadata. This solves one part of the Going Dark problem and is relatively easy to argue for in the public sphere. While confidentiality of content is a long-cherished value in many societies, the anonymity of communication is widely faced with suspicion. Furthermore systems that suppress metadata are relatively hard to create, while metadata itself is of great interest to many vendors because it opens potential monetization strategies.
Various attempts in this direction have already been made, notably by the EU (data retention), UK (investigative powers act) and the USA (repeal of regulations that prevent metadata collection and use by providers). Furthermore metadata generation and retention are one of the core demands of Interpol and Europol reports on cybercrime.
- Nudge vendors to deliver software with less secure default settings: Many cryptographic tools can be weakened indirectly by exploiting human error. Most users are unaware of the necessity of verifying the identity of communication partners and the ownership of keys. This can be exploited by making key verification not a mandatory part of the user experience, but instead hide the feature, or refrain from implementing automatic protections. Intentionally or not, this could already be witnessed with Whatsapp, where verification of keys during key rotation was not performed, and the user not informed about the fact that keys had been rotated. This would in many cases be sufficient to trick users into communicating with a man-in-the-middle.
A similar approach could be taken when it comes to preserving communication histories or backups of local data to the cloud in a way that keeps the data accessible by the vendor. This could already be witnessed with Apple iMessage.
- Lawful hacking: Various countries, among them the USA, Germany and the Netherlands have made the exploitation of security vulnerabilities and infiltration of computer systems legal for law enforcement. Even in the wake of protests and legal ambiguities, this is quickly becoming a standard tool of police. A further strengthening of international cooperation in this field, especially in the sharing of exploit code and methods, would decrease costs and increase applicability, and potentially mitigate the problem of 0-Day exploits (secret vulnerabilities) by making 1-Day exploits (vulnerabilities known to vendors but not yet patched) practicable.
One issue in this regard does require more attention: International frameworks for cross-border lawful hacking are both necessary and so far non-existent. We can witness, however, that since the G-20 talks in 2017 there have been efforts to regulate this aspect. Various proposals for cross-border cooperation, digital evidence collection and legal process coordination have been made and are finding growing support especially in the group of EU, USA, UK, Canada. It should be expected that this tool will soon receive a multi-jurisdictional framework and standardization, which in turn will allow cooperation to increase effectiveness and efficiency. Lawful hacking most certainly is here to stay and spread.
- Use of update mechanisms to deliver police trojans: An extension of the lawful hacking approach is to use the system or application updaters to directly deliver government software to targeted devices. This is a very attractive method since it could potentially solve problems with exploit availability, targeting, security, and documentation that can be revealed in legal discovery. Updater software already exists, it already has the necessary authorization to install and modify running code, the delivery infrastructure exists, and pin-point targeting is available as well. Using updaters thus does not introduce new security or reliability problems while at the same time reaching the vast majority of devices.
However, vendors need to cooperate in this and must actively support law enforcement with each investigation. It would be too risky to weaken update security by giving police direct access to the infrastructure or required signature keys. Vendors in turn will refuse to cooperate if the process is not completely transparent and secured by legal safeguards – like the issuing of warrants, auditing, and notification of users after the fact. Furthermore the use of this method must be effectively limited to prevent accusations of mass surveillance. It might plausibly be enough to agree on limits on the number of undermined update events and publish statistics to sway public opinion – and thus vendor cooperation – to support this.
A variation of this approach is to not deliver police trojans, but to simply suppress updates for targeted devices. This could be used to extend the lifetime of security vulnerabilities that can be exploited by lawful hacking – after a device has been successfully infiltrated, patching of security vulnerabilities could again be allowed.
One warning should be added: Vendor cooperation to target specific devices leaks investigation details to the vendor. Law enforcement prefers to keep this secret.
- Mandate plaintext access: An elegant solution to the intricacies of key escrow and key recovery issues, at least from the point of view of regulators, is to refrain from defining any specific scheme on how to implement these. This gets around many of the complex details of certification, verification and international standard creation, as well as the impacts of regulation on innovation, single point of failure creation, and some security issues. Instead of mandating specific technical implementations, a result driven regulation would “only” mandate that vendors have to be able to make the plaintext of specific messages or device contents available on request.
Vendors would face fines in those cases where they are unable to deliver plaintext to law enforcement in specific cases.
This approach would of course put the complete technical burden on the shoulders of vendors, meaning that some vendors would be driven out of the market since they cannot provide adequate technical and organizational implementations to fulfill law enforcement requests. But it would also mean that no new entities have to be introduced that would present new points of failure or breach – leading to a more decentralized infrastructure.
