on the imprtance of encryption for those who have nothing to hide
TRANSCRIPT
1
Sheyne AndersonHONOR 3374: Privacy in a Digital Era
29 April 2016
On the Importance of Encryption for Those Who Have Nothing to Hide
Encryption has been in the news a lot lately as regulators attempt to limit its use and privacy advocates fight to defend it. What is encryption and why is it so important? At a basic level, encryption is using some secret thing called a key, such as a password or a file, and using it to turn messages into ciphertext, something that cannot easily be turned back into the original message without the key. In a world where our communications are increasingly traveling along paths we cannot see, encryption is the way that we can communicate and be confident that no one else is listening.
Most people have things that they would rather keep private. People ship their mail in envelopes, hold some conversations behind closed doors, and worry about scammers getting their social security number. Others have more critical things that they prefer to keep secret. Victims of domestic abuse try look for support covertly and spies try to keep their identity a secret. Using encryption helps these people not stick out. Building a cryptosystem which can be disabled at government behest is impractical and unwise. Such a broken system wouldn’t help law enforcement very much anyway, most criminals don’t use encryption as their only means of protection. In a digital era, encryption should be a fundamental part of how we communicate, of concern to everyone, and protected by statute.
Most people do not recognize that everything they transmit over the internet can be intercepted, viewed, and even changed. Because the internet is so vast and complicated people have a hard time comprehending this, but anything transmitted is sent on a complicated path of routers or devices that transmit data. Each message can take a different path, and any router in the path can read the message. Before most major websites adopted encryption for all of their traffic, someone could start up wireshark (a program that lets people see messages transmitted on their network) and intercept account credentials of anyone who logged in to something. Tools like FireSheep1 would automatically give users access to other people’s Facebook accounts as they logged in.
This poses the issue: why do we even care to hide what we are saying? People
who think they have nothing to hide often think that they have no use for encryption.
The same could be said about the fourth amendment, only people who have something
to hide should be concerned about the police searching their home. While we will soon
see that there are problems with this argument, it is rendered moot by the fact that
1 https://www.torproject.org/about/overview
2
nearly everyone has something to hide. Do you own a credit card? Do you show
everyone you meet the number? If you do not then you have something you hide. Do
you announce your social security number to strangers? You have something you hide.
More than twenty years ago Philip Zimmermann (the author of industry standard
encryption software PGP) commented that nearly everyone hides their mail in
envelopes2. Most of us would rather that not everyone working for the postal service can
read our personal messages, and because of this, envelopes are in common usage.
Imagine a world where most people just write postcards; anyone securing their
communication with envelopes might be considered radicals or terrorists.
Zimmermann’s essay seems especially prescient when he says “But the mere fact that
the FBI even asked for these broad powers is revealing of their agenda” while arguing
that the government would slowly increase their surveillance capacity until they reached
the level of an Orwellian state. A few years ago the encryption debate was brought into
the public eye when NSA analyst Edward Snowden revealed the scope of the United
States government's surveillance apparatus. As evidence that this issue has reached
mainstream debate, a popular satirical news show, “Last Week Tonight with John
Oliver” discusses the issue with Snowden. Oliver traveled to Russia to interview
Snowden and gave a controversially confrontational interview. He attempted to put the
question of government surveillance in a context that people would actually care about.
Oliver did this by handing Snowden a picture of his penis and asking how the various
NSA surveillance programs would get access to his “Dick Pic”3. By giving a concrete
2 https://www.schneier.com/blog/archives/2015/09/tsa_master_keys.html
3 https://en.wikipedia.org/wiki/AACS_encryption_key_controversy
3
example of something which many people do (take nude pictures) and consider private,
Oliver shows how surveillance and security issues affect everyone.
People also have access to other entities’ private data. Corporations have a
strong incentive to protect their trade secrets. Most have extensive records on their
employees. Employees will have access to some amount of this information. This might
be in the form of credentials to the company database, or may be data directly stored on
their machine. A programmer would have access to the company’s source code, often a
closely guarded secret. Lovers might have intimate photos of each other stored on their
phones. Someone may text their friend a message in confidence. Even if someone is
not interested in protecting their own privacy, protecting confidence bestowed on them
is still important.
Using encryption software to mask communications is valuable even if someone
truly does not have anything to hide. If using encryption is not mainstream, then the only
people using it will be “people with something to hide” and this is dangerous because
there are many groups that most people would agree need to be protected. Victims of
domestic abuse may be trying to get support in an anonymous manner. Let us assume
that an assailant can see that their victim(s) are sending encrypted messages. If
sending encrypted messages is not common practice then they will be suspicious.
