Colour me surprised
A government minister exhibits a fundamental lack of understanding about how encryption works and the inherent problems with backdoors - I'm shocked.
The UK government is once again suggesting encryption has no place in citizens' hands, in the wake of revelations that Westminster attacker Khalid Masood was using WhatsApp shortly before murdering pedestrians with his car, and stabbing a police officer to death. While she stopped short of threatening a Brazilian-style …
"[...] talking about how few Home Secretaries are in any way sane. "
IMHO the last sane Home Secretary was Roy Jenkins in the 1960s. His reforms gave hope of a bright new dawn - that definitely turned out to be a false one when Margaret Thatcher came in. No Home Secretary since then has seemed sane - no matter from which party.
"The best people who understand the necessary hashtags to stop this stuff even being put up" is quite impressive, even for a Tory minister.
I assume this was "file hashes" starting in Cheltenham and going through too many civil servants before getting to Amber Rudd.
> I'll put a tender in to manage the hashtags and because of inherent efficiencies of my organisation which commercial confidentiality precludes me from disclosing here I can offer to manage the hashtags for £1.5m a month.
I'll counter-bid with £15m per month, with a promise to reduce costs in a year's time to just £10m per month.
My bid will win because, in a year's time, a minister will be able to say that he's 'saved' £5m a month.
>> "The best people who understand the necessary hashtags to stop this stuff even being put up" is quite impressive, even for a Tory minister.
I assume this was "file hashes" starting in Cheltenham and going through too many civil servants before getting to Amber Rudd.
I lolled to myself and thought that too but then I started wondering which was more likely, that a tech briefing would get slightly garbled somewhere between page and mouth or that minister would want us to think that the solution to terrorism was as simple as Twitter blocking the hashtags #isis and #deathtowesterndemocracy and that because Twitter wouldn't do it was fair game for the gov to wade in and demand en end to encryption. Now I'm off to have a little cry.
Well, as the private key is presumably held within the WhatsApp application within Bob's phone, then WhatsApp have the power to have that key copied to them given some order from a judge or court or something. I'm not saying it's an acceptable way to behave, it's just all this talk of over-egging the pudding with multiple encryption etc etc when all they need to do is send a command message to the client app to shove the private key back up the pipe, no? I've never trusted any end-to-end encryption to be secure and I wouldn't ever expect it to be for exactly that reason.You need to decrypt it somewhere, and there's absolutely nothing to stop the app writer copying the key used to decrypt it to somewhere else, or to copy the decrypted message somewhere. Now, if it dumped the message into a file on the local storage in a sandboxed directory and I had a second app which held the keys... But even then I'm relying on the integrity of the author of the second app.
"The best people who understand the necessary hashtags to stop this stuff even being put up" is quite impressive, even for a Tory minister.
I assume this was "file hashes" starting in Cheltenham and going through too many civil servants before getting to Amber Rudd.
Perhaps the Internet being something to do with "hashtags" is a simplification for those who cannot grasp the complex technical intricacy of "a series of tubes". After all, Twitter wouldn't work properly without them, so they must be pretty damned critical to the operation of the Internet.
Same load of old guff as the last bunch and the lot before and before etc etc.
I swear, it seems as though the home office is stuffed with wormtongues who whisper into the ministers ears and they dutifully plod out and spout forth this nonsense and rightly get mocked for it. Far better to find out who keeps telling these hapless ministers that encryption needs weakening and then drum them out of the place before someone actually tries to push it through
"Far better to find out who keeps telling these hapless ministers that encryption needs weakening and then drum them out of the place before someone actually tries to push it through"
Like Theresa May wanting a carte blanche to make changes to the EU laws that have to be changed into UK law after BREXIT.
Nothing drastic you understand - just a free hand to bypass Parliament and rewrite the bits she doesn't like - say some of the privacy and human rights ones she says are EU impositions on our sovereignty.
"it seems as though the home office is stuffed with wormtongues who whisper into the ministers ears and they dutifully plod out and spout forth this nonsense..."
