Tuesday, 1 December 2015

Back-dooring encryption, via the back door?

Yesterday's Draft Investigatory Powers Bill Select Committee included a question about iMessage. The question was asked several times, and did not get a straight answer. The replies even started to quote the Cameron/May rhetoric about "no safe place for terrorists to communicate".

This is am important issue - the government have made some clear contradictory statements that they feel there should be no way for people (including terrorists) to communicate such that the authorities cannot read what they are saying (with court order, oversight, etc). They also say encryption is important to the economy and safety and so on. These two things are contradictory.

The point about encryption is that you make it mathematically impossible for anyone else to read the message.

["impossible" meaning that with the resources of any adversary the message could not be revealed in the time frame during which its secrecy is important]

You cannot make a system where nobody else can read the message "unless they have a court order". Mathematics does not know about court orders - so anything you do to allow access with a court order weakens the system so that it is not longer safe. Whatever weakness or backdoor exists, it means criminals could exploit it. It is not proper encryption any more.

So far the government have not tried to ban encryption - to do so would make the UK a laughing stock, drive lots of business away from the UK, and make the UK a target for criminals making us all very much less safe.

You also have to remember that no matter what you do, what law you pass, how much you restrict or cripple software, people can always communicate completely secretly with nothing more than a pen, paper and dice. This means that the "safe place for terrorists to communicate" will always exist anyway.


iMessage came up because it is a problem for the authorities - they cannot read it! Apple have chosen to make it secure. You can be sure, if you trust Apple, that messages you send cannot be "snooped" on by the authorities or Apple. There is some reason to trust Apple in that if they were lying, it would eventually come out if ever such communications were used in any court case or hacked, and that would massively damage their reputation - they have no reason to lie about this.

The problem is that the government don't like this - but can they ban a company offering end-to-end encrypted communications? Well, I think they are trying (and failing) :-

Thanks to Neil Brown for doing the leg work here :-

In RIPA, it is an obligation which can be imposed under a maintenance of capability order, under paragraph 10 of the Schedule to Regulation of Investigatory Powers (Maintenance of Interception Capability) Order 2002.

In the draft bill, it is part of the broad power to require a provider to maintain technical capability, in s189. It is called out by way of example in s189(4)(c), but this is just an example, and not a limitation.

The two positions can be contrasted: under the 2002 Order under RIPA, the list in the schedule sets out everything that the SoS can impose: it is exhaustive unless the Order is amended. Under the draft IP bill, there is no limited list of obligations, but rather anything the SoS considers to be reasonable, with some examples which are not limiting.

So, my understanding is that Apple could be served with an order to "maintain technical capability" and that includes the capability to "to remove any encryption applied". If so ordered, Apple would have to either change their system not to do encryption end-to-end, or at least have the means to do so when ordered to intercept communications. Also, they would not be able to tell us that they have done it.

The fact that someone could get such an order may have a chilling effect on the willingness to offer end-to-end encrypted services based in the UK.

This is really not acceptable, and needs addressing in the bill and RIPA, and removing. The reasons being that (a) anyone can communicate secretly anyway (as above) and (b) there are a couple of huge holes in the idea that you could force someone like Apple to change their systems :-

1. Apple is not in the UK. In fact the company that provides iMessage is, as far as I know, in Luxembourg, and so they can just tell the UK to sod off when they get an order. Also note that iMessage is free, so crippling the ability for UK "customers" to pay for the service does not help (Apple would have to separate itself from the company providing iMessage, but that is not hard).

2. Apple could simply separate iMessage in two - one is a service, perhaps a simple xmpp platform, that provides communications but does not in any way provide encryption. Then a separate company, which offers an app (software) that uses that service to provide end-to-end encryption. From the users point of view it would be a minor change to those Terms & Conditionings that you never read, and everything works the same - but legally it is different. The s/w company making the app is not a communications provider and so not subject to such orders. The communications company does not have means to decrypt the communications (mathematically impossible, remember).

