Closing the Cultural Chasm on Crypto

MercutioI like to say that engineers make lousy politicians and politicians make lousy engineers.  When we each try to do the other one’s job, it’s time to admit that we have a problem.

Even before the Paris attacks, the British Prime Minister David Cameron was already reacting to Apple and Google refusing to hold in escrow encryption keys necessary to decrypt data on their devices.  In the wake of those attacks, the UK, the FBI and CIA directors have increased the drum beating.  At the same time, some members of the technical community have come to conclude that the sun shines out of the posterior of Edward Snowden, and that all government requirements are illegitimate.  This came to a remarkable climax in July when Snowden appeared at an unofficial event at the  Internet Engineering Task Force  (IETF) meeting in Prague.

A lot of the current heat being generated is over the notion of key escrow, where someone holds encryption keys such that private communications can be accessed under some circumstances, such as life or death situations or when a crime has been committed.

Now is the perfect time for both sides to take a deep breath, and to take stock of the current situation.

1. We cannot say whether any sort of encryption rules would have prevented the Paris attacks.

There are conflicting reports about whether or not the terrorists used encryption.  What might have been is impossible to know, especially when we do not intimately know the decision makers, at least some of whom are now dead.  We do know that Osama bin Laden refused to use a cell phone long before any of the Snowden revelations were made.  He knew that he was being watched, and he knew that he had a technical disadvantage as compared to the U.S. eyes in the sky.  It is a sure bet that even if these attackers didn’t use encryption, some attackers in the future will.

On the other hand, we also know that people tend to not secure their communications, even when the ability to do so is freely available.  As a case and point, even though it has been perfectly possible to encrypt voice and email communications for decades, both continue to this day, and have been instrumental in unraveling the Petrobras scandal that rattled the Brazilian government.

2.  Encryption is hard.

We’ve been trying to get encryption right for many decades, and still the best we can say is that we have confidence that for a time, the best encryption approaches are likely to be secure from casual attacks, and that is only when those approaches are flawlessly implemented.  A corollary to this point is that almost all software and hardware programs have vulnerabilities.  The probability of discovery of a vulnerability in any deployed encryption system approaches 100% over time.  Knowing this, one test policy makers can apply regarding key escrow is whether they themselves would be comfortable with the inevitability that their most private personal communications being made public, or whether they would be comfortable knowing that some of their peers at some point in the future will be blackmailed to keep their communications private.

To make matters worse, once a technology is deployed, it may be out there for a very long time.  Windows 95 is still out there, lurking in the corners of the network.  It’s important to recognize  that any risk that legislation introduces may well outlast the policy makers who wrote the rules.  Because we are dealing with the core of Internet security, a “go slow and get it right” approach will be critical.

3.  There are different forms of encryption, and some are easier to “back door” than others.

When we speak of encryption let us talk of two different forms: encryption of data in flight, such as when a web server sends you information or when you and your friends communicate on Skype, and encryption of data at rest, such as the files you save on your disk, or the information stored in your smart phone or tablet.  Many enterprises implement key escrow mechanisms today for data at rest.

Escrowing keys of data in flight introduces substantial risks.  Each communication uses session keys that exist for very short periods of time, perhaps seconds, and then are forgotten or destroyed.  Unlike data at rest, escrowing of keys for encryption of data in flight has not been done at scale, and has barely been done at all.  To retain such keys or any means to regenerate them would risk allowing anyone – bad or good – to reconstruct communications.

4.  Engineers and scientists are both advisers and citizens.  Policy makers represent the People.

It has been perfectly possible for Russia and the United States to destroy the world several times over, and yet to date policy makers have stopped that from happening.  Because something is possible doesn’t necessarily mean it is something we do.  Even for data at rest, any time a private key is required anywhere in the system it becomes a focal point for attack.  But new functionality often introduces fragility.  The question of whether it is worth fragility is inherently political and not technical.

The technical community that consists of scientists and engineers serve a dual role when it comes to deciding on the use of technology for a given purpose.  First, they can advise policy makers as to the limits and tradeoffs of various technology.  Members of the technical community are also citizens who have political views, just like other citizens.  It’s important for that they make clear which voice they are speaking with.

Screen Shot 2015-11-19 at 2.47.37 PMRFC 1984 famously makes the point that there is an inherent challenge with key escrow, that if one country mandates it, then other countries can also mandate it; and that there will be conflicts as to who should hold the keys and when they should be released.  Those questions are important, and they are inherently political as well.  To the left is a Venn diagram of just a handful of countries- the United States, Iran, China, and France.  Imagine what that diagram would look like with 192 countries.