Anyone across the pond care to remind me of the blind city cop who keeps getting sent into awkward stuations by "the commies on the police board".
You need to have been around in the late 60's.
While I think Rudd is, in general, an idiot, what she is describing is technically possible without introducing any technical weakness.
Communication is normally encrypted with a symmetric cipher like AES256, and the key exchange is done with public keys: device A generates a session key, encrypts it with device B's public key. Only device B can decrypt it, and, therefore the session.
However it's possible to encrypt the session key again with a second public key. The corresponding private key could be held by WhatsApp, perhaps itself encrypted with a key known only to law enforcement. WhatsApp (or whoever) stores the encrypted chatter between devices, and can decrypt it with that private key as required.
This is different to the "decrypt the iphone" debate, which is done with a symmetric cipher. Introducing a weakness there introduces it for everyone, not just law enforcement. But where the encryption involves a key exchange between two devices, then allowing a third-party to decrypt communications can be done and, from a purely technical point-of-view, introduces no weakness in security.
Obviously there are other issues, not least for the company that is likely to see people abandoning any platform that does this for one that doesn't. But that's a different problem.
(edit: I should add this mechanism is not something I've just dreamt up, it's used by PGP, Acrobat and probably any system that facilitates the encryption of a document or message for multiple parties)
However it's possible to encrypt the session key again with a second public key. The corresponding private key could be held by WhatsApp, perhaps itself encrypted with a key known only to law enforcement. WhatsApp (or whoever) stores the encrypted chatter between devices, and can decrypt it with that private key as required.
The fact you don't understand this is the introduction of a technical weakness is a problem.
For starters you double the chances of the [a] key leaking - that's a technical weakness that you've introduced. Secondly it's no longer end to end encrypted it's "end to end and we copied your shit and have the key" - at that point the service is *useless* for privacy and people will go elsewhere.
These services exist because governments and security services can't keep their nose out people's shit - doubling down on that is not going to make it easier for security services it'll make it harder.
No. Not a technical weakness. The symmetric key remains encrypted, buy you now have a choice of two public keys to decrypt it. Brute forcing either is impractical, so no technical weakness is created.
It is clearly still "end-to-end" encrypted, as the message it encrypted on device A and not decrypted until it's read on device B.
There is clearly an ability for a third-party to decrypt - that's the point - but it's not a technical weakness. Let's be clear, I'm not advocating this system and I am not keen to allow Amber Rudd to read my messages, but criticising he on the grounds of "it can't be done, technically" is incorrect.
But if you know better, please explain in detail why this is the case - as I just aded to my post, this method is used by PGP amongst others, so I'm sure they would be delighted to hear your analysis.
But if you know better, please explain in detail why this is the case - as I just aded to my post, this method is used by PGP amongst others, so I'm sure they would be delighted to hear your analysis.
What are you talking about. That's not a thing.
There is clearly an ability for a third-party to decrypt - that's the point - but it's not a technical weakness
It's a weakness that's been intentionally added by technical means. It's literally the definition of a technical weakness. It's not even a back door; it's a front door. We copy your data and use it as we see fit is not a private communications service any longer. People leave whatsapp and use stuff with even stronger privacy and crypto strength guarantees so they can't break it when applying massive computation to it. Better for the security services? Nope, I don't think so.
"However it's possible to encrypt the session key again with a second public key"
Thanks for pointing out the obvious.
Now I'll point out the obvious consequence of that, what happens when someone steals the private key held by wahtsfap, or any number of Govt agencies? Don't forget, the UK food standards agency will require a copy too.
Don't forget, the UK food standards agency will require a copy too.
And all the other organizations listed in the appendices to the Investigatory Powers Act 2016...