Concern that this will happen might prevent victims from seeking help. Undercover cops
will want to use encryption and anonymity tools to infiltrate crime rings and
communicate with their handlers, but again, if the only people using the technology and
people who really need to hide then it has no value. A mob boss will be suspicious of
any mobsters using encrypted chat tools. A popular piece of anonymizing software,
4
TOR’s website states4 “Tor hides you among the other users on the network, so the
more populous and diverse the user base for Tor is, the more your anonymity will be
protected.” Tor was originally funded by the US government as a way to hide spies’
communications. It needed widespread adoption so that it could be effective at hiding
spies. Under the same logic a whistleblower living in a corrupt country may try to reveal
corrupt habits of politicians. As long as anonymous communication software is
prevalent in that county, the corrupt individuals outed will have no way to track down the
whistleblower.
When thinking about algorithms in computer science, we often simplify things by
referring to them as a black box. Such a simplification allows us to not worry about the
internal workings of a system and just consider what inputs the system takes and the
outputs it produces. While treating encryption as a magical black box that uses a key to
lock our data is sufficient for this paper, it is worth noting a couple of properties about
the box. The first thing is that it is not perfect. Perfectly encrypting something is possible
but requires the use of a key that is as long as the message to be encrypted. The key
must also be truly random, never reused, and transmitted to the recipient over a secure
medium. This is called a one time pad (OTP) and is completely unreasonable in
practice. There do exist ways to encrypt things that make it very computationally
intensive to break. Good encryption algorithms with good keys would take the lifetime of
the universe several times over to decrypt without the key. The second principle is that
nothing about the black box should be considered secret. The algorithms involved with
the encryption process are public knowledge. The only secret thing is the key. This is
4
http://www.wsj.com/articles/SB10001424052702304202204579252022823658850
5
important because it allows us to reason about cryptography and make guarantees
about its security. This removes the false sense of security that comes with secret
algorithms. It also encourages peer reviewing of algorithms to make sure that they end
up strong.
In addition to the black box that can use a key to encrypt and decrypt messages,
cryptographers have developed a second kind of box called asymmetric key encryption.
This uses two keys, one that encrypts and one that decrypts. It is analogous to mailing
someone an unlocked safe and having them put their message in the safe, lock it, and
mail it back. No one (even the person locking the message) can unlock the box except
the person holding the key. In the encryption world, the safe is called a “public key” and
the key that unlocks the safe is called a “private key.”
Using both kinds of black boxes discussed above we can think of a way to
appease law enforcement. What we will build up is called a key escrow system or a
back door. The idea is that we want symmetric (same key) encryption to do exactly as
described above with the added property that it has a second key that can decrypt any
encrypted message. To be practical, the master decryption key should not be known by
the encryption algorithm (otherwise anyone studying the algorithm would be able to
decrypt any message). This is where asymmetric key cryptography comes into play.
Imagine if the new backdoored encryption algorithm did everything as normal (with a
key let’s call K1), then used a well known public asymmetric key to encrypt K1.
Someone could then decrypt the file as normal, or, a third party with access to the
master decryption key that was paired with the well known public asymmetric key would
6
be able to decrypt K1, and use that to decrypt the message. For clarity, since the above
idea is quite complicated, I’ve included a picture describing the functionality.
There are other ways to make a key escrow system. There have been proposals
for the widespread adoption of some kind of key escrow system in the US since the
‘90s. The US government actually went so far as to build a custom hardware circuit (at a
time when it was computationally unreasonable to perform the encryption in software)
that included a government-backed key-escrow system. This was called the “Clipper”
chip and sparked major controversy in a time where encryption was still classified by the
US government as a munition and controlled by strict export regulations.
The problem with key-escrow systems is who to choose as the authority. The
organizations calling out for the creation of backdoors are most often governments, so
should governments hold the keys? However, they are asking private companies to
ensure that they (the companies) can decrypt customer data, so should the companies
hold the master keys? And companies are increasingly globalized, so should the US
government be able to compel Apple to decrypt a British person’s phone? How about
China asking to decrypt a US citizen’s phone? Should the US government be
responsible for the keys? How about the UN?
Even if there were some magical organization that actually had the authority to
hold the keys to the world’s data, how would such a system work? Would all requests
have to go through this central agency? How would we make sure that the information
Master Private Key (can unlock)
Key (K1)Encrypted with master public key (well known)
Message
Authority
Encrypted with K1
Saved to file
7
was turned over to the correct party? While all these problems are solvable, there is one
glaring issue that cannot be overlooked. What happens in the case that the key is
stolen? Electronic goods cannot be thought of like regular goods: once something is out
there, it costs next to nothing to make a copy of it. Copy after copy is made, and every
one of those copies can be copied again. At this point, the keys to everyone’s private
information are public and anything that has been encrypted up to that point can be
recovered. All machines will be vulnerable until an update is pushed, which in practice
will take a really long time. There are ways to mitigate these threats, specifically
encryption schemes that have a property called forward secrecy5, but using these
protocols would break our backdoor. The idea with a backdoor is that it should be able
to decrypt any message and is thus incompatible with forward secrecy. We cannot
assume that this magical organization is capable of keeping the keys secret forever,
even organizations with a huge financial incentive6, and the US government7 has been
shown to mishandle and leak public keys.