To further enforce such a scheme, app-stores could be forced through court orders to remove applications that have failed to implement plaintext access as demonstrated by unsuccessful law enforcement requests – in the worst case automatic de-installation of those applications is technically feasible.
This approach of simply mandating plaintext access is attractive to law enforcement and politicians since it reduces the complexity of their parts significantly, hides the problematic details, and shifts all effort and liability to vendors. It looks good on paper. But it may not be forgotten that, while reducing the complexity of the overall implementations, the security problems of key escrow, content escrow and key recovery schemes still exist, even if on a smaller scale. Implementing such a regulation would undoubtedly lead to lower overall confidentiality for data at rest and in transit – not just versus law enforcement, but also unlawful access. While this might be partially mitigated by some platform providers that also have control over the hardware design, independent software-only vendors would still face a situation in which they will have to increase the risks their users face just to be able to cater to law enforcement.
Conclusion and advice.
We hope to have given some perspective into the technical, organizational and legal aspects of this new iteration of the Crypto Wars. We face a different situation today than the one faced in the 1990s.
The arguments usually parroted in media are not sufficient to make cryptographic regulation unattractive to politicians. Several possible routes of regulation exist, as well as approaches that do not require vendor regulation (for example, to support lawful hacking).
The risk here is that overcome arguments distract from those alternative routes instead of resisting them. The problem we face is much bigger than just cryptographic regulation – we are facing a change in the views and guarantees of confidentiality.
This means that we have to extend the debate to include these aspects:
- Vendor neutrality: Should it be possible to force vendors of software and hardware, and not just communication providers, to provide law enforcement with extraordinary means of access?
- Integrity of Information Processing Devices: Should we allow for provisions that undermine the integrity of – and the user’s control over – personal computers, smartphones and tablets? What are the ramifications of such provisions in light of legally binding digital contracts, liability, and the permissibility of digital evidence? Should information processing devices be considered extensions of the person that operates them, or do we consider them external artifacts that fall under public purview?
- Freedom of Processing: Do users have the right to control what software runs on their devices? Do they have the freedom to install, remove, and develop whatever software they see fit? Do users actually own – and control – their devices?
- The Right to Digital Self-Defense: Are individuals allowed to take steps to defend themselves against security risks in the digital sphere? Are they allowed to take best practice approaches to make themselves less vulnerable to cyber crime, and in extend contribute to making a nation less vulnerable to cyber war? Should we consider good security practice in the digital realm as part of civil defense?
These are the hard questions to ask, and they are closer to the public’s interest and domain of knowledge than many intricacies of cryptography. The answers to those question also have broader applicability – they inform future debates as well and thus can serve as precedent for finding new norms in social ethics.
Apart from these political and ethical aspects, the debate has also revealed potential weak spots in how we do computing these days. Especially the dominance of few platform providers, the vulnerability of update processes and lawful hacking should inform us to take technological action. A few suggestions in this regard:
- Software delivery should be secured by some form of “Single Source of Record” that automatically verifies that a product delivered to a device does not deviated from installations on other devices.
- Secure software development: The process by which software is developed needs to be taken more serious, especially for open source software. We need better review and auditing processes for security critical code, and greater isolation between security critical and non-critical modules. Furthermore, review and auditing processes deliver only limited protection to users if the build (compile) process cannot be verified. This means that verifiable, deterministic builds should become commonplace.
- Platform vendors: The angle by which any regulation today is possible is through the high dependence of most users on platform providers that control both the operating system and the application delivery channels. It is this dependency that allows regulation to capture wide sections of the market by focusing all attention on a handful of corporations in very few jurisdictions. Both from public policy and security perspectives this is a risk-laden state of affairs that requires to be defused.
We hope that we could widen the perspective on the current debate with this text and warn against arguments that are not timely anymore. Furthermore we hope that we could give some hints to make the debate more fruitful, and suggest some areas of focus for engineers and developers in which they can help shape the environment of the debate towards more secure, and more freedom-preserving systems.
Please enjoy, share the podcast around, and consider financially supporting the podcast–we need YOUR help to keep this going. You can become a patron on Patreon for exclusive content by clicking the image below. You can also donate crypto-currencies by clicking here.
The post The Fog of Cryptowar (4/4)(ShadowLife/Anarplex Mirror) appeared first on Liberty Under Attack.