That will be all UK police forces, MI5, MI6, GCHQ, Ministry of Defence, Department of Health, Home Office, Ministry of Justice, National Crime Agency, Her Majesty's Revenue and Customs, Department for Transport, Department of Work and Pensions, all ambulance trusts in the UK, the Common Services Agency of the Scottish Health Service, the Competition and Markets Authority, Criminal Cases Review Comission, Department for Communities in Northern Ireland, Department of Justice in Northern Ireland, the Financial Conduct Agency, all fire and rescue authorities in the UK, Food Standards Agency, Food Standards Scotland, Gambling Commission, Gangmasters and Labour Abuse Authority, Health and Safety Executive, Independent Police Complaints Commission, NHS Business Services Authority, the Office of Communications, Office of the Police Ombudsman for Northern Ireland, Serious Fraud Office.
The FSB, Chinese State Security, CIA and any number of other organisations where people wear cheap suits and dark glasses will pour all their efforts into compromising the key holder organisation. Not to mention every hacker in the world.
The consequences of any breach would be to destroy or fatally undermine confidence in every transaction made by Britons. We could say goodbye to the City and much of our economy.
@Dan 55 - may I call you Dan? No need for surnames here.
My hypothetical example is really just about key management, specifically that you can design a system where it would be impractical for NSA & law enforcement to electronically hack in to read messages without compliance from WhatsApp. You're asking what happens after they have the key, the answer is - of course - security is potentially compromised.
@John Robson, @Mike Richards and pretty much everyone else.
Gents, this is a lot of fun but once you get into bribing this guy or rooting that, frankly we're in the world none of us are experts in. There are easier ways to do this, as TRT points out above. I'm simply describing a process where this could be done technically, through legal, if not necessarily moral, channels, without introducing a weakness exploitable by a third party.
Signing off now, have to iron out bugs in my OCSP verification code. That's the trouble with crypto, it's all in the f*ing details.
You are making a distinction where there is none. Building a system which allows a third party access to messages means that it can be compromised.
The fact that a wonderful cryptographic module only decrypted the messages when it was told to by the rest of the (compromised) system and the encryption on the messages was not brute forced is not important.
My dear Streaky, PGP is very much a thing, You should google it.
I think we're at cross purposes here. "A weakness added by technical means" is wordplay and not helpful to this discussion.
Clearly you are upset at the concept of law enforcement having access to comms that you feel should be encrypted for ever until the end of time. That's not unreasonable, but I'm not interested in legislative or emotional arguments. Yes, people will leave a messaging platform that does this. I already made that point in my first post.
I'll restate my point for clarity. Encrypted communication between two devices could be "backdoored" for law-enforcement without making it easier for a third-party who snoops on the traffic to decrypt. The argument levelled against "backdooring" is that it opens the door for everyone, not just law enforcement, and I am saying that is simply not the case here.
As I'm clearly playing devils advocate, here's how I would construct the system.
Law enforcement generate a keypair and send the public key to Whatsapp, and keep the private key in safe. WhatsApp generate a keypair, and use the public key as I've described. They encrypt the private key with law-enforcement's public key, print it out and put it in a safe, then delete the "plaintext" private key. Or, if you prefer, store parts of the printout in multiple safes in multiple jurisdictions, including bank vaults.
Now to decrypt any communications you need the private key of law enforcement (in their safe), the encrypted comms (on WhatsApps servers) and access to the safes in WhatsApp's offices, which they're only going to open with a court order. It's safe from NSA hacking, it's safe from NSA and Law enforcement acting together, it's safe from WhatsApp acting on their own.
Of course no system is impenetrable, but if you think this system (if implemented as described) is vulnerable then please tell me how you would do it, either as an over-zealous government, a corrupt law-enforcement official or a third party. Facts please, not hyperbole.
@Androgynous Cupboard
You're assuming that the generated "plaintext" private key is always held securely, and I'm not sure that's the case. The insertion of malware onto the generator platform would be the obvious attack surface, and once this was done the automatic "slurping" of all private keys becomes a trivial matter. (Got any "kompromat" on any WhatsApp employees? Just send them a USB stick...)
Naturally, while domestic law enforcement might play by the rules, I very much doubt foreign intelligence agencies, hacker collectives or criminal enterprises would have much incentive to do the same.