Exfiltration of master keys aside, the NSA has been criticised several times for
failing to ensure that agents handled sensitive content appropriately. There are
allegations8 that operatives would pass around sexy or compromizing pictures captured
5 http://bgr.com/2016/03/22/paris-attacks-iphone-encryption/
6 http://www.nist.gov/itl/csd/sp800-90-042114.cfm
7 https://www.wired.com/2013/09/nsa-backdoor/
8 http://arstechnica.com/tech-policy/2016/04/senators-play-terror-card-to-lobby-
public-for-backdoor-crypto-legislation/
8
by various programs. While the NSA has denied the claims, Snowden holds that there
was little to no auditing of the 18 to 22 recruits operating many components of the
program.
Given all the dangers discussed above, a master key would have to be incredibly
useful to national security to merit the risks. The problem is that we have not had a
single incident that having the ability to decrypt terrorist communications would have
averted. In the Paris bombings, the terrorist (probably concerned by the US and her
Allies’ surveillance capabilities) did not depend on encryption to communicate, but used
low-tech burner phones9. Boxes and boxes of the phones were found. An ex-NSA
analyst has argued that the NSA does not need more information. He argues that the
clues to solve most major incidents end up intercepted by the NSA, but that they are so
overwhelmed with the amount of information they are taking in that they can not find the
threat in time. Instead of more information, the NSA needs better ways to sift through
the data they already have10.
The government is powerfully interested in inserting a backdoor in
telecommunications. Efforts include consistent attempts to legally mandate backdoors.
The FBI has been incredibly vocal of late in their requests for legally mandated
backdoors. The NSA has worked to subvert the security community by introducing
covert backdoors into public encryption standards. They’ve also built tools capable of
defeating the TOR network.
According to classified documents leaked by Snowden, the NSA has spent
hundreds of millions of dollars to “defeat the encryption used in specific network
9 http://thehackernews.com/2016/02/encrypt-act-2016.html
10 https://www.youtube.com/watch?v=XEVlyP4_11M
9
communication technologies” in covert project Bullrun. While little is known about the
project, one of the most commonly cited examples is the backdooring of the
Dual_EC_DRBG. Dual_EC_DRBG is a PRNG or pseudo-random number generator.
While it is impossible for deterministic computer code to produce truly random numbers,
it is possible to produce numbers that cannot be predicted without the “seed” or small
amount of information used to start the PRNG. Dual_EC_DRBG was proven to be
strong assuming certain math problems are hard to solve (we still believe they are) and
assuming that certain parameters P and Q were chosen randomly. It is widely believed
(although not proven) that the NSA chose P and Q to satisfy the equation e*Q=P where
e is some constant known only to the NSA. Because of the construction of the problem,
solving for e is not as simple as dividing by Q (for more information read about modular
arithmetic11 and factoring.) This e becomes a backdoor, allowing them to predict the
output of the PRNG. This allows them to break many widely used encryption algorithms
assuming that the algorithm is run with Dual_EC_DRBG. The NSA successfully
convinced RSA Security to use Dual_EC_DRBG as the default PRNG for all their
customers. As a result, a huge portion of all web traffic was vulnerable.
Dual_EC_DRBG has since been removed as a recommendation by NIST12 and by RSA
security. There had been some suspicion that the NSA had backdoored
Dual_EC_DRBG before the Snowden revelations and you can find an easy-to-
understand discussion of the whole issue here13.
11 http://www.newsmax.com/Newsfront/AmnestyInternational-chicago-meeting-
surveillance/2014/04/05/id/563875/
12 http://whatis.techtarget.com/definition/surveillance-metadata
13 https://en.wikipedia.org/wiki/Forward_secrecy
10
Privacy extends past the content of messages. The amount of data that can be
discerned from so-called metadata can be astronomical. Surveillance metadata are any
details about data pertaining to the actions of an observed party.14 What that means is
that a phone call is data and and who is calling/called, how long they speak, and when
they speak is metadata. Edward Snowden argued that the information that can be
extracted from metadata is greater and more dangerous than the content of the
communication itself15.
