Point vs. Counter Point: FBI and back door/wiretapping

FBI: We're not demanding encryption back doors.

FBI urges Congress to expand Internet wiretapping.

-- Tom

 

Yes, I'd feel much better knowing that the ability to decrypt my banking transactions were available to my ISP rather than an agency of the government.

 

Sing along with me. Here is the melody. Here are the lyrics:

 

http://harvardnsj.com/2010/11/nsj-forum-concerns-about-wiretapping-the-internet/

 

You know that does bring up some good points. It is far easier now than at any time in history to track people and invade their privacy. But I guess it's never enough. I use to be one of those people who didn't care. I used my real name everywhere. But over time and as things evolved, I started creating anonymous communications just because I can. I just like the feeling of being able to take back a little power and control of my life. I like knowing that it is *my* choice, and not the decision of complete strangers who have no interest or respect for me as an individual. As for Facebook? I have them set as untrusted in NoScript. It seems like almost every website I go to ....there Facebook always is too, wanting to connect.

 

In regard to the first cite, it is more precise to say that it is very unclear exactly what the FBI wants in order to deal with encrypted communication. Here is a video of the FBI general counsel's public statement, which is the basis for the first article, above:
http://judiciary.house.gov/hearings/hear_02172011.html

But here's an analysis of the results of the Electronic Frontier Foundation's FOIA request into the "Going Dark" program:
http://www.eff.org/deeplinks/2011/02/newly-released-documents-detail-fbi-s-plan-expand
Declan McCullagh's update:

Read more: http://news.cnet.com/8301-31921_3-20032518-281.html#ixzz1Aj56rNxh

 

Link to the transcript:

Valerie Caproni, General Counsel, FBI
http://www.fbi.gov/news/testimony/g...-surveillance-in-the-face-of-new-technologies
In other words, "Going Dark" approaches the problem incrementally. First things, first:

Here's the deal: tighten control on providers, and standardize intercept capabilities. The FBI has learned that discussing the encryption problem forthrightly and openly is suicide. It's not going to happen like that. They want control, not controversy. It's better (and more cost effective) to utilize pressure on all providers in order to establish an atmosphere of "cooperation." In a parallel effort, discourage the use of encryption (and anonymity) at all, by spreading disinformation. In terms of encrypted services specifically, use propaganda machine to steer users toward friendly providers, and to cast doubt upon those who won't cooperate.

 

More here:

Feds seek new ways to bypass encryption

 

Pretty great article by Declan McCullagh, whose work is referenced above as well. Highlights are an update from U.S. Secret Service, agent Stuart Van Buren, at the San Francisco RSA computer security conference last week:

And from Howard Cox, assistant deputy chief for the Justice Department's Computer Crime and Intellectual Property Section,a really interesting comment on Boucher:
"We believe we don't have the legal authority to force you to turn over your password unless we already know what the data is," said Cox, who also spoke at RSA. "It's a form of compulsory testimony that we can't do... Compelling people to turn over their passwords for the most part is a non-starter."
And for those occasions, some alternatives:

And much more, including bypassing encryption by gaining access to the contents of a computer's RAM by a boot of a laptop over a network or USB drive, and a scan for keys, and further decryption problems in the Alberto Gonzalez (Segvec) case.

Well worth a read. Thanks.

 

The most interesting part to me was:

The old backdoor push. One must ask what software and hardware makers will they ask for help? One can safely bet that they wont be getting help from the open-source volunteer projects. So, who does that leave? I can only think of a couple (at least where software encryption is concerned): Microsoft and PGP Corporation.

We already know about the controversy over MS's _NSAKEY, and we also know MS has put weak RNG's in their OS's in the past (maybe unintentionally, but still weak nonetheless). If your encryption software relies on the OS RNG, it doesn't matter how good the software is, the weak RNG will allow an adversary to get the keys. Further, I know the government had a fit over Vista and its new encryption capabilities -- they wanted a way around it.

As for PGP, we know they are the first to introduce the second key for corporations to use in case an individual loses his key. This was controversial and some thought it might start the road down a key escrow type of system.

 

Well, a decade ago, that particular kind of black bag job was a rarity, I guess.

And the backdoor push applies to ISPs as well: increased penalties for contempt, and perhaps other separate criminal charges as well. And even worse, the kind of chilling backroom leverage exerted over GoDaddy, described in the thread I started yesterday.

 

Cryptowars 2.0 and now this reverence to PGP backdooring. It's too funny!!!

For those who don't know who Phil Zimmermann is here's what he had to say about government enforced crypto backdoors in 1999:
http://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html

also:
http://en.wikipedia.org/wiki/Philip_Zimmermann#Criminal_investigation_by_US_Customs

and:
http://www.philzimmermann.com/EN/essays/BookPreface.html
http://www.pgpi.org/pgpi/project/scanning/

 

The way I see it, law enforcement is simply going to have to accept that they can no longer access the data on hard drives when the person used strong encryption and a strong password. Eventually, they'll have to accept that they can't have access to everything. They have no choice. But it really should have minimal impact on their investigative powers, and here's why.

