The NSA chief should be pro-encryption: the presence of backdoors in encryption (as demanded by some US law enforcement officials) creates a national security threat. Period.
If law enforcement needs access to encrypted data, they already have a few different ways. They can subpoena the data and throw the person who controls the key in jail until they release it, or they can just brute-force the encryption in cases of extreme national interest (it's too expensive to do for run-of-the-mill crime, but they have the capability if they really need it).
IMO the entire goal of encryption tech should be to make the government incur significant costs for every invasion of privacy they feel they have to perform. That way, they have the power to invade our privacy (and I don't think we as a populace can really stop them from having that power) but it's so expensive / cumbersome to use they really only use it in extreme cases. I'm fine with privacy being broken by the government on a case-by-case basis; the danger is when the government does a dragnet on everyone.
Even on a case by case basis, the power to break encryption raises some serious questions. What if the current President or some future President goes digging through the emails of their opposition in an election year? What if the NSA starts investigating the records of politicians with a anti-NSA stance? With access to passwords and accounts, you even have to ask what if an agency like the GCHQ planted evidence in someone's email or tweeted an embarrassing photo on their behalf? [They have the tools to do so](http://arstechnica.com/security/2014/07/ghcqs-chinese-menu-o...), and with power like that, they could basically destroy anyone who opposes them before they even start.
I don't think perfect encryption is an impossible dream. I think it will be very hard to achieve, and we have a long way to go to getting there, but it's important work, and right now companies, governments and people should be pouring everything they can into making it a reality. We need a lot more research into encryption, especially [information theoretic secure](https://en.wikipedia.org/wiki/Information-theoretic_security) algorithms.
> What if the current President or some future President goes digging through the emails of their opposition in an election year?
This has happened before with Watergate -- and the only reason Nixon got caught was because people talked. I would imagine something similar would happen. Politics can help create some balance here -- if they really were doing something that benefitted one side over another, someone from the other side would likely blow the whistle.
Regardless though, that information wouldn't just be sitting there unencrypted if there was no request look at it: there would be a paper trail that a certain individual was targeted and records pulled. That's not always the case if you just have a huge database of unencrypted communications.
> What if the NSA starts investigating the records of politicians with a anti-NSA stance?
This is a danger I am actually concerned about, but I'm also pretty sure this has been going on for decades. If not with the NSA, then with the FBI (e.g. the Hoover era).
> with power like that, they could basically destroy anyone who opposes them before they even start.
You don't even need government power to do this; the major political parties are set up with this purpose in mind. And work in politics for even a little bit and you'll realize there's not a whole lot of separation between government work and party work. I don't know that this is really much different than the status quo over the last few decades.
>there would be a paper trail that a certain individual was targeted and records pulled.
I expected this too, and I was quite surprised to hear the us government had no idea exactly what Snowden had stolen. Kinda sheds light on the "protections" they have in place, in that they didn't seem to be very good at what they're supposed to do.
Yeah, and it was a fucking embarrassment to the NSA. Their security procedures were pretty lax, especially for a three-letter agency, but that seems par for the course given the budget climate in Washington.
But the difference was that in this case, the default policy is collection. If you collect everyone's data, then no special effort has to be taken to snoop on an individual's data (besides accessing it). There might be access logs; there might not be.
If there is a process that has to be followed to initiate data collection on a target, there will certainly be records of that process because they will be required to execute the process. It's at least better than having everyone's data sit in a datacenter somewhere ready to be searched by anyone with the proper security clearance.
> They can subpoena the data and throw the person who controls the key in jail until they release it
I think, a lot of the time, they want to read data from a device owned by someone who's not jailable any more—i.e., dead people.
Reading data off the phones of murder victims—the activity you'd expect "digital forensics" to properly refer to—would be pretty useful, if it were possible. I imagine a lot of police work has gotten harder in the move from "little black books" and feature-phone contact lists to everything about a person's contacts/calendar/call history/etc. being on an FDE-ed smartphone. Manufacturer key escrow services seem almost sensible in this light.
The other use is in reading data off devices of someone who's already dead because law enforcement just killed them. I can see both good and bad outcomes of that: if it were quick to do, it would help to map e.g. a hired hitman to their client, or a gang-member to the gang-leader. But it would also encourage/enable "shoot first, ask questions [to devices] later" tactics, which is just plain horrible.
You can subpoena google for the calendar and email, Apple for iMessage routing, and the phone company for phone calls and texts. You can even get emergency warrants for that kind of thing. Then you subpoena all those contacts.
