« The reckoning | Main | Copyright in review »

Crypto in review

Caspar_Bowden-IMG_8994-2013-rama.jpgBy my count, this is net.wars number 990; the first one appeared on November 2, 2001. If you added in its predecessors - net.wars-the-book, and its sequel From Anarchy to Power, as well as the more direct precursors, the news analysis pieces I wrote for the Daily Telegraph between 1997 and early 2001, you'd get a different number I don't know how to calculate. Therefore: this is net.wars #990, and the run-up to 1,000 seems a good moment to review some durable themes of the last 20 years via what we wrote at the time.

net.wars #1 has, sadly, barely aged; it could almost be published today unchanged. It was a ticked-off response to former Home Secretary Jack Straw, who weeks after the 9/11 attacks told Britain's radio audience that the people who had opposed key escrow were now realizing they'd been naive. We were not! The issue Straw was talking about was the use of strong cryptography, and "key escrow" was the rejected plan to require each individual to deposit a copy of their cryptographic key with a trusted third party. "Trusted", on its surface meant someone *we* trusted to guard our privacy; in subtext it meant someone the government trusted to disclose the key when ordered to do so - the digital equivalent of being required to leave a copy of the key to your house with the local police in case they wanted to investigate you. The last half of the 1990s saw an extended public debate that concluded with key escrow being dropped for the final version of the Regulation of Investigatory Powers Act (2000) in favor of requiring individuals to produce cleartext when law enforcement require it. A 2014 piece for IEEE Security & Privacy explains RIPA and its successors and the communications surveillance framework they've created.

With RIPA's passage, a lot of us thought the matter was settled. We were so, so wrong. It did go quiet for a decade. Surveillance-related public controversy appeared to shift, first to data retention and then to ID cards, which were proposed soon after the 2005 attacks on London's tube and finally canned in 2010 when the incoming coalition government found a note from the previous chancellor, "There's no money".

As the world discovered in 2013, when Edward Snowden dropped his revelations of government spying, the security services had taken the crypto debate into their own hands, undermining standards and making backroom access deals. The Internet community reacted quickly with first advice and then with technical remediation.

In a sense, though, the joke was on us. For many netheads, crypto was a cause in the 1990s; the standard advice was that we should all encrypt all our email so the important stuff wouldn't stand out. To make that a reality, however, crypto software had to be frictionless to use - and the developers of the day were never interested enough in usability to make it so. In 2011, after I was asked to write an instruction manual for installing PGP (or GPG), the lack of usability was maddening enough for me to write: "There are so many details you can get wrong to mess the whole thing up that if this stuff were a form of contraception desperate parents would be giving babies away on street corners."

The only really successful crypto at that point were backend protocols like SSL (used to secure ecommerce transactions over the web), TLS (secures communications), and HTTPS (secures web connections) and the encryption built into mobile phone standards. Much has changed since, most notably Facebook's and Apple's decision to protect user messages and data, at a stroke turning crypto on for billions of users. The result, as Ross Anderson predicted in 2018, was to change the focus of governments' demand for access to hacking devices rather than cracking individual messages.

The arguments have not changed in all those years; they were helpfully collated by a group of senior security experts in 2015 in the report Keys Under Doormats (PDF). Encryption is mathematics; you cannot create a hole that only "good guys" can use. Everyone wants uncrackable encryption for themselves - but to be able to penetrate everyone else's. That scenario is no more possible than the suggestion some of Donald Trump's team are making that the same votes that are electing Republican senators and Congresspeople are not legally valid when applied to the presidency.

Nonetheless, we've heard repeated calls from law enforcement for breakable encryption: in 2015, 2017, and, most recently, six weeks ago. In between, while complaining that communications were going dark, in 2016 the FBI tried to force Apple to crack its own phones to enable an investigation. When the FBI found someone to crack it to order, Apple turned on end-to-end encryption.

I no longer believe that this dispute can be settled. Because it is built on logic proofs, mathematics will always be hard, non-negotiable, and unyielding, and because of their culture and responsibilities security services and law enforcement will always want more access. For individuals, before you adopt security precautions, think through your threat model and remember that most attacks will target the endpoints, where cleartext is inevitable. For nations, remember whatever holes you poke in others' security will be driven through in your own.


Illustrations: The late Caspar Bowden (1961-2015), who did so much to improve and explain surveillance policy in general and crypto policy in particular (via rama at Wikmedia).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

TrackBack

TrackBack URL for this entry:
https://WWW.pelicancrossing.net/cgi-sys/cgiwrap/wendyg/managed-mt/mt-tb.cgi/955

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Archives