So, in light of all this, here are some of the best practices and technologies
people can use to secure their communications. SSL is the simplest and goes a long
way. It is used by accessing web pages as https://www.example.com/ (note the “s” in
“https”). There are browser plugins like “HTTPS everywhere” for Chrome which ensure
that HTTPS is being used by all websites that support it and will warn users when they
are accessing a page insecurely. On the topic of HTTPS/SSL it is important to heed the
“secure connection failed” and “certificate not trusted” messages that browsers
sometimes show with HTTPS. This is a warning that something nefarious is probably
going on. SSL can also be used with email. When setting up an email client (such as
the Mail app on iOS, or Outlook on windows) make sure that the “SSL” or “encrypted”
box is checked. If your email provider does not support this feature, you should get a
different email provider or know that any of your emails may be stolen if you check your
mail at a coffee shop -- or stolen anywhere else for that matter, it just requires access to
your internet service provider (ISP), or some ISP handling the message intercepts it.
14 https://en.wikipedia.org/wiki/Modular_arithmetic
15 http://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html
11
While SSL helps, it is not a panacea. It is what is called “transport encryption”
which means that it encrypts messages while communications are occurring. Your email
provider still has access to any and all messages sent over SSL. There exist tools such
as PGP (Pretty Good Privacy) which allow you to encrypt messages you send. You can
can exchange keys with the people you want to send encrypted mail to and then send
mail that only they will be able to decrypt16. This works for any kind of text message you
want to send, from Email, to Facebook message. There are a growing number of apps
for iOS, Android, and desktop computers that offer end to end encryption. The
Electronic Frontier Foundation (EFF) has a list of such apps and gives them a score
based on how secure they are17.
Finally, you may value the ability to anonymously communicate. While there are
websites that allow you to post anonymously such as Reddit, YikYak, or, more
infamously, 4Chan, the website owners still have access to your IP address. This
number identifies your current network connection (and can probably be traced back to
you). The solution is to put some kind of intermediary between you and the website you
are trying to connect to. Such an intermediary shows up in your place from the
perspective of the website you are connecting to and is called a proxy. There are
several kinds of proxies. A simple HTTP proxy can hide your web requests and make it
look like they are coming from a different part of the world. A VPN can mask all of your
communications, sending all traffic through them. For both kinds of proxies, your
security depends entirely on the quality of the proxy you use. As a general rule, if
something is free, then you are the product. This holds especially well with proxies. A
16 http://www.pgpi.org/doc/pgpintro/
17 https://www.eff.org/secure-messaging-scorecard
12
stronger tool, TOR18 is a distributed proxy, where any traffic sent through TOR is
bounced through many proxies, encrypted at each step. This tool is free and easy to
use, although it comes at the cost of substantially slowed network performance.
At the same time, governments are attempting to regulate encryption from all
angles. Several states are talking about restricting encryption and requiring backdoors
and have bipartisan support. Bills were proposed by a Republican in New York and by a
Democrat in California. In response to these regulatory efforts California Democrat Ted
Lieu and Texas Republican Blake Farenthold introduced a bill “Ensuring National
Constitutional Rights for Your Private Telecommunications Act of 2016" ("ENCRYPT
Act of 2016")19 which would block states from banning encryption within their borders.
They cited the difficulty states would impose on companies by having a different set of
laws in each state they operated in and the fact that such laws would be largely
ineffective because citizens of one state would be free to just cross a border can get a
different model (of encrypted device). The bill does nothing to prevent bans on
encryption or requirements of backdoors on a national scale. It just attempts to ensure
that the country will have consistent rules. As such it has seen more support than
similar measures.
In response to the Paris attacks, the San Bernardino shootings, and a less
publicized “islamic State-inspired attack last year in Garland, Texas” a pair of
congressmen from both parties have proposed a bill that would require “a person or a
company—when served with a court order—to provide law enforcement with
18 https://www.torproject.org
19 http://www.nytimes.com/2014/07/21/us/politics/edward-snowden-at-nsa-
sexually-explicit-photos-often-shared.html?_r=0
13
information (in readable form) or appropriate technical assistance that is responsive to
the judicial request. This will enable law enforcement to conduct investigations using the
communications involved in criminal and terrorist activities.”20 They soften this
requirement by saying “We want to provide businesses with full discretion to decide how
best to design and build systems that maintain data security while at the same time
complying with court orders.” This would allow private companies to become the
gatekeepers of their customers secrets, only giving up the decrypted information in the
case of a court order. They could of course be ordered to hand over the information by
the FISA court and required not to tell anyone that they decrypted the phone.
The bill would apply to any company doing business in the US and many of these
businesses operate abroad. The bill is silent about how US companies should react to
foreign governments ordering them to decrypt phones. This bill would set a dangerous
precedent and raise difficult international questions. As discussed earlier, what
countries should be able to require devices be decrypted?
All these issues are insurmountable. People value personal privacy, with most
having things that they would prefer not everyone knew. Some people depend on
encryption for their safety and this depends on widespread use of crypto tools. While it
would be nice if law enforcement could decrypt the phones of dangerous criminals and
terrorists, the dangers of a backdoor far outweigh the benefits. Especially since such
backdoors wouldn’t do much to prevent crime.
20 https://codebutler.github.io/firesheep/