So the resolution explicitly calls for gaining “targeted access to encrypted data”, but we’re going to say that’s not a “backdoor in encryption”. Because we say things.
Sorry, @TechCrunch. The resolution may or may not be serious, but it’s not ambiguous. You either gain access to encrypted data or you don’t. techcrunch.com/2020/11/09/wha…
The problem with encryption backdoors isn’t solved by “proportionality” or having great laws that ensure the tech is only used in a targeted manner.
The problem with encryption backdoors is that to use them in a targeted way, you first need to create an encryption backdoor.
I’ve been watching these proposals for years now, and they always include boilerplate about warrants and proportionality and “targeted access”. But when you ask real technical requirements questions, it becomes obvious that technical restrictions are not acceptable.
For example: a terrorist attack has occurred, and the suspect is dead. Police want access to his texts — but he wasn’t a suspect when the texts were sent.
Does the technology allow police to decrypt texts sent by a non-suspect? Then congratulations: it can access anyone’s texts.
If you ask police whether they’d accept a system that can only access the texts of people who were specifically targeted for surveillance in advance, they think about it and tell you “no”.
(But it takes them a while to think about this, because it doesn’t occur to them that “restricting surveillance only to specific targets”, in a technological sense, generally only works if the targeting is done before messages are sent.)
The minute you say “I may need access to the texts of a suspect who wasn’t necessarily a suspect when they sent the texts”, you’re throwing away basically every *technological* mechanism for preventing mass surveillance.
At this point your only option is to make sure you can protect (and prevent yourself from abusing) the incredibly powerful encryption keys that give you this incredible surveillance power.
And you won’t be able to do any of that.
The only serious (messaging backdoor) proposal I’ve seen that takes a technical approach to preventing mass surveillance is the one from GCHQ, which proposes to “wiretap” group messaging systems by adding “ghost users” to chat sessions.
This actually is somewhat more resilient to abuse, because it requires active surveillance of targeted individuals. You can’t go back in time and read anyone’s messages from last week. (I have some other issues with that proposal, but I give it points for caring.)
But police don’t want some annoying targeted access system that keeps them honest. They want to read the messages from the guy they *didn’t* know was a criminal last week. That’s what San Benardino was, that’s what Vienna is. Etc.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Not to pick on @SwiftOnSecurity here, but since Juniper and Dual EC are in the news, I think it’s worth revisiting the evidence that someone deliberately inserted Dual EC as a backdoor.
But short summary: Juniper included two random number generators in their NetScreen devices. One was documented. The other was undocumented. The undocumented one was Dual EC. 1/
New Reuters article on the NSA’s “new” policy around inserting backdoors into commercial encryption systems. A lot in here. reuters.com/article/us-usa…
Or rather, a lot *not* in here. After the disaster that was the 2015 Juniper hack (due to an NSA backdoor in Juniper’s VPN products being exploited by foreign hackers), the NSA has developed a set of new policies. But they won’t talk about them of course.
Oh look, here’s Juniper admitting to Congress that an NSA backdoor was exploited in their products. And the NSA writing a report on “lessons learned”. Which they then misplaced.
In most ways except one, the encryption debate is the same as it ever was. So what’s changed?The current administration has demonstrated that app store bans can be used as a hammer to implement policy, and you can bet these folks are paying attention. gov.uk/government/pub…
This is where a lot of these “you can’t ban math” and “anyone can implement encryption in a few lines of code” arguments really fall apart. These people don’t care about any of that, they want to make encryption tools inaccessible to the broader public.
Someone tweeted me a link to Signal’s official instructions for sideloading on an Android phone. Unfortunately, I use an iPhone, which turned it into a direct link to the App Store.
Cool new attack on static (non-EC) Diffie-Hellman in OpenSSL. Takes advantage of a timing vulnerability on the server side to extract the connection pre-master secret. Crypto implementations are hard. raccoon-attack.com
This is such an insane attack. You literally get a tiny timing oracle that tells you whether the DH secret begins with a zero byte. And then you just repeat that experiment until you’ve got the whole key. We’re all doomed.
In practice this isn’t a terribly big deal. Static DH is rare and is going away in recent versions. This is further evidence that maybe it should go away faster.
I know it feels a little like kicking someone while they’re down, but I wish Mozilla had just focused on improving their browser product to compete with Chrome during that critical period when Chrome ate all their marketshare.
I mean if you make one product and the biggest company in the world comes at you with a direct competitor, you have to step up. Not try to make another competitor from scratch that competes with the big company’s other products.
Also, Mozilla had $450m revenue in 2018. I guess I’m just a professor and maybe that’s what a couple of SF apartments cost now, but: that seems like a very respectable budget to invest in making your browser better.