The Challenge Of Encryption Backdoors
In the wake of the recent London Bridge terrorist attack using a truck as a weapon, British Prime Minister Theresa May has renewed her desire for software vendors to provide her with an encryption backdoor so that British law enforcement can look at messages from iPhones and Facebook’s Whatsapp, among other software.
In the U.S., some law enforcement officials, most notably the FBI, have asked for similar backdoors, while the U.S spy agencies – the NSA and CIA – have said that would be a really bad idea.
This past week we had a real world example of why giving any government what is referred to as a “golden key” would be a bad idea.
A hacker attempted to hack into British Members of Parliament email using a brute force attack (just keep trying passwords until something works). The British Parliament IT folks detected this attempt and solved the problem by turning off Parliament’s email servers – sort of a self inflicted denial of service attack. This, they claimed, was part of “robust measures” to protect their accounts and systems.
The mistake they made, apparently, was turning the servers back on.
Now they are saying that some number – they say less than 1% but they are still looking – of the accounts on the Parliament email server were compromised.
They blamed the user’s poor choice of passwords. Likely true, but blaming the user won’t get you many brownie points.
That brute force attack came just days after reports surfaced of Russians selling MP’s credentials stolen from other breaches – working on the assumption, I guess, that people reuse passwords. Which, of course, they do.
Apparently their systems did not have very robust protections against simple brute force hacking; they did not require users to change their passwords in light of the Russian report, they did not force users to choose secure passwords and they did not implement what is becoming the new norm, two factor authentication.
But they want us to trust them to be able to protect a golden encryption key. What makes you think that if they cannot protect an email server, they can protect what is likely a much more coveted target – a golden encryption key.
On this side of the pond, both the NSA and CIA – organizations that rightfully pride themselves as being among the most security conscious organizations in the work – continue to be the source of leaked hacking tools.
The CIA continues to be embarrassed by Wikileaks disclosure of more and more hacking tools as part of what they are calling Vault 7 and the NSA has to deal with the likes of Edward Snowden and Hal Martin, both Booz Allen contractors to the NSA who stole massive amounts of highly sensitive data from the Agency. In Martin’s case, they are saying it amounts to tens of terabytes of highly classified information.
But, we should trust these folks – and the much lower echelon folks such as city police departments – with golden encryption keys.
I am not beating them up. If one person knows something, it is a secret. As soon as two people know it, it is not a secret any more.
In the case of encryption keys, reality says that it will be tens, hundreds or thousands of people, whether government employees or vendors to the government, like Booz, that will have to know these keys. It is just hard to do and those keys will be HIGHLY prized by hackers.
If one of these keys is compromised, what do you do then? There is likely NO WAY to undo the damage of compromising any communications that were protected using those compromised keys. No way at all. You just can’t get that genie back in the bottle again. You might be able to change the key, but that would require updating every copy of the software anywhere in the world – not a simple task.
This is all in the name of what some people call the “Going Dark” problem – of people using encryption.
At the same time the NSA built a data center – over one million square feet – near Bluffdale, Utah. Forbes estimates that it will have a storage capacity of between 3 and 12 exabytes of data in the short term. Of course, the real number is classified, so do not expect the NSA to confirm or deny that number. And that capacity, whatever it is, will only grow over time.
An exabyte is 1,000,000,000,000,000,000 bytes of data. A somewhat large number.
Even with that massive capacity, reports are that the NSA can only store what it currently collects for a few days, quickly filtering what it wants to keep while trashing the rest.
It is, as they say, an interesting problem. One which I am sure that politicians – and likely NOT computer security folks – will try to solve by passing a law.
Stay tuned; this has just begun.
Information for this post came from Bleeping Computer.