Tuesday, 8 March 2016

GCHQ boss: Tech firms should co-operate over encryption

This BBC article says GCHQ want to work with tech firms over the encryption issue.

Unfortunately there is a conflict of interest here - what the tech firms wish to do is keep user's data safe - they should do this - it is even in the Data Protection Act that personal data is important and should be kept safe.

So the objective of the tech firm is at odds with the objective of GCHQ which is to access user's data when they want to.

The gold standard for the tech firm is to make the data so safe that even they cannot access it. Even someone that knows exactly how it all works, that wrote the code that is used, cannot, by any means, access the data. Apple are pretty close and I am sure are working on ensuring this is the case.

If a tech firm is successful in this goal then there is not really a lot to discuss with GCHQ, is there? They cannot have the data, end of story. If there was something to discuss, some way that the data could be accessed by any means, then that is a loophole the tech company should be working on plugging!

One statement "The solution is not, of course, that encryption should be weakened, let alone banned. But neither is it true that nothing can be done without weakening encryption," shows the problem.

Let's be clear - this is not about the mathematics - this is a very simple high level thing. Anything that allows a third party (such as GCHQ) access to data is weakening the encryption. It does not matter if that is some procedural change, some storage of keys in a "safe place", some trick in the mathematics to allow a third key - none of that matters - the very possibility of access is a "weakening of encryption" by definition.

I am shocked that they seem not to understand this. Well, I am sure they do, but want to gloss over it.

Of course, the real "back door" to any system is the software update. It is essential to have this, not just for new features in a product, but also to fix vulnerabilities. Software is never 100% perfect, and even if it was the world changes and what is necessary to defend against attacks changes. So s/w updates are needed and should be encouraged. They should be digitally signed to ensure the s/w is genuine, of course. The issue is that new software can help access data - whether by allowing lots of attempts very quickly (what the FBI want) or by capturing keys next time the user legitimately unlocks the data.

There are steps a tech firm can take, and I expect Apple are working on this, such as ensuring there is no way to update the software on a locked phone. Even make the security hardware not allow an update without correct use of the PIN or password (and not allow many attempts). This addresses the issue of access to a device after it has been seized, but not the possibility of a systemic vulnerability being introduced on devices in advance - that needs trust in the suppler.

Of course if you do not trust your supplier or the government, you can do encryption yourself, and none of this will then apply. I should not have to keep saying this but criminals can always use encryption, and even do so covertly. Such laws or discussions only impact the non criminals!

Sadly the UK wants to remove all trust in any UK firm by allowing secret orders that could do exactly that - compromise security on all devices in advance. It will be a sad state of affairs very soon when we have to trust a foreign supplier as we cannot trust anyone in our own country.

"Made in UK" will become the hallmark of distrust by the end of the year!

P.S. The original talk was actually more balanced, but still misses the key points in many ways and thinks there can be a way for law and encryption not to clash, and somehow that criminals would obey any such laws anyway.

His comment "On encryption, it simply repeats the position of earlier legislation: where access to data is legally warranted, companies should provide data in clear where it is practicable or technically feasible to do so. No-one in the UK Government is advocating the banning or weakening of encryption." clearly lacks an understanding of the power of the bill going through parliament, that can secretly demand much much more.

1 comment:

  1. Steganography makes it easy to hide low payload messages (or high payloads, but this increases the risk) in a nearly undetectable way. Particularly with very large phone cameras these days, leading to a very high number of pixels and a low payload ratio. Sending encrypted texts in this way would mean a very low payload compared to the content, making it exceptionally hard to detect.

    And Alice and Bob don't even need to directly communicate to communicate. Alice can put the image up on Facebook so anyone can read it without an account. Bob could host a gallery of his snapshots. It could be used for forum avatars. There are so many ways to achieve this, all of which would fly completely under the radar.

    If you are the slightest bit competent, it is easy to evade detection. Obviously no good if GHCQ decide to bug your device or something (I was going to say with a warrant, but they probably do it anyway), but if it gets to that stage you're probably doing something wrong.

    It's just like airport security, which is security theatre. It will catch the idiots... sometimes (look at all the times people smuggle bombs, guns, etc. past staff). If anyone really wants to kill people, they'll smuggle a device internally or use a surgically implanted bomb. Or they'll bomb a football stadium or other crowded area. Or they'll give one of their zealots an AK and let them loose.

    I do not fear terrorism. I support taking reasonable measures to stop it of course; I'm sure many attacks are stopped each day that we're never told about. But I do not live in a perpetual state of fear, and demand we lose every right we have because OMG TERRORISTS AND IT MAKES PEOPLE SAFER! I'm far more likely to die driving into work (or to the airport) than I am to die of a terrorist.

    I do however fear governments who demand greater power, particularly when they cannot be trusted. The US government couldn't even make it through a week before admitting they wanted to unlock far more phones than just the one (as was obvious to anyone with a brain), despite all their promises how it was a one time exception. We've had councils abuse anti terror laws to spy on people putting out their bins. Of course, none of these people ever got prosecuted and imprisoned for their actions...

    The one thing that does offer protection from governments is their own incompetence. So I will be effortlessly evading Ms. May's attempts to spy on me should they ever be implemented. I'm sure thousands of terrorists browsing jihad.org/bombing/killinfidels/ will be quickly caught and make us all far, far safer though.