Wednesday, April 29, 2015

Some notes on why crypto backdoors are unreasonable

Today, a congressional committee held hearings about 'crypto backdoors' that would allow the FBI to decrypt text messages, phone calls, and data on phones. The thing to note about this topic is that it's not anywhere close to reasonable public policy. The technical and international problems are unsolvable with anything close to the proposed policy. Even if the policy were reasonable, it's unreasonable that law enforcement should be lobbying for it.


Crypto is end-to-end


The debate hinges on a huge fallacy, that it's about regulating industry, forcing companies like Apple to include backdoors. This makes it seem like it's a small law. The truth is that crypto is end-to-end. Apple sells a generic computer we hold in our hand. As a user, I can install any software I want on it -- including software that completely defeats any backdoor that Apple would install. Examples of such software would be Signal and Silent Circle.

It seems reasonable that you could extend the law so that it covers any software provider. But that doesn't work, because software is often open-source, meaning that anybody can build their own app from it. Starting from scratch, it would take me about six-months to write my own app that would talk to other people using the ZRTP encryption standard.

Well, presumably if you couldn't regulate the software on the phone, you could regulate a service in the Internet. That doesn't work, either. Such services could be located in another country, because there are no real national borders in cyberspace. In any event, such services aren't "phone" services, but instead just "contact" services. They let people find each other, but they don't control the phone call. It's possible to bypass such services anyway, by either using a peer-to-peer contact system, or overloading something completely different, like DNS.

Like crypto, the entire Internet is based on the concept of end-to-end, where there is nothing special inside the network that provides a service you can regulate.

The point is this. Forcing Apple to insert a "Golden Key" into the iPhone looks reasonable, but the truth is the problem explodes to something far outside of any sort of reasonableness. It would mean outlawing certain kinds of code -- which is probably not possible in our legal system.

China and Russia want it, too


The problem with forcing Apple to give a "Golden Key" to the US government is that all governments will want such a key, too. This includes repressive regimes like China and Russia.

This risks balkanizing encrypted phone calls. The Internet knows no national borders. I regularly make calls around the world using encrypted voice apps like Signal. When each country passes backdoor laws, they'll all do it differently, and they'll all break. In some cases, it'll be impossible to call another country with compatible software.

This will make travel difficult. Last time I was in Japan, I used Signal to call back to the United States, using the local wifi, purely to avoid roaming charges (not even caring that it was encrypted). This sort of thing would now be illegal, because while I might have the FBI's Golden Keys installed on the phone, I wouldn't have Japan's. They would notice, and come arrest me.

Even if you could get all this worked out, standardizing things, making this automatic, you've now got a hundred countries with their finger in the pie. There's no way to make this work.


China and Russia want it, too (part two)


The FBI's testimony stressed that they would only use the Golden Key with a lawful warrant with full Fourth Amendment protections. So would the law enforcement agencies of China and Russia -- only their lawful warrants include suppression of political dissent.

Here's the deal: in the modern world where electronics are the only means of communication, crypto backdoors can make dissent nearly impossible. We saw that in Soviet Union, where even things like copy machines were tightly controlled by the state. 

Like it or not, the United States sets the agenda on freedom around the world. Our policy must be in support of strong crypto around the world, so that citizen's can hide data from repressive governments. There is no way to have a backdoor for United States communications while opposing backdoors elsewhere.

Our country really isn't trustworthy


The elephant in the room during today's testimony is that our government really isn't as trustworthy as we'd like. It's more than just the Snowden revelations of mass surveillance of phone records.

Law enforcement used "Stingray"-like devices over 100,000 times last year to intercept mobile phones. Yet, this was challenged in court zero times. Most of the time they hide from defendants that Stingrays were even used, and in the few cases where defendants challenged them, they simply dropped the case rather than expose their use.

As the congressional probing demonstrated, the FBI is gathering everyone's cell location records all the time. While they don't know your exact location, they do know within a few blocks. Again, this is all secret, and not accountable to the public.

The United States jails 10 time more of its people (as a percentage) than other free countries, more even than China or Russia. With 5% of the world's population we have 30% of the world's prisoners behind bars. A big piece of Hillary Clinton's 2016 platform is getting these people out of jail. It's also important to the Koch brothers (the other side of the political spectrum) -- they recently removed criminal background from application forms for their companies.

We have a long way to go to reform law enforcement in this country. It's not reasonable at this time to give them vast new powers that totalitarian regimes drool over.

It's improper for them to ask


Today's testimony by the FBI and the DoJ discussed the tradeoffs between privacy and protection. Victims of crimes, those who get raped and murdered, deserve to have their killers brought to justice. That criminals get caught dissuades crime. Crypto makes prosecuting criminals harder.

That's all true, and that's certainly the argument victim rights groups should make when lobbying government. But here's the thing: it's not the FBI's job to care. We, the people, make the decision about these tradeoffs. It's solely we, the people, who are the constituents lobbying congress. The FBI's job is to do what we tell them. They aren't an interested party. Sure, it's their job to stop crime, but it's also their job to uphold rights. They don't have an opinion, by definition, which one takes precedence over the other -- congress makes that decision.

Yet, in this case, they do have an opinion. The only reason the subcommittee held hearings today is in response to the FBI lobbying for backdoors. Even if this issue were reasonable, it's not reasonable that the FBI should lobby for it.

Conclusion


I'm a big fan of the idea that reasonable people can disagree, that there are two sides to every debate. This applies to even rancorous debates like abortion and global warming. On many issues, I defend the reasonableness of the opposing side: while I disagree with their policy, I agree that it's not unreasonable. I point this out to stress the fact that I'm not calling this policy unreasonable simply because I disagree with it.

It's not merely a matter of forcing Apple to provide the FBI a Golden Key, because users would still encrypt anyway, and Russia would want their own Golden Key. Solving those problems means a public policy that looks nothing like the original one proposed. While it's reasonable for the people to bring up the subject, it's wholly unreasonable for the FBI. They serve us, they should stop acting like we serve them.



1 comment:

Keith said...

As always, a truly amazing post.

Crypto is end-2-end, and anything the US can do, Russia and China can do--and they'd probably do it better.

I've heard comments that this isn't a 'technical' issue, but one of policy, that multi-key encryption is possible, from listening to podcast like Security Now on Twit. I couldn't find further documentation of the multi-key encryption bit, but I agree that even if we manage to fix that, there are other practical implementation issues that need to be address.

But your point about the government not being trustworthy is 100% valid, and pertinent to this discussion, if you can't trust the government to play by the rules, than discussing the rules is irrelevant. What you need to do, is to make sure the government can't play at all. Which is what Apple is doing with their fully encrypted devices.