Professor Lawrence Lessig famously wrote that code (as in computer code) is law.  While it is true in a natural sense that those who develop the tools we use can limit their use by their design, it is also the case that, to the extent possible, in a democratic society, it is the People who have the last word on what is law.  Who else should get to decide, for instance, how members of society behave and how that behavior should be monitored and enforced?  Who should get to decide on the value of privacy versus the need to detect bad behavior?  In a democracy the People or their elected representatives make those sorts of decisions.

5.  Perfect isn’t the goal.

Any discussion of security by its very nature involves risk assessment.  How much a person spends on a door lock very much depends on the value of the goods behind the door and the perceived likelihood of attacker trying to open that door.

Some people in the technical community have made the argument that because bad guys can re-encrypt, no escrow solution is appropriate.  But that negates the entire notion of a risk assessment.  I suspect that many law enforcement officials would be quite happy with an approach that worked even half the time.  But if a solution only works half the time, is it worth the risk that is introduced by new components in the system that include new central stores for many millions of keys?  That is a risk assessment that needs to be considered by policy makers.

6.  No one is perfectly good nor perfectly evil.

By highlighting weaknesses in the Internet architecture, Edward Snowden showed theEdward Snowden technical community that we had not properly designed our systems to withstand pervasive surveillance.  Whether we choose to design such a system is up to us.  The IETF is attempting to do so, and there is good reason for that logic: even if you believe that the NSA is full of good people, if the NSA can read your communications, then others can do it as well, and may be doing so right now.  And some of those others are not likely to fit anyone’s definition of “good”.

On the other hand, while it is beyond an open secret that A fallen angelgovernments spy on one another, Snowden’s release of information that demonstrated that we were successfully spying on specific governments did nothing more than embarrass those governments and harm U.S. relations with their leaders.  Also, that the NSA’s capability was made public could have contributed to convincing ISIS to take stronger measures, but as I mentioned above, we will never know.

So What Is To Be Done?

History tells us that policy made in a crisis is bad.  The Patriot Act is a good example of this.  So too was the internment of millions of Americans of Japanese descent in World War II.  The birth of the Cold War gave birth of a new concept: McCarthyism.

And so my first bit of advice is this: let’s consult and not confront one another as we try to find solutions that serve the interests of justice and yet provide confidence in the use of the Internet.  Policy makers should consult the technical community and the technical community should provide clear technical advice in return.

Second, let’s acknowledge each others’ expertise: people in law enforcement understand criminology.  The technical community understands what is both possible and practicable  to implement, and what is not.  Policy makers should take all of this into account as they  work with each of these communities and their constituents to find the right balance of interests.

Third, let’s recognize that this is going to take a while.  When someone asserts that something is impossible or impracticable, we are left with research questions.  Let’s answer them.  Let’s be in it for the long haul and invest in research that tests what is possible and what is not.  While not ultimate proof, researching various approaches will expose their strengths and weaknesses.  Ultimate proof comes in the form of experience, or as my friends in the IETF like to say, running code.  Even if we get beyond the technical issues involved with escrow, policy makers will have to answer the question as to who gets to hold the keys such that people can be reasonably assured that they’re only being released in very limited circumstances.  That’s likely to be a challenging problem in and of itself.

Fourth, the law of unintended consequences applies.  Suppose policy makers find common cause with a specific group of countries.  The other countries are still going to want a solution.  How will businesses cater to one group of countries but not another?  Policy makers need to be aware that any sort of key escrow system may put businesses in an impossible situation.

Finally I would be remiss if I didn’t make clear that everyone has a stake in this game.  Citizens are worried about privacy; governments are worried about security; industry is concerned about delivering products to market in a timely fashion that help the Internet grow and thrive.  Bad guys also have interests.  Sometimes we end up assisting them when we strike balances.  What is important is that we do this consciously, and that when necessary, we correct that balance.

IANA Transition is on track for protocol parameters

In March of this year U.S. Assistant Secretary of Commerce Larry Strickling announced the administration’s desire to withdraw from its oversight role over Internet naming, numbering, and protocol parameters.  In that announcement he called for the community to come up with a proposal that I can submit through ICANN.  Since that time, the community organized the IANA Coordination Group, develop a timeline, rolled up our sleeves, and got to work.

Now the first part of the proposal is nearly ready. The Internet Engineering Task Force who are responsible for policies relating protocol parameters has issued a last call on the draft that will be submitted to the ICG.  Both the  naming and  number and communities are not far behind.