This idea that the immediate access to all of an individual's information is necessary for law enforcement to do their work is a farce, especially considering the propagation of private and public security cameras. The same logic is used to justify torture, expand SWAT and procure urban assault vehicles. These things are almost always unnecessary, impractical, or unreliable.
Yes, people can be extremely careful to avoid police. That's not the average case, and we shouldn't optimize our law enforcement for it.
Aren't active criminals generally extremely careful to avoid police (by, e.g., using burner phones?) And isn't law enforcement mostly about catching criminals? I don't see why law enforcement would be about anything other than figuring out how to catch people who are extremely careful to avoid police.
I don't disagree with your first two paragraphs. I just think the average criminal of this generation is well aware of the idea that they need to avoid putting incriminating data "in the cloud", to about the same degree that they're aware of the idea that you have to wear gloves to avoid leaving fingerprints.
If criminals were really extremely careful, they'd get burner phones with custom firmware that performs FDE without key escrow. I'm sure there are plenty of sellers who are willing to supply such phones at a high margin given the opportunity.
If it becomes a crime to encrypt your phone, only criminals will encrypt their phones.
Well the last statement is tautologically true, but yeah. Key Escrow is also impossible to enforce in user space (JavaScript), so unless you only allow signed everything, there will always be workarounds.
> Manufacturer key escrow services seem almost sensible in this light.
I understand your position, but I could not disagree more strongly with your conclusion. Many of the techniques law enforcement is complaining about losing didn't exist before cell phones (and smart phones in particular). The challenges they face in a world with FDE-by-default are not new, their biggest frustration is in losing capabilities that they feel have been valuable.
The problem with something like key escrow is that while there might be value in occasionally providing access to law enforcement, there is absolute certainty of damage in cases where the keys are lost, stolen, or compromised -- all of which happen with alarming regularity already. You can't un-ring the bell of a data loss due to compromised encryption - so the only real question is how many abuses we should be expected to endure in order to realize marginal benefits in some circumstances.
It is understandably inconvenient & frustrating for law enforcement to lose access to the contents of smartphones, but that alone is not sufficient justification for universally compromising one of the layers responsible for protecting our data.
Note that I said almost sensible. As in, "that motorcycle almost jumped that gorge." :)
And the techniques didn't exist, certainly. I'm more interested in the information itself, though. Before computers existed, all of a person's personal information was likely held on paper somewhere, either on their person or in their car or home or bank. At worst, the papers of a dead person would be locked in a safe—and law enforcement could always get a subpoena to have a safe cracked open.
Computers made the safe figurative, but FDE made the safe uncrackable, and put everything the person owns in there rather than just the stuff they think needs protecting. We really did lose something, and it's not just convenience for law enforcement; many people's entire life histories now evaporate upon their death, having been held entirely as digital artifacts on FDEed devices.
I'm not sure what to do about that. Manufacturer key escrow is obviously not the solution. I have a feeling that having a culture of peer key escrow might be, though. Teaching children that having escrowed backup keys is important, in the same way that having an emergency contact number for hospitalization is important, might help quite a bit. (We could also teach them the value of good passwords, while we're wishing for a pony.)
Right, but if I die, I don't want people accessing my phone after death. They can still get call and text metadata from the phone companies for 90+ days. In fact, I think even the text contents of SMS messages are available for 90 days. The stuff I send over encrypted services, I don't want read.
> The NSA wants to be able to easly read all traffic from everybody so they can figure out who the 'bad' people are, inside and outside of the country.
I actually don't think the NSA cares about reading traffic from everyone; they know who their targets are, and no amount of software can replace good old-fashioned investigation.
> The NSA is not actually primarly protecting the people, its protecting itself first, the government second and third, maybe the people a little bit.
The NSA is a government agency tasked with the mission of intelligence gathering outside the US. Intelligence is far more valuable when you know something and others don't. Any widely-applicable exploit of a crypto algorithm would also make it easier for other countries to break encryption. The NSA has a huge advantage over those other countries' spy agencies in the form of resources; so to protect their exclusive ability to break encryption with brute force, they need to make sure the algorithms are sufficiently strong.
It's about maintaining an exclusive capability that other countries don't have. A spy could leak information about how to exploit a crypto backdoor to other countries and render your advantage useless. A spy can leak your strategy (spend an epic fuck-ton of money on datacenters for brute forcing encryption) all they want, but that won't help your enemies break arbitrary crypto.
>I actually don't think the NSA cares about reading traffic from everyone;
Im sorry but your assumtions are just wrong. We know from Snowden that they DO collect all the data and have suffisticated search and anlysis tools for things like social graphs.
They want to know with whom the targets talk. Thats why they are doing it.
