July 24, 2013

As Feds Demand the Keys, Preparing for the Death of Public-Key Encryption

With further confirmation of the longstanding rumor that the U.S. government (and, we can safely assume, other governments around the world) have been pressuring major Internet firms to provide their "master" SSL keys for government surveillance purposes, we are rapidly approaching a critical technological crossroad.

It is now abundantly clear -- as many of us have suspected all along -- that governments and surveillance agencies of all stripes -- Western, Eastern, democratic, and authoritarian, will pour essentially unlimited funds into efforts to monitor Internet communications.

This goes far beyond the targeted wiretaps of yesteryear. It is now a fundamental doctrine of surveillance religion -- bolstered by anti-terrorism hysteria and opportunism -- that it is the purview of government to capture and store virtually all communications, for both real-time and ideally retrospective analysis on demand.

The rather Orwellian mindset of these agencies and their minions is clear -- they don't even consider such vacuuming of data to be eavesdropping until a particular target is in focus for actual, detailed inspection.

And they especially don't like having to go "hat in hand" to Internet services asking for specific data, since many of these services have the annoying (to the spooks) habit of pushing back against overly broad data requests.

So it should come as no surprise that intelligence efforts in this sphere have become ever more focused on compromising the underlying encryption frameworks, permitting potentially comprehensive access to data via Deep Packet Inspection (DPI) and other techniques directly from high traffic interconnecting communications channels themselves.

Whether or not such behavior can be justified from valid national security, public safety, or other grounds -- vs. the damage done to civil rights in the process -- is a policy and political question, not a technical one per se.

But as technologists, I believe that we now -- more than ever -- must start coming to grips with an unpleasant truth.

Public-key cryptography as we know it today may be rapidly approaching the end of its useful lifespan.

The red flags have been popping up all over.

We've seen serious compromises of encryption certificates and certificate issuing authorities, increasing concerns about the security of widely used cipher algorithms, and a range of other associated exploits.

But even then, it's all too easy not to see the forest for the trees.

We quickly lapse into arguments about RC4 and AES, Perfect Forward Secrecy, active vs. passive attack models, and a virtual cornucopia of other crypto slang to gladden our geeky hearts no end.

Yet just as we now know that the essentials of public-key (asymmetric) crypto were secretly developed by the UK's GCHQ several years before the publication of Diffie and Hellman's work, it is prudent to at least assume that intelligence agencies around the globe may still be working several steps ahead of public "state of the art" in crypto tech -- including the means to subvert widely used mechanisms.

This seems especially true given the apparently massive and bloated influx of funding and other resources being provided these agencies for ostensible anti-terror and "cyberwar" projects of enormous (and mostly secret) scopes.

To be sure, there are many balls in the air. For example, we don't really know the extent to which governments may have forced the hands of chip manufacturers to include "special goodies" for surveillance purposes. It's easy to dismiss such ideas as unlikely -- but given recent events, discounting them entirely would seem problematic.

Similarly, we know that when governments really want to target someone, they'll find some way to compromise the associated computers directly -- either through phishing or other malware attacks, or via in-person "black bag" jobs to physically alter systems as they might feel appropriate.

So specific targets -- justified or not -- probably don't have much of a chance.

Still, as technologists concerned about the fundamental security of the Internet against massive, untargeted data collection -- if only to help protect our data from illicit attacks if nothing else -- I believe it would be fully appropriate for us to be considering alternative methodologies for data protection that are sufficiently outside the existing public-key "box" to provide citizens and consumers alike a higher degree of confidence that their legitimate and appropriate communications will be free from unwarranted and unreasonable interceptions by any players, foreign or domestic.

To be clear, this is not to assert that targeted, justified intercepts should not be possible under appropriate and realistic court supervision.

However, massive, unfocused, prospective data collection by agencies around the world is much harder to justify, and vastly more subject to potential abuse.

The individual paths at this crypto crossroad may not be clearly marked. But the route we choose to take may be among the most important decisions not only of our lives, but for generations to come.

--Lauren--

Posted by Lauren at July 24, 2013 10:30 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein