Sunday, July 28, 2019

Why we fight for crypto

This last week, the Attorney General William Barr called for crypto backdoors. His speech is a fair summary of law-enforcement's side of the argument. In this post, I'm going to address many of his arguments.

The tl;dr version of this blog post is this:

  • Their claims of mounting crime are unsubstantiated, based on emotional anecdotes rather than statistics. We live in a Golden Age of Surveillance where, if any balancing is to be done in the privacy vs. security tradeoff, it should be in favor of more privacy.
  • But we aren't talking about tradeoff with privacy, but other rights. In particular, it's every much as important to protect the rights of political dissidents to keep some communications private (encryption) as it is to allow them to make other communications public (free speech). In addition, there is no solution to their "going dark" problem that doesn't restrict the freedom to run arbitrary software of the user's choice on their computers/phones.
  • Thirdly, there is the problem of technical feasibility. We don't know how to make backdoors available for law enforcement access that doesn't enormously reduce security for users.


The crux of his argument is balancing civil rights vs. safety, also described as privacy vs. security. This balance is expressed in the constitution by the Fourth Amendment. The 4rth doesn't express an absolute right to privacy, but allows for police to invade your privacy if they can show an independent judge that they have "probable cause". By making communications "warrant proof", encryption is creating a "law free zone" enabling crime to be conducted without the ability of the police to investigate.

It's a reasonable argument. If your child gets kidnapped by sex traffickers, you'll be demanding the police do something, anything to get your child back safe. If a phone is found at the scene, you'll definitely want them to have the ability to decrypt the phone, as long as a judge gives them a search warrant to balance civil liberty concerns.

However, this argument is wrong, as I'll discuss below.

Law free zones

Barr claims encryption creates a new "law free zone ... giving criminals the means to operate free of lawful scrutiny". He pretends that such zones never existed before.

Of course they've existed before. Attorney-client privilege is one example, which is definitely abused to further crime. Barr's own boss has committed obstruction of justice, hiding behind the law-free zone of Article II of the constitution. We are surrounded by legal loopholes that criminals exploit in order to commit crimes, where the cost of closing the loophole is greater than the benefit.

The biggest "law free zone" that exists is just the fact that we don't live in a universal surveillance state. I think impure thoughts without the police being able to read my mind. I can whisper quietly in your ear at a bar without the government overhearing. I can invite you over to my house to plot nefarious deeds in my living room.

Technology didn't create these zones. However, technological advances are allowing police to defeat them.

Business's have security cameras everywhere. Neighborhood associations are installing license plate readers. We are putting Echo/OkGoogle/Cortana/Siri devices in our homes listening to us. Our phones and computers have microphones and cameras. Our TV's increasingly have cameras and mics, too, in case we want to use them for video conferencing, or give them voice commands.

Every argument Barr makes about crypto backdoors applies to backdoor access to microphones, every arguments applies to forcing TVs to have a backdoor allowing police armed with a warrant to turn on the camera in your living room. These are all law-free zones that can be fixed with backdoors. As long as the police get a warrant issued upon probable cause, every such invasion of privacy is justified in their logic.

I mention your TV specifically because this what George Orwell portrays in his book 1984. The book's opening is about Winston Smith using the "law free zone" of the small alcove in his living room that's just outside the TV camera pickup, allowing his seditious writing in a diary. This was supposed to be fanciful fiction of something that would never happen in the future, but it's exactly what's happening now.

Law free zones already exist because we don't live in a surveillance state. Yes we want police to stop crime, but not so much that we want to wear a collar around our neck recording everything we say, tracking our every movement with GPS. Barr's description of the problem is a pretense that technology created such zones, when the reality is that technology created a way to invade such zones. He's not asking to restore a balance, but is instead asking for unbalanced universal surveillance. Every one of his arguments for crypto backdoors apply to these other backdoors as well.

The phone company

Barr makes the point that we regularly mandate companies to change their products in the public interest, and that's all he's asking for here. But that's not what he's asking.

Historically, telecommunications (the plain old telephone system) was managed by the government as a utility in the public interest. The government would frequently regulate the balance of competing interests. From this point of view, the above legal argument makes a lot of sense -- all that law enforcement is asking for is this sort of balance.