If they're investigating someone, they probably already have a good amount of evidence of wrong-doing already (one would presume). Financial transactions, internet communications, e-mails, etc. are probably all already accessible, even if the individual used Tor or some ultra-secure VPN.

What possible crime would a conviction hinge on decrypting a hard drive? I'm not going to list them, but most if not all probably fall under the category of thought crimes.

As far as I'm concerned, strong encryption is a check against abuse of power, and it's much needed. They shouldn't be able to access everything.

 

I assume this was aimed at me. A couple of points:

1) I never said PGP is backdoored. I only said that they (and other companies based in the US) would be logical targets of government backdoors. If the codebase is ever closed, that should be a red flag. So far it has remained open-source (actually it was closed-source for a period when NAI bought it). It remains to be seen what Symantec does to it.

2) I don't think Zimmerman himself would ever advocate or have anything to do with backdoors, but today in 2011 I am not so sure he has that much pull in regard to the executive decisions.

3) We know for a fact NSA has tried to subvert crypto products manufactured in the USA (especially those that are exported). See Crypto AG. It's not unreasonable they would try it again.

4) I see no reason any individual user would want or need PGP when GnuPG is out there with no strings attached.

 

WDE "Whole Disk Encryption"

 

Sure but there's a lot of free WDE programs that are just as good.

 

Several years back, the CKT versions of PGP were created, partially due to a suspicion of a government backdoor in the official versions. Some went so far as to claim that NAI was a front for the NSA, whose very existence was denied at the time. The nature of the backlash by NAI and the government makes me believe that they feared these CKT versions and that the allegations weren't entirely rumor. Conspiracy theories aside, the CKT versions have an amazing history that in itself is worth reading.

Today has a lot in common with the events of that time. The only real changes are the company names and their "justifications" for wanting these backdoors (terrorists, pedophiles, etc).

The CKT versions were superior to the "official versions" at the time, stronger keys, feature packed. They also included PGP disk, and worked on XP. AFAIK, it still does. The last non-beta version, 6.5.8CKT08 is an impressive package that's still available if you look for it.

 

You didn't say that but suggested something close enough to that. You were spreading FUD and you know that. There is zero reason to point the fingers at them over any other commercial OR free as in freedom offering.

I wouldn't even take the NSAKEY as a backdoor example because there's too much speculation and theories surrounding it and lack of any clear evidence.
Speaking of keys, debian SSL keys anyone?

And then the open source comment. I agree, devs wouldn't "openly" help putting weaknesses into crypto subsystems. Nobody would be using that code any more or someone would make a NSA-free fork.
But, such "help" isn't needed. There are more elegant ways to achieve the same goal. You simply "help out" the community yourself, put in lots of bug fixes and improvements and among them some clever, innocent looking "tweaks" - OpenBSD, 'nuff said.

 

There's no reason they'd have to put a weakness or backdoor in an encryption program. The OS it gets installed on already has more than enough.

 

^^ True

However there's a difference between being able to passively eavesdrop encrypted traffic (can be done by ISP, IX...) and actively break into a computer system. That includes not only technical difficulty but also man-hours, budget, all sorts of legal ramifications and last but not least the risk of being detected.

Moving along your train of thought however we come to another conclusion:
Given how all important personal digital data today is stored, served, collected and analysed by handful corporations in a few datacenters who needs backdoors in the client system anyway?

Take Google Chrome OS: no local storage (it's just a cache), everything encrypted too but only between you and the datacenter. ALL data of all users just one call (soon click?) away.

 

Sure, but the crypto guys that work on the FOSS projects are all pretty paranoid in the first place. If some newcomer comes in wanting to inject his own code, they are going to audit the hell out of it. There's always a chance that someone could ingeniously inject some obfuscated code that looks like it is performing another legitimate function, but that is just as true in a corporate software environment as in a FOSS project. The difference is, with open-source those who are experts can openly audit it.

There's always a fear that someone somewhere is "doing evil" and there's no way to completely audit a system to the point that it can be proven free of backdoors. None of us have access to the hardware firmware and microcode in most cases, so we have to trust our motherboard chipset makers as well as AMD and Intel, etc.

There's never been any proof that this happened. It was shown that the times in which the accuser claimed another guy did this didn't even match with the time the guy was working on the project. There were bugs found after the audit, but they probably were not intentional as the bugs wouldn't make sense for a backdoor.

 

Getting away from FUD (this sort of discussion is bound to have a dose of it), it boils down to a few simple things really:

1. In an age where everything about you is stored on some server in some building, there simply is no need to worry over whether the powers that be can break this or that encryption. When the government wants something bad enough, they'll get it. You can't rely on ISPs, website owners, or even most corporations to watch your back. Most of the time, they'll all hand over whatever asked of them to get police/Feds off their back. Most aren't going to go to court for you and start up a freedom speech. I'm sorry that that just sucks, but it is what it is.

2. As stated previously, the OS itself does a good job of keeping records. Windows if left to its own devices is a diary and history book, ripe for the prying. We can run erasing programs, we can hunt down hidden away folders and registry entries, but that isn't always a guaranteed get out of jail free card.