> The NSA is a government agency tasked with the mission of intelligence gathering outside the US.
That does not stop them from doing it inside.
> Intelligence is far more valuable when you know something and others don't.
Backdoors in crypto or hardware are extremly hard to find and if you pit them in, you have a huge advantage for a long time or forever.
> The NSA has a huge advantage over those other countries' spy agencies in the form of resources;
Breaking encryption with brute force just does not work. We know from the snowden leaks that they almost never go after the crypto directly.
Even if they can break RSA 4096, try breaking all the millions of https connections a day. Its even worse if its not public key crypto.
Its hard enough collect the data without breaking encryption first.
You can also combine the too. They made sure that RSA used a weak default that they could break.
You haven't rebutted his argument by adding this extra detail. Much of the personal communications infrastructure of the Internet is housed in the US; foreign targets of US intelligence use these services. It makes sense that NSA wants access to that data, and that their mission is harmed by US Internet services that provide an easy-to-use refuge from surveillance for the country's adversaries.
(I'm not making a normative argument).
I don't know what you mean by "weak defaults in RSA". You mean RSA-1024? People use RSA-1024 because, especially during the time period where TLS began being rolled out to non-commerce websites, RSA-2048 was prohibitively expensive.
You mean the (very plausible) allegation that NSA paid RSA to backdoor BSAFE, their commercial RSA library, by using Dual_EC as their default RNG. But that doesn't help your argument much either: the targets that used BSAFE were much more likely to be foreign and much less likely to be large-scale US communications infrastructure, virtually none of which uses BSAFE-encumbered software.
Just a reminder to other readers: RSA was originally the company formed in the 80s to commercialize the RSA algorithm IP. But in the mid-90s, a hardware token company called SDTI bought them and took over the RSA name. Tokens and enterprise multifactor auth have been the mainstay lines of business at RSA ever since, not crypto libraries.
> The NSA is not actually primarly protecting the people, its protecting itself first, the government second and third, maybe the people a little bit.
I wouldn't put the people that high up the list. Remember that their programs haven't been shown to save a single person. Even with the insane amount of pressure that they had because of the Snowden revelations they couldn't come up with some sort weasel logic that allowed them to claim that hundreds of lives had been saved. They don't care for that.
The terrorists have been using encryption forever and will keep doing so even if it's outlawed in major western countries. Just the other day it was reported that ISIS has its own encrypted chat app. Attempting to fuck up encryption for the masses won't help anyone.
>Remember that their programs haven't been shown to save a single person.
To be fair, any attempt the NSA did make to justify itself to the public would immediately be dismissed as propaganda, fabrication or parallel construction and entrapment. And their job doesn't require public goodwill - the people they actually have to answer to have security clearances. So if they had ironclad evidence that their methods worked, there's no reason to reveal it to you or I, Snowden or otherwise.
>IMO the entire goal of encryption tech should be to make the government incur significant costs for every invasion of privacy
The entire goal of encryption is to preserve the consent of whomever is using it. Two people wish to speak privately and don't consent to eavesdropping. Unfortunately, due to engineering realities, only the next best thing is for eavesdroppers to incur linearized costs to violate that consent. In effect this is theft of communication / information.
Correct. They support it purely for pragmatic reasons. If there was any feasible way they could implement a perfectly secure backdoor, and that it could apply to most encryption that most people use, they'd do it in a heartbeat. But they know it's not possible and never will be.
The real question is what "clever" new methods they'll invent to deal with a post-end-to-end-encryption world.
The NSA chief shouldn't be pro-encryption if they're doing their legal job: collect anything needed to advance America's interests or advise on threats to national security; protect communication security of defense-related systems. Like Hayden said, you draw a box around him and he'll push straight to the edges of it to accomplish his mission. The problem is the NSA's mission is too broad, unrealistic, and essentially evil. It basically requires them to do what they're doing as there's no other option and the I.C. will get blamed by Americans and Congress if anything happens. Surveillance and security theater follow.
This is coming from someone whose alternatively imitated them (IAD Type 1 specifically) or attempted to counter them (high assurance security) for around a decade. What goes in determines what comes out. The problem is not the NSA: it's what they're required to do and lack of strong accountability in how they do it. That they were non-threatening to Americans before 9/11 & mission expansion supports my claim.
Yep! :) That's still where the master copies of my essays and designs stay. Aside from the text file of links to them I email people on occasion. Been more INFOSEC discussions over here, though, so that's where I've been if you were wondering.
Not to mention that you cannot outlaw mathematics.
Because the only way to prevent people from sharing open source code for end-to-end encryption that takes back-doorable companies like Apple and Google out of the loop is by outlawing the math behind encryption.