However, the Internet is not that sort of public utility. What makes the Internet different than the older phone system is the "end-to-end principle", first expressed in the 1970s. In the old days, the phone company was responsible for the apps you ran on your devices. With the Internet, the phone company no longer does apps, but only transmits bits. End-to-end encryption is integrated with the apps, not with the phone service.

Scene from 2001 A Space Oddyssy
Consider pre-Internet sci-fi. They frequently showed people making video phone calls and being charged an absurdly (for the time) low price of only $1.70 by the phone company.

But that's not how things have turned out. The phone company has no video phones. AT&T does not charge you for making a video phone call on their network. Moreover, $1.70 is an absurdly high price. I frequently make 1080p hi-def video calls to Japan and it costs nothing.

Barr's speech talks about a Mexican drug cartel using WhatsApp's end-to-end encryption to defeat wiretaps when planning the murders of politicians. That's an app by Facebook, one of the top 5 corporations in the world, and something easy for governments to regulate. However, WhatsApp's end-to-end technology is based on Signal, which is free software controlled by nobody. If Barr succeeds in backdooring WhatsApp then all that means is drug cartels will switch to Signal.

At this point, no amount of regulating corporations will fix the problem. Signal is what's known as "open-source". Anybody can download it for free, either that specific version, or their own version with any features removed.

To regulate this, government will have to instead regulate individuals not corporations or public utilities. They would have to ban unlicensed software that people create themselves. App stores, like that from Apple, would include government review of what's legal or not. Jailbreaking or installing software outside an app store would be illegal.

In other words, we aren't talking about a slight rebalancing by regulating Facebook, we are talking about an enormously unbalanced cyber dystopia taking away a fundamental right of the people to run software on their computers that they write themselves. Signal is no harder to use than WhatsApp. It's absurd thinking Mexican drug cartels wouldn't just switch to Signal if WhatsApp were backdoored.

Barr pretends the balance is expressed in the Fourth Amendment, but from this perspective, it's the Third Amendment that's important. That's the one forbidding quartering troops in our homes. Barr describes CALEA requiring telephone switches to allow wiretaps. But that's regulating a public utility, which in colonial times, would be akin to the streets, sewers, or water supply. What backdoors demand doesn't affect the utilities, but the phones in our hands, owned by us and not the utility. Barr demands that we, the consumers, can no longer choose what software we run on the device. We must instead "quarter" government software on our personal devices.

I'm glad Barr brings up Mexican drug cartels using WhatsApp to evade wiretaps to murder and pillage. It sounds like a convincing argument for his side, because it means only small regulation of Facebook to achieve the goal. But since the cartels would obviously switch to Signal in response, we are confronted with what crypto backdoors really mean: a massive overhaul of human rights.

The world is end-to-end. That's the design of the Internet protocol from the 1970s that makes it different from the phone company. It's the design of crypto today. There is no way for Barr to achieve "balance" without destruction of this basic principle.

Two tier crypto

Barr claims that consumers don't need strong crypto. After all, consumers are just protecting messages to friends, not nuclear launch codes.

This is fallacy well known to cryptographers, the belief in two tiers of encryption, a "consumer level" and "military grade", that one is weaker than the other. This is a cliche people learn from watching too much TV. Such tiers don't exist.

20 years ago our government tried to weaken crypto by limiting keys to 40-bits for export to the rest of the world, while allowing 128-bits for U.S. citizens. That was their way then for retaining their ability to spy on Mexican drug cartels while protecting citizens. It's an excellent analogy for explaining why there's no such thing as two tiers of crypto.

People's intuition is to treat breaking encryption as linear, that it's just a matter of trying a little bit harder to break it. You see this in TVs and movies where the hacker just types twice as hard on the keyboard and bypass the encryptions.

But breaking crypto is in fact exponential. Twice as much effort is insignificant.

Take those export controlled 40-bit keys mentioned above. People imagine that 80-bit keys are twice as secure. That's not true, they are a trillion times more secure. A key that's twice as secure is 41-bits -- each additional bit on a key doubles the number of possible combinations an adversary would have to try in order to crack it. 10 extra bits is a thousand times, 20 bits a million times, 40 bits a million million (trillion) times.