It was disappointing yesterday to see Gordon Crovitz complaining about a lack of progress in yesterday’s Wall Street Journal, attempting to get the blame on President Obama.   Crovitz acknowledged that nothing was broken. I agree.  In fact in the process of developing the IETF part of the proposal, not a single person complained about the operational performance of the IANA staff. When a government role isn’t needed, it shouldn’t be performed, since it just costs U.S. taxpayer money.  Oddly in this instance, Mr. Crovitz likes big government.

Mr. Crovitz also asserted that the NTIA direction would put the IANA functions into the hands of other governments.  In point of fact all the proposals are being developed by the private sector, and the Internet technical community. While other governments may not trust United States to manage domain names, they do trust the private sector to do so.  Sec. Strickling’s deft move provided strong support for United States positions at the recent ITU plenipotentiary conference in Busan, South Korea, that kept excessive government control of the Internet at bay.

Since we’re not in a hurry to fix something we might as well get the job done right so that the transition can succeed.  The issues around Internet governance are complex and require serious consideration.  While all institutions such as ICANN hold a public trust, abuse should only be heaped on them when it’s deserved.  Today it was not.    Instead what we saw it was a vindictive commentator attempting to score cheap political points against the administration at the expense of hard-working people and the long term interests of the Internet as a whole.

But don’t let the facts get in the way of good column.

It doesn’t matter that much that Apple and Google encrypts your phone

Apple’s and Google’s announcements that they will encrypt information on your phone are nice, but won’t help much. Most data is in the cloud, these days; and your protections in the cloud are governed by laws of numerous countries, almost all of which have quite large exceptions.

CybercrimeAt the Internet Engineering Task Force we have taken a very strong stand that pervasive surveillance is a form of attack.  This is not a matter of lack of trust of any one organization, but rather a statement that if one organization can snoop on your information, others will be able to do so as well, and they may not be so nice as the NSA.  The worst you can say about the NSA is that a few analysts got carried away and spied on their partners.  With real criminals it’s another matter.  As we have seen with Target, other large department stores, and now JP Morgan, theirs is a business, and you are their commodity, in the form of private information and credit card numbers.

So now here comes Apple, saying that they will protect you from the government.  Like all technology, this “advance” has its pluses and minuses.  To paraphrase a leader in the law enforcement community, everyone wants their privacy until it’s their child at risk.  However, in the United States, at least, we have a standard that the director of the FBI seems to have forgotten- it’s called probable cause.  It’s based on a dingy pesky old amendment to the Constitution which states:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

So what happens if one does have probable cause?  This is where things get interesting.  If one has probable cause to believe that there is an imminent threat to life or property and they can’t break into a phone, then something bad may happen.  Someone could get hurt, for instance.  Is that Apple’s fault?  And who has the right to interpret and enforce the fourth amendment?  If Apple has a right to do so, then do I have the right to interpret what laws I will?  On the other hand, Apple might respond that it has no responsibility to provide law enforcement anything, and all it is doing is exercising the right of free speech to deliver a product that others use to communicate with.  Cryptographer and Professor Daniel Bernstein successfully argued this case in the 9th Circuit in the 1990s.  And he was right to do so, because going back to the beginning of this polemic, even if you believe your government to be benevolent, if it can access your information, so can a bad guy, and there are far more bad guys out there.

Apple hasn’t simply made this change because it doesn’t like the government.  Rather, the company has recognized that for consumers to put private information into their phone, they must trust the device to not be mishandled by others.  At the same time, Apple has said through their public statements that information that goes into their cloud is still subject to lawful seizure.  And this brings us back to the point that President Obama made at the beginning of the year: government risk isn’t the only form of risk.  The risk remains that private aggregators of information – like Apple and Google or worse, Facebook– will continue to use your information for whatever purposes they see fit.  If you don’t think this is the case, ask how much you pay for their services?

And since most of the data about your or that you own is either in the cloud or heading to the cloud, you might want to worry less about the phone or tablet, and more about where your data actually resides.  If you’re really concerned about governments, then you might also want to ask this question:  which governments can seize your data?  The answer to that question is not straight forward, but there are three major factors:

  1. Where the data resides;
  2. Where you reside;
  3. Where the company that controls the data resides.

For instance, If you reside in the European Union, then nominally you should receive some protection from the Data Privacy Directive.  Any company that serves European residents has to respect the rights specified in that.  On the other hand, there are of course exceptions for law enforcement.  If a server resides in some random country, however, like the Duchy of Grand Fenwick, perhaps there is a secret law that states that operators must provide the government all sorts of data and must not tell anyone they are doing so.  That’s really not so far from what the U.S. government did with National Security Letters.There’s a new service that Cisco has rolled out, called the Intercloud that neatly addresses this matter for large enterprises, providing a framework to keep some data local, and some data in the cloud, and the enterprise has some control over which.  Whether that benefit will extend to consumers is unclear.In the end I conclude that people who are truly worried about their data need to consider what online services they use, including Facebook, this blog you are reading right now, Google, Amazon, or anyone else.  They also have to consider how if at all they are using the cloud.  I personally think they have to worry less about physical devices, and that largely speaking Apple’s announcement is but a modest improvement in overall security.  The same could be said for IETF efforts.