That was before we had open source. It only prevented companies like Netscape and Microsoft from distributing better encryption. It can't stop individuals sharing encryption code and algorithms. All it takes is one copy to get outside the "borders"...
I would hope so. It's kind of their job. They've also published guides for strong encryption and best practices for operating systems for years. You dismiss their wealth of knowledge at your peril.
The FBI just wants to throw you in jail. What do they publish? Lists of people they want to throw in jail. Anything that stands in their way of throwing you in jail is bad, including your encrypted phone.
Right. When I try and figure out how to compare the FBI to british law enforcement I end up with "MI5 smashed together with Special Branch plus SOCA plus a bunch of other specialist bits" ... and I'm pretty sure if we'd done that it'd've been an unmitigated disaster just the same.
It was notable that there was a very brief "scandal" that MI5 had found evidence of child molestation but ignored it because they'd only found it via their ability to ignore due process in the name of national security and therefore since the information wasn't a national security issue it was filed under "not usable".
Cooler heads pointed out repeatedly that that was how it had to work to preserve due process, and it didn't stay news for long; this was, to me, the correct outcome.
(of course GCHQ is a whole different kettle of fish)
And if you read the official history of MI5 the one time an ex police man was put in charge didn't go well - and that's the official history which is going to be circumspect.
The FBI should have been reorganised along with the secret service and BATF after hoover died into two organisations one doing MI5 s role and one as a federal police force.
NSA chief can easily be pro encryption in public while breaking, subverting, and bypassing it in private as they always have. So, it's a smart position from a political standpoint. Action movie equivalent of being perceived as James Bond while pulling off super-villainy at the same time. Win win!
If the number one security vulnerability is the human element, then shifting a system's security from autonomous unbiased code to the human element is necessarily decreasing security.
Advocates for such are either deliberately malicious or grossly negligent.
A play for political power. The NSA probably doesn't care if data is encrypted---they most likely already have a back-door to take data before its encrypted or after its decrypted. So if encryption is used, the FBI will be dependent on the NSA.
I agree he's screwing around. They do care, though, because encryption makes their job more difficult. They want to be able to go through every potential source of usable intel as quickly as possible. Can't do that if they're having to sneak around with backdoors on a per device basis. They'd rather use the backdoors for attacks on high-priority targets who are dodging other stuff.
Snowden leaks confirmed that hypothesis. Probably still true for economic reasons as other commenter noted.
I disagree. While they try to build backdoors its not that simple. Even if you have backdoor to every laptop in the world, its not an easy thing to smuggle out lots of data without people noticing.
We know from Snowden that they do not have backdoors into everything.
Its about economics, if they can listen in on the exchange its essentially free. If they have to backdoor every end user device, its gone cost a literal shit ton of money.
Win 7, 8 and 10 are done. OSX has spotlight upload to microsoft in plain sight. What else does OSX have under the hood? Phones are pretty much a foregone conclusion in my estimation, with the exception of cyanogen mod or something.
They are pro encryption because they can already crack the algorithms (or already have funding to bruteforce them). Of course they'd be Pro-encryption. It's their job. They are also a state-actor.
Nobody has any proof, but it's strongly suspected. The NSA wrote or had a hand in writing every widely-supported encryption algorithm, and they have a military-scale budget (seriously; the NSA's non-clandestine budget is larger than the entire military budget of every country except the US and China) to spend on hardware to brute-force encryption. Cyberwarfare is a top strategic priority of the US Military, and cyberwarfare is made much easier when you can break encryption.
They have the motive, the resources, and the knowledge to break encryption routinely. It's also standard tradecraft for a spy agency to hide any proof that they have a capability to create uncertainty among their enemies whether or not they do. So no, nobody has proof that the NSA can break encryption, but we do have proof that they have everything they would need to develop that capability.
Brute forcing the strongest forms of modern crypto theoretically would take unfathomably amounts of energy and/or time. It's not a matter of bigger datacenters or faster hardware. Without discovering a flaw (which we have no evidence of) or inventing completely different computing paradigms (which don't exist) there's no reason to believe this is possible today.
Sure, some cryptography is weak and it's well documented. Others, well, we'd need a Dyson sphere to brute force...
> Others, well, we'd need a Dyson sphere to brute force...
Not that I'm disagreeing with you but the German High Command thought much the same about the Enigma.
The only rational response in the face of the Snowden leaks is to assume everything is compromised and either defend in depth or simply not commit it to a computer (under the assumption what you are keeping private is that important).
If I was a high end cryptographer or someone in that sphere I'd also likely be (if they aren't already) be using an air gapped machine, the threat is that pernicious.