Let's do some math. A popular hobbyist computer right now is the $35 Raspberry Pi. Let's compare that to the power of a full $1000 desktop computer, and to the NSA buying a million desktop computers with a billion dollars. What size keys can each crack? You'd think that a billion dollars somehow grants near infinite powers vs. the RPi, but it doesn't. A factor of 10 million means adding 23 bits to the length of the key that can be cracked.

This is shown the graph below. The y-axis is the number of nanoseconds it takes to crack a key, the x-axis is key length. As you see, this isn't a linear graph where difficult slowly rises as keys get longer. Instead, it's an exponential graph, where as keys get longer, the time it takes to crack them goes from nearly zero to nearly infinitely. In other words, because of exponential growth, keys are largely either easily cracked or impossible to crack, with only a fine line between the two extremes.

An RPi can crack any encryption key smaller than 45-bits almost instantly. The NSA, with a billion dollars worth of computers, still can't crack 70-bit keys. Even if you were to try to create a key somewhere in the middle, such as 64-bits, it still wouldn't work, because a hacker could still buy a day's worth of cloud computing, temporarily creating an NSA-level computer, to crack that one key.

The government's "export grade" crypto is thus nonsense, as 40-bit encryption means essentially no encryption. Conversely, 128-bit encryption means perfect encryption. The TV cliche of showing a hacker working harder to bypass the encryptions is not reality. If the encryption works, it works against all adversaries. If it doesn't work, then it doesn't work against any adversary. Crypto is either broken by your neighbor's teenager who bought a computer from their babysitting money, or is perfect defense against the NSA's billions.

In fact, military grade means worse encryption. Military equipment takes years negotiating purchasing contracts and then must last in the field for decades. It's woefully out-of-date. In contrast, your iPhone contains the latest developments in crypto. The picture of your pet you just texted your friend uses crypto vastly better than what's protecting our launch codes. That military needs better crypto is a fallacy.

This picture is from a nuclear missile silo, where they still use floppy disks.

This picture is of Fritzi, sent by my sister via Apple's iMessage, which uses the latest advances in end-to-end encryption.

Barr repeats this fallacy in another way, talking about "customized encryption used by large business enterprises to protect their operations". Again, that's not a thing. Customized encryption is always worst encryption. The best encryption is the standard, non-customized encryption that consumers use. When you customize it, you start making mistakes.

The government isn't calling for 40-bit export crypto anymore, but is calling for other weaknesses. Therefore, this discussion of math is only an analogy.

But the underlying concept still applies. Cryptographers don't know how slightly weak crypto that's only 99% secure instead of 100% secure, because any small weakness inevitably gets hacked into an enormous gaping hole.

Barr derides our concerns as being only "theory", but it's theory backed up my a lot of experience. It's like asking your doctor to prove that losing weight and exercising will improve your health. Our experience from cryptography is that there is no such things as a little bit weak. We know of no way to implement the government's backdoor in such a way that won't have grave impacts. I might not be able to immediately point out the holes in whatever scheme you have concocted, but that doesn't mean I believe your backdoor scheme doesn't have weaknesses. My decades of experience tells me it's only a matter of time before those weaknesses explode into gapping holes that hackers exploit.

Barr doesn't care about whether backdoors are technically feasible. His argument is ultimately premised on the idea that citizen's don't have a fundamental right to protect themselves, but that instead they should rely upon the government to protect them. They should not take the law into their own hands. That backdoors weaken their ability to secure themselves is therefore not a problem. This is bad: we should have the right to protect ourselves, and crypto backdoors hugely impacts that right.

Mounting crime

Barr claims the costs aren't abstract, but measured in real mounting victims. This is an excellent argument to pay attention to. Because the real numbers don't support him.

The fact is that the number of crimes perpetrated is not going up. The rate of solving crimes and prosecuting perpetrators is not going down. If there were a wave of unsolved crime, then even I admit we'd have to seriously start talking about this issue. I might not support backdoors, because (as described above) they aren't technically feasible without violation human rights. But I'd be much more motivated to look for alternatives.