@Zippy
In my example system the generated plaintext private key doesn't have to be stored, it can be deleted. But yes, you're right - there's an assumption that this is done properly, and that the NSA weren't running a side-channel attacks on the computer generating the key, or bribing the WhatsApp employee who generated it, or that Facebook are just a front for the CIA/Alien overlords, and so on. But if any of these are the case, we have bigger problems.
Designing a system to minimize this risk is complex, and it's also quite good fun as a thought exercise, but it's straying from the (really very simple) technical point I am trying to make: a properly implemented backdoor for law enforcement is technically possible without opening that backdoor to everyone. Sorry. I don't like it much either, for what it's worth.
"but it's straying from the (really very simple) technical point I am trying to make"
I think it is more likely that you are being downvoted for trying to teach your grandmother to suck eggs than that anybody here doubts a form of key escrow is technologically feasible.
"The argument levelled against "backdooring" is that it opens the door for everyone, not just law enforcement, and I am saying that is simply not the case here.
"
I'm sorry - any key with access to that much data will leak.
You might be better off suggesting that a messaging provider sets up proper encryption, but that by default it copies all messages directly to GCHQ. At least there would be a shred of honesty in there.
Mr/Ms cupboard,
It's not really safe. How would messages (now stored on WhatsApp's servers instead of deleted upon reception) be read by law enforcement?
a) The certificate is kept by WhatsApp and law enforcement log into a special server which means the messages are only protected by a username and password or b) the certificate is given to law enforcement and they are in control of it.
Both methods can be compromised by malware or leaks.
@Androgynous Cupboard: it's a shame you've had nothing but downvotes, because your idea seems entirely valid, technically if not morally or commercially.
PGP has always had a feature to allow you to encrypt a message with multiple public keys. If I want to send a message to Alice and Bob, the message is encryptyed with a message key, and the message key is encrypted twice, with Alice's and Bob's public keys. I can then send the same encrypted message to both of them, and they can both recover the message key and decrypt it. You're talking about exactly the same, except you replace Bob with GCHQ.
My message to Alice and GCHQ is technically no weaker than the message to Alice and Bob, at least in theory. The big assumption of course is that GCHQ have to be at least as good at keeping their private key secret as Alice and Bob are. Now if GCHQ can't manage to steal Alice's private key (that's why they want a back door), then you might assume it should be equally hard for the Chinese or the Russians to steal GCHQ's private key. But more people will have access to GCHQ's private key, and it's a vastly more valuable target than Bob's.
If the history of spies teaches us anything, its that people will spy for foreign powers for ANY reason, and sometimes just for no real reason besides trying to get something over on the government.
Has anyone stopped to think that maybe these terrorists use these phones and apps specifically to divert attention from other things? "He used Whatsapp! It must've been for terrorist purposes, we need to be able to view everything anyone shares!" Meanwhile, the rest of his terroristic cell, none of whom have used Whatsapp before, are arranging the next attacker to use Facebook right before attacking. The next one will use Snapchat...then LinkedIn. Causing governments to demand more and more erosion of privacy, increasing distrust of government among the governed. That's the real tactic the terrorists are using here - drive a wedge between the people and the government, and the government will have all it can handle with its own people, letting the terrorists have free rein anywhere else they choose to operate.
And the government is dutifully following the script.
The big assumption of course is that GCHQ have to be at least as good at keeping their private key secret as Alice and Bob are
No - you've made two assumptions :-
The first of these we know to be false straight off the bat - look at the CIA and NSA leaks to show how they actually aren't all that good at keeping secrets. And it gets worse once you need international cooperation - because that means giving all the keys to the Russians, the Syrians, the Iranians, the North Koreans, etc. Failure to do so would mean you don't get their cooperation - and guess where all the traffic goes instead.
The second is a fundamental flaw in that it requires the bad guys to play by the rules in order to catch them - so Bob sends a message to Alice that says "Attack at Dawn", whereas GCHQ gets one that says "Mary had a little lamb". Bob *swears* both messages have the same content.
So what we're left with is a system that is fundamentally less secure for everyone and no use whatsoever for catching bad guys.
Vic.