3. I've said it many times before, and I won't change my mind, eventually encryption programs are going to become red flags, and so will encrypted traffic. "Well, what about whistleblowers?" you might say, to which I answer "precisely". After all the Wikileaks/Anon mess, along with many other reasons I'm sure the governments of the world would gladly tell you about, encryption will become less of a privacy tool in the eyes of those in power, and more of a hindrance. We all know what happens when governments are hindered. They either sneak their way around them with loopholes or just blast a hole in them.

4. When it all comes down to it, we don't know what they can do. Can they see and hear everything like some omnipresent god? Of course not. But, there is no way of knowing what some guy holed up in a DARPA lab figured out or is working on. There's no way of knowing what a group of people or even an individual tucked away in the CIA or NSA is cooking up. Every year funds are asked for projects with strange or out of place names in the U.S budget. We can debate the likelihood of this and that, backdoors in such and such, the millions of years it would take so many supercomputers to bust open such and such encryption. We can debate, argue, insult and display math formulas until our heads fall off.

The one thing we can never do though, until someone leaks or the information is released willingly to the public, is know exactly what is going on, who knows what, and what can and can't be done by these groups.

 

No encryption, no e-commerce. No cloud thingies, no drm media, no online shopping, no online banking. You could as well just turn the whole damn thing off.
Only public key encryption using a handful CAs that can/are be government controlled, now we are talking. No need to hide backdoors in the code either, all you need to do is give the feds a copy of all keys.

Or the Russians, Chinese, other well funded/bored/skilled groups/loners in the basements.
Makes for good movie plots.

Now, for everyone else, what about a healthy dose reality check?
If you are doing something your government doesn't approve of they will get you - if they really wanted to. It's always been that way.
But let's face it, you probably aren't an interesting enough target.

The widespread surveillance thing is another topic. But it's still only targeted advertisement and it's more or less voluntarily or simply the price you pay for all the "free" stuff you get on the internets.

In this context I recommend you all this blackhat 2010 talk:
"Changing Threats To Privacy From TIA to Google"
about the scope of choice you often have with these services, e.g. being left out of social changes like mobile phones and facebook or submitting to wearing a bugging device all the time and giving a lot of sensible private information to an ad broker. The point however is that unlike in a totalitarian regime you still have a choice and there are many ways to mitigate the risks, i.e. think before you post some funny picture to fb or pull out the battery if you are married and having an affair....

 

I'm aware of all of the places encryption is used, and yes, getting rid of it completely would set the clock back on the Internet entirely (we could debate that being good or bad as well, lol). However, programs like Truecrypt could take a hit if it was decided that John Doe "didn't really need it, and it's a hindrance to law enforcement and national security". As far as what we don't know being a good movie plot, perhaps. But, that doesn't mean the reality isn't still the same. I'm not speaking of conspiracy theories and "hacker takes over all infrastructure of the world"-type stuff. I'm talking about the fact that we have no idea what kind of tech these groups already have or are working on. Everything we have today was created and first used by the military, sometimes for years before we had access or even knew it existed.

Just because we in the public don't have something, or some security researcher can't figure out a way to create or break something, doesn't mean something doesn't exist or can't be made/broken. That's all I'm saying. As far as "interesting targets", well, that depends on them and the government as a whole. A few years ago religious groups, protesters, heck, even Wikileaks to an extent, were virtually ignored or deemed "harmless nutjobs". Now, more and more, people who used to be "harmless nutjobs" are being watched much more carefully, if not just plain spied on and targeted.

 

I think it will take a hit in the event of another major terrorist attack in the future. It could be anywhere from a "red flag", as you previously referred to it to an attempt to ban or, more likely, control its usage. Let's remember that consumer encryption was in its infancy in 2001. It's a totally different story now. The hit will be much more likely to happen if a terrorist uses encryption. In that case, you may even hear impassioned speeches about the dangers of crypto.

But it will all amount to little more than huffing and puffing. A few years after the event happens, it will die down. And, even during the heat of the event, most will eventually realize they have zero ability to control it. It's a bunch or 1's and 0's. Anyone with sufficient skill can probably write an encryption program that, while maybe not truly uncrackable, will for all intents and purposes, be uncrackable. And anyone can download it. We already have TrueCrypt, FreeOTFE, PGP, etc. Even in the absence of any further development, the current versions will be viable for the next decade. And, it's much easier for a programmer to further develop these old versions (if something were to happen to the current developers) than to start from scratch.

Furthermore, it's been known for a long time now that it's entirely possible to hide the presence of encryption. I was one of the first on the TrueCrypt forums to discuss these techniques, several years ago. Sure, a prosecutor could go to court claiming that a bunch of random data on a portion of a hard drive is encryption without any evidence of the program itself or usage of the program. I doubt it will amount to much. And, I'd be one of the first to teach people how to do it if crypto was ever seriously under attack.

Sorry, it can't be controlled. And intellectually honest lawmakers (if they exist) will reach that conclusion.