Trying to make anyone that produces software include back-doors is back to the "batshit insane" category we started with, and fails to address open source software, or that the software can simply be provided by companies not based in the UK.

Ultimately, all you do is drive communications and software business out of the UK - you don't get encrypted communications decoded. Remove this requirement from the bill and RIPA!


  1. If they have the power to do anyhthing they want then why not make Cancer illegal?

    1. Technically, they could. The question would then fall to enforcement of that law.

    2. I think that is what is going on here. Make a silly law then everyone is a criminal and the government can do anything it needs (wants) to.

  2. Presumably it isn't just thing like iMessage and it also applies to browsers ? In which case if served with an order Google/Microsoft/Mozilla would have to start recording HTTP session keys somewhere ?

    Or is the bill restricted in its range so it wouldn't apply to browser HTTPS sessions ?

    1. Anyone providing a communications service.

    2. That doesn't really clarify the situation for me...

      (not your fault I realise)

    3. If I provide you with a pen and paper, is that a communications service No?
      Maybe only if the paper is moved, and I'm somehow involved in the movement of it?
      If the stationery is stationary, it's not a communications service?
      If I provide you with a paper aeroplane that you can write your message on, is that a communications service? Maybe if I provide a rubber band with your paper aeroplane? Maybe only if I provide an automated paper aeroplane flinging device?
      Maybe that automated paper aeroplane flinging device requires batteries?
      So, if I provide a set of batteries for that paper aeroplane flinging device, does that make me a communications service provider?
      What if I provide you with a solar powered paper aeroplane flinging device? That therefore implies that our friendly local neighbourhood nuclear inferno is a communications service provider.
      Make the sun illegal.
      (They'd make The Sun illegal too, but Murdoch wouldn't allow it)

    4. But Google/Microsoft/Mozilla are all US companies so outside of the jusrisdiction of this bill, aren't they?

    5. I thought the wording was something along the lines if companies in the UK or companies operating infrastructure / servers in the UK. I would be amazed if Apple or the company that runs iMessage don't have nodes in the UK.
      (Easy to fix by just moving them to France or somewhere else fairly local).

    6. AFAIK iMessage is iTunes as opposed to "Apple" but Apple could make it a separate company with no problem. It does not charge for iMessage, so mostly a paperwork exercise to do that.

    7. It's perhaps worth bearing in mind that most of this discussion is about who can be subject to a retention notice, and the scope to impose a decryption obligation as part of retention. Don't overlook the fact that an acquisition notice can be served on "any person" — not just a communications provider — including, expressly, someone who is not in possession of communications data, if the authorised officer believes that they are "capable of obtaining it": s46(4)(c)

  3. If you create an encrypted message with the 'Pen, paper and dice' method and then post it, does that make Royal Mail a communication provider and require them to be able to decrypt it?

  4. I wouldn't assume that iMessage is quite as secure as perhaps you suggest it is. Have a look at http://techcrunch.com/2014/02/27/apple-explains-exactly-how-secure-imessage-really-is/ If Apple was ordered to, it could easily add extra receiving device key pairs to your iMessage account without you noticing and it would then easily be able to decrypt all the messages. In this situation, Apple is the communications provider, not the ISP - The ISP cannot remove the encryption, as you rightly point out.

    Even if Apple's service isn't legally based in the UK, I think they would be likely to comply with UK law enforcement requests, as they would face a public backlash if they chose not to. This is bearing in mind that most of the public are much more in favour of helping the law enforcement agencies than frustrating them.

  5. Here we go again. In 1997 the London-based company I worked for had (basically) threats from government men in suits about banning encryption. We simply replied that we would in that case move some software engineers to Dublin, where they could write the code for the crypto core maths, and then send it back here, by reading it aloud over the phone and retyping it in London if need be. If things got even worse than that, we told them, we would sell the product without crypto and then have the end-user download the crypto software module over the Internet after the sales.

    So this wheel keeps on turning.