But there is no wave of unsolved crime. All that's mounting is the number of locked phones in their evidence rooms. They are solving crimes because they have all the same old crime fighting abilities available to them that don't require unlocking phones.

Crime rates have been falling as strong crypto has increased.

The "clearance rate" rate is not changing, due to strong crypto or any other reason:

By Barr's own arguments, then, crypto backdoors aren't justified.

So if the issue isn't "crime", what it is? My guess is that the answer is "power". They have evidence rooms full of phones without the power to decrypt them. That makes them unhappy.

Before we accept the government's call for more dystopic police power, we should demand that they prove that encryption is actually leading to more crime. This should be based on statistics, not anecdotes like Mexican drug cartels or kidnapped girls, arguments designed to appeal to emotion not logic.

China, Russia, and Jefferson

The argument of balance is often described by "right to privacy" balanced with "right to safety/security". I don't think this is correct. I don't think people care that much about privacy. After all, they readily give up privacy to the Facebook, the Google, and the other companies. It seems reasonable that they should be just as ready to give up privacy in exchange for additional security provided by law enforcement to protect us against criminals.

Instead, the balance people care about is the abuse of power by the government. The balance is between security provided by the government vs. security threats coming from the government. It's a balance of security vs. security.

Another way of looking at it is that privacy isn't a monolithic, there are different kinds of privacy. I don't care (much) if government employees spy on me while I'm naked in the shower, as there's not much they can do to abuse this information. I care a lot about them being able to secretly turn on the microphone in my living room and eavesdrop on my private conversation, because I know that's exactly the sort of power government's are known to abuse.

A quote often attributed to Edward Snowden is:
"Saying you don't care about privacy because you have nothing to hide is like saying you don't care about free speech because you have nothing to say."
Is this comparison really valid? Or is it a false equivalence?

China and Russia show us the answer to this question. Both have cracked down on encrypted communications. China mandates devices have a backdoor whereby the government can access anything on a phone, encrypted or not. Russia has cracked down on Telegram, an encrypted messaging app popular in Russia. Both cases have been motivated by their desire to crack down on dissidents.

We therefore see that these are equivalent in Snowden's quote. For dissidents in China and Russia, it's every much as important for them to keep some communications private (i.e. encrypted) as it is to allow other communications to be public (i.e. free speech).

Thus, the debate isn't whether the U.S. government should have this power, but whether governments in general should have this power. If it were only the U.S., we might trust them with backdoors, because the U.S. is a free country and not a totalitarian state. But that's the same as saying that we trust our current government to regulate speech because they'd never restrict political speech the way they do in China and Russia.

We have a free society because government has these restrictions. If you remove restrictions because you trust government, that'll only lead to a government that abuses its power.

It's obvious the U.S. government abuses any power we give it. Take "civil asset forfeiture" as an example. Sure, it seems reasonable that if convicted of a crime, you should have to forfeit the proceeds of the crime. But it's gotten out of control. If the police pull you over, and see that you have $5000, they can just seize it, without convicting you of a crime, without even charging you with a crime. The Supreme Court allows it under weird legal fictions, pretending they aren't depriving you of property without due process of law. It's not you who is charged with a crime, but the object they are confiscating, which is why you see odd court cases with names like "United States v. $124,700 in U.S. Currency".

Or take the "border search exception". Obviously, if you are going to control the borders, it's reasonable to search people's belongings for smuggled goods, searches that would be unreasonable when not done on the border. However, this power is now abused for things like searching your phone. This is unreasonable, because there's nothing you'd smuggle on the phone when crossing the border that you couldn't more easily transfer over the Internet. Yet, the Supreme Court allows it under various legal fictions.

Or take the Snowden revelations about the government grabbing all phone call records of the past 7 years without a warrant. Or the fact they grab all your financial records the same way, including every credit card purchase. Or how they used to grab all your cell phone GPS records until finally the courts added a warrant requirement in the recent Carpenter decision (though only in limited cases).