How to speak the truth and yet lie? Ask General Alexander

Old joke in the industry: the difference between a sales person and marketing person is that the marketing person knows when he’s lying.  Which is General Alexander?

Let’s appreciate that the head of a spying agency is in a tough spot.  Allies and citizens of the U.S. alike are outraged, making an actual dialog difficult.  Leaders, however, must address hard issues head on and truthfully; and they must demonstrate command of the subject matter, or we waste our time.

Let’s go through some of the General’s statements:

“the assertions… that NSA collected tens of millions of phone calls [in Europe] are completely false”.

– From a BBC article

Maybe, but he and the president have in the past made the distinction between so-called “meta-data” (which the rest of us just call “data”).  And so maybe the NSA doesn’t have access to the calls, but he has not denied that they have access to who people called, the time and date they called, and for how long.  What is the truth?

Yesterday The Washington Post dropped another Snowden bombshell, indicating that the NSA was intercepting Google customer traffic by tapping into their communications lines.  The Guardian had previously reported that GCHQ was tapping fiber cables.  Alexander’s response, this time?

This is not NSA breaking into any databases. It would be illegal for us to do that. So, I don’t know what the report is. But I can tell you factually we do not have access to Google servers, Yahoo servers. We go through a court order.–From CNN

Except in this case, the NSA is not accused of breaking into servers, but rather tapping communications off of fiber cables.  By answering a charge that wasn’t made, either general doesn’t understand the issue and therefore cannot meaningfully inform the President or the public, or he does understand the truth and is intentionally prevaricating to the public.  What is necessary is a public debate over the policy issues relating to surveillance, and when it should and should not be authorized.  The people leading that dialog should be truthful and informed.

I’m sure the general is aware that everyone has their day of reckoning.  It’s time for his.  The president needs to find a new director of the NSA who can intelligently advance an honest discourse.

Is Bitcoin Really Money Laundering?

For those who don’t know, BitCoin is an attempt at a new type of currency, one that isn’t linked to any nation.  In a way, bitcoin is a lot like gold or other commodities, only it differs in that you don’t actually have to ship anything around or even keep trading futures to stay in the game.  Still it accrues similar benefits as gold. In fact there is a bitcoin to gold price, based on milligrams of gold.  As you can see the number of milligrams one gets for a bitcoin has gone from about 300 in January to about 3,300 in October.  Bitcoins have clearly paid off for some people.

One of the other goals of bitcoin is that they be as anonymous as cash.  This is where the problems start.  Let’s say you want to sell a few bitcoins, and receive American dollars.  One question is simply this: do you have to list the sale on Schedule D?  I am no accountant, but I would think the answer would be “yes”.  Now let’s say that instead of selling them, you are just holding them, and let’s for the sake of argument say that you have $500,000 worth of bitcoins.  Do these represent foreign assets?  If so, you are required to file forms with both the Treasury (TD-F 90-22.1) and the relatively new IRS Form 8938.

Those who in any way behave like banks will find that the Treasury department expects them to do all the things banks do.  That includes reporting on suspicious transactions or any transaction over $10,000.

This hasn’t stopped people from attempting to hide transactions.  Here’s an article from CNN about a guy who attempted to do all sorts of nasty things with Bitcoins.  This led to a huge drop in their value, almost overnight.

chart

 

 

So, now the question: are bitcoins here to stay or are they a passing fad (read: pyramid scheme)?   The entire technical premise of bitcoins is in fact that they can be anonymously traded.  The bad news for people with bitcoins is that because there is no single management point that has guns (thus differentiating them from a classic currency), unless the likelihood is that those with the guns will want to limit or prohibit this sort of transaction; especially in large quantities.

A similar situation arose in 2001 when the U.S. government began to crack down on those using the old mechanism known as Hawala, even though the mechanism is legal.  And so one question is simply this: are bitcoins really anonymous?  A researcher named Sarah Meiklejohn will present a paper at SIGCOMM this month on just what law enforcement capabilities there are.  Watch that spot.