Which would you prefer: backdoored crypto, government malware – or the third way?

Posted on Jul 14, 2017 by Glyn Moody

As regular readers of this blog will have noticed, one of the hottest topics in the world of online privacy is government access to communications. Essentially, the authorities want to be able to read encrypted information, but at the same time, they insist that they do not want to weaken the online security of law-abiding citizens. Experts have repeatedly and rightly mocked the contradictory nature of these two positions.

Nonetheless, many people would agree that the authorities should be able to gain access to the communications of those suspected of terrorism or serious crimes, provided there is appropriate judicial oversight. That being the case, how might this be done without undermining the strength and thus security of everyone’s crypto?

As we wrote last month, Germany has been using an alternative approach to penetrate computer systems: by means of a “Staatstrojaner” – a government trojan. Typically, a trojan is introduced onto a suspect’s smartphone or computer by means of an email that tricks the recipient into installing the malware. At that point, the authorities can either monitor all communications flowing to and from the system, or examine information stored on it – or both – depending on the needs and authorization.

Significantly, the new German law allows the authorities to use such malware routinely – until now, it has only been permitted for the most serious threats, such as terrorism. That broadening of the scope means that German police will now have the capability to bypass even the strongest crypto, without needing to break it.

Other countries are starting to take note of that fact. Just this week, the Austrian government published draft legislation that give police the authority to monitor messaging services. As an analysis (in German) of the document explains, ten out of the 16 pages of the explanatory notes to the new “Code of Criminal Procedure” concern the use of malware by the police. An earlier article on the same site noted how Austria was planning to follow Germany’s example, and place government trojans at the center of its surveillance efforts, now officially confirmed. Further support for using malware to circumvent encryption comes from a surprising source: the former head of GCHQ, the UK’s equivalent to the NSA. Robert Hannigan told the BBC:

“Building in backdoors is a threat to everybody, and it’s not a good idea to weaken security for everybody in order to tackle a minority.

The best that you can do with end-to-end encryption is work with the companies in a cooperative way, to find ways around it frankly.

So obviously the way around encryption is to get to the end point – a smartphone, or a laptop – that somebody who is abusing encryption is using.”

That viewpoint is particularly remarkable given comments Hannigan made back in 2014, just after he had taken up his post as Director of GCHQ. In his first speech, he noted how encryption had become an everyday tool for terrorists, and thus a problem for GCHQ, taking a swipe at Edward Snowden along the way:

“Techniques for encrypting messages or making them anonymous which were once the preserve of the most sophisticated criminals or nation states now come as standard. These are supplemented by freely available programs and apps adding extra layers of security, many of them proudly advertising that they are Snowden approved. There is no doubt that young foreign fighters have learnt and benefited from the leaks of the past two years.”

There seems to be a growing acceptance among governments around the world that breaking crypto is counterproductive, since it weakens everyone’s communications. Instead, the emphasis is shifting to attacking the end points – the smartphone or computer. That’s a positive development in the sense that breaking crypto using backdoors or other means would have been a disaster for everyone. Malware is more targeted: it is directed against specific individuals, and allows proper judicial oversight.

But there are some downsides to the growing use of government trojans. For example, it provides an incentive for intelligence agencies to find vulnerabilities in widely-used software, but not to disclose them. That not only means that members of the public are left exposed when they could have been protected by the distribution of patches. It also leads to serious problems of the kind produced by the WannaCry ransomware, which used an exploit discovered and hoarded by the NSA. As Microsoft’s President and Chief Legal Officer, Brad Smith, lamented in May:

“this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage.”

As governments turn to malware to circumvent encryption, there will be a tendency for more intelligence agencies to hoard vulnerabilities, which increases the likelihood that they will leak and end up being used on a massive scale, as with WannaCry, rather than for for a small number of highly-targeted operations. Similarly, exploits will become more valuable, and therefore researchers may be tempted to sell them to governments or even criminals, rather than telling the software companies involved so that they can be fixed quickly.

Fortunately, there is an alternative to backdooring encryption or using government malware. This third approach consists of taking advantage of the fact that using strong crypto effectively is quite hard: there are a number of ways in which mistakes can be made that nullify the benefit of encryption. There’s a handy summary of techniques that exploit that vulnerability in a recent paper by Bruce Schneier and Orin Kerr. It lists six kinds of workarounds: “find the key, guess the key, compel the key, exploit a flaw in the encryption software, access plaintext while the device is in use, and locate another plaintext copy.” In an ideal world, intelligence agencies and law enforcement would always turn to these, rather than pushing for either of the other risky options.

Featured image by Bengt Oberger.