As usual, with Enigma the human operators were the weak link. If they had used Enigma properly, it probably could not have been broken before the end of the war.
Which is reassuring but not absolute, if the NSA did have the ability to break that stuff the strategic advantage would be so high it might be classified at an entirely different level.
It is of course impossible to say without evidence.
The only safe assumption is that the NSA knows how to break modern crypto. Otherwise, you're taking a risk every time you encrypt something you don't want them looking at.
And if the NSA found a flaw in a crypto algorithm, do you really think they would leave evidence of that anywhere? You're talking about an organization that basically invented the entire idea of OpSec...
The Snowden leaks gave a pretty good picture of what the capabilities are. They do most certainly not have backdoors into every possible crypto system.
SHA1 should probably be replaced for example, but thats not all crypto by a longshot.
Their are good talks at the C3 confernce about 'Post Snowden Crypto', specially by 'ruedi'. He goes into detail about all the major crypto system and explains how risky they are, and what we know about the NSAs efforts to break them.
What Snowden leaked is a lower bound on the NSA's capabilities, not an upper one. And even in the "best" case, where he and the journalists involved exercised no discretion about what he leaked and no data was classified beyond even his access, that data is now several years old.
You dont have any evidence and making assertinons. Im basing my information on the best information we have and on the optinions of reputal cryptigraphers.
Which part of that comment was an unsupported assertion? The "assertion" that documents leaked in 2013 are now several years old? The "assertion" that not every single capability the NSA has ever developed is now public knowledge?
Any proof would obviously be classified. But there is a lot of circumstantial evidence.
1. He made the statement in the OP. That implies that normal people using modern encryption does not impose a significant barrier to the NSA doing their jobs. Contrast with the 90s when the NSA pushed for the clipper chip, presumably because they couldn't eavesdrop effectively otherwise.
2. The NSA uses its own secret suite A algorithms for things they really care about keeping secret, not the suite B algorithms like AES that they recommend for the rest of us through NIST.
Hopefully it sounds like exactly what I said it was in the first sentence. The only part I could reasonably see as being called "speculative" is the second sentence of the first item, which is clearly marked as an inference.
I am glad to hear someone making sense. All this handwavy let's just outlaw encryption babble is getting old. There are serious consequences to outlawing encryption.
Oh, and if terrorists are hell bent on attacking, they will do so with or without encryption. And no amount of data collection is going to stop them if they plan well enough.
Wasn't this the whole situation with Dual_EC_DRBG? As far as I understand (which may not be that far when it comes to cryptography, admittedly), the NSA has already been caught intentionally weakening cryptographic standards via its influence over the NIST and by paying RSA.
RSA makes Dual_EC_DRBG the default CSPRNG in BSAFE. In 2013, Reuters reports this is a result of a secret $10 million deal with NSA.
According to the New York Times story, the NSA spends $250 million per year to insert backdoors in software and hardware as part of the Bullrun program.
Several popular encryption schemes have been developed by or heavily influenced by the NSA (including algorithms mandated by FIPS and other government organizations), and there has been a lot of speculation that they added backdoors to AES and other algorithms.
So in reality they've had the ability to add backdoors all along, and it's in their best interest to keep it a secret whether they've added one, so it makes complete sense that their chief would say this.
There are two main points in this debate. Number one, we cannot abide having encryption weakened with back doors. Modern society relies on strong encryption. Number two, no amount of "magical technology" is ever going to replace human intelligence. The front lines in the war on terror is made up of human infiltrators and turncoats, not ones and zeroes.
He is most definitely not pro encryption. He is just against legal access by other agencies. He wants the NSA to have a backdoor into every possible crypto system and make them the organization every else has to come to for their data.
Not particularly surprising, the government has ways to get around the encryption anyways, it just takes longer than if they had the backdoors to go through.
that should be considered a backdoor, unless they make their findings about quantum computing public (the same goes for undisclosed "0-day" bugs that they discover).
If law enforcement needs access to encrypted data, they already have a few different ways. They can subpoena the data and throw the person who controls the key in jail until they release it, or they can just brute-force the encryption in cases of extreme national interest (it's too expensive to do for run-of-the-mill crime, but they have the capability if they really need it).
IMO the entire goal of encryption tech should be to make the government incur significant costs for every invasion of privacy they feel they have to perform. That way, they have the power to invade our privacy (and I don't think we as a populace can really stop them from having that power) but it's so expensive / cumbersome to use they really only use it in extreme cases. I'm fine with privacy being broken by the government on a case-by-case basis; the danger is when the government does a dragnet on everyone.