Or take the drug war in general. Barr mentions drug traffickers numerous times to justify himself. But the war on drugs has been an enormous abuse by our government. Because of the drug war, our incarceration rate has exploded. At 655 per 100,000, we are the highest in the world. In European countries, that number is around 100. In Japan, it's 41. I'm glad Barr focuses on drug traffickers -- the war on drugs has resulted in obvious government abuse of power. Drug crimes aren't a reason to give government more power, but a reason to give them less. That's why our country is legalizing marijuana right now, because it's less harmful than alcohol or tobacco and therefore stupid to keep illegal, while at the same time fostering abusive government power.

Barr cites several Supreme Court cases to justify his legal position. But "legal" doesn't mean "right". Our entire country is based upon legal actions by the English government that the colonists decided were nonetheless illegitimate. Just because the Supreme Court allows something as "constitutional" doesn't mean it's not one of those abuses and usurpations designed to reduce citizens under absolute despotism. The fact that that the Supreme Court seems unable or unwilling to curb current abuses of our government, especially with regards to technological change, isn't an argument that crypto backdoors are justified (as Barr argues), but an argument why we need to vigorously oppose them.

The Ninth Amendment says that "the enumeration of certain rights show not be construed to deny or disparage others retained by the people". But that's exactly what Barr did in his speech, talking about "Supreme Court taking steps to ensure that advances in technology do not unduly tip the scales against public safety". The Supreme Court can do no such thing. The right to encrypted communications, or the right to run whatever software you want on your computer, is not enumerated in the Constitution and thus the Supreme Court can never consider them. It can never balance these rights with against public safety. But they are important rights nonetheless.

Yes, it's reasonable to balance privacy and security -- but we aren't talking about privacy in general. The changes in technology has demonstrated that encrypted communications is it's own thing, separate from our other privacy concerns.

Balance revisited

So now let's go back and revisit what sounds like a reasonable argument that the Fourth Amendment balances privacy and security.

There is no evidence of an imbalance. Crime rates aren't increasing, clearance rates (of solving crimes) aren't decreasing. Far from "going dark", we live in a Golden Age of Surveillance, were police are able to grab our GPS records, credit card receipts, phone metadata, and other records, often without a warrant. It's impractical to travel anonymously in the United States, as the government gets a copy of plane and train records, and is increasingly blanketing the country with license plate readers to track our cars. If a rebalancing of the "privacy vs. security" equation is needed, it's in favor of privacy.

But we aren't talking about that balance. We are instead balancing "security vs. security". It has become obvious that privacy of security communications is a wholly separate concern from other privacy issues. Even though we rely upon government to provide for public safety, we are in danger from governments that abuse their power to repress citizens. It is every much as important for political dissidents that we protect private communications (with encryption) as we protect their right to public communications (free speech).

Thirdly, we have purely technical problems. Cryptographers tell us, convincingly, that there's no such thing in cryptography as a difference between consumer-grade security and military-grade security. Any backdoor in security for law enforcement compromises the ability of citizens to protect themselves. Similarly, it's not about regulating the products/services big corporations like AT&T or Facebook put in our hands. Instead, it's about regulating the software we ourselves choose to install on our devices. There is no solution to Barr's scenarios that doesn't involve outlawing such software, removing the right of citizens to install their own software.


dramklukkel said...

Fight for the second amendment, because more guns keep us more safe.
But ban encryption, because encryption keeps us unsafe?

Ban Huawei from US market, because they may have backdoors in their equipment.
Then try to force US tech companies to install backdoors.

Kevin said...

@dramklukkel I would say encryption should fall under the 2nd amendment as well. Just as with firearms, it can be used both offensively and defensively. It is a threat to governments and established interests.

Greg Nation said...

Hmm, maybe the 2nd Amendment does apply here. Zimmermann was investigated for "munitions export without a license" after PGP started popping up outside the US, because at the time (as you mention) only 40-bit keys were approved for export and PGP used 128-bit keys. This is no longer the case, but...

Getting back to the point, if strong crypto can be considered munitions, then wouldn't strong crypto fall into the category of "arms" covered by the 2nd amendment?

(please understand that I am being at about half satirical)