Wanting it badly isn't enough: backdoors and weakened crypto threaten the net
As you know, Apple just said no to the FBI's request for a backdoor in the iPhone, bringing more public attention to the already hot discussion on encryption, civil liberties, and whether “those in authority” should have the ability to see private content and communications -- what's referred to as “exceptional access.”
An extended version of this piece was originally published December, 2015, on the Association for Computing Machinery’s Huffington Post blog. It has been excerpted and updated slightly here to speak to the recent news around Apple and the FBI's request for backdoor access.
We are not here to debate whether such access is useful from a policy perspective, i.e. whether it would work to stop bad guys. While a critical conversation that raises many questions, we leave that to others. We are here to review the technical realities, and to explore the impact and potential danger of such proposals from this perspective.
The ability to secure Internet technologies -- to ensure that the right people gain access to the right things, and the wrong people don't -- is what makes online banking and commerce possible, and is what allowed the Internet to become an unprecedented driver of economic and social change. This point is not up for debate. What we now need to understand is that the call to provide law enforcement (or anyone) exceptional access to communications and content poses a grave threat to the sustainability and future of the Internet: it is simply not possible to give the good guys the access they want without letting the bad guys in. There's nothing new or novel in this statement. Experts have been saying the same thing for 20 years. But while the message is old, with the integration of Internet technologies into nearly all aspects of life, the stakes are higher than they've ever been.
Machines don't know a bad guy from a good guy. Machines respond as they've been programmed to respond. Programming them (with new software, or otherwise) to open up to third parties cannot be guaranteed to limit access to only those intended: it limits access to anyone who is able to make a request in a way that the machine responds to. In the case of Apple, the FBI is requesting new software that would enable them to crack an iPhone user's password and bypass the security measures in place to prevent such intrusion. Were Apple to build such software, it would create a “backdoor” into one criminal's iPhone, and any other iPhone model with which the software requested can be used. Apple is being asked to give the FBI -- and anyone else who obtains the software in question -- a ticket to exceptional access.
The risks are not theoretical: we know of no case where adding extraordinary access capabilities to a system has not resulted in weakened security.
Take the case of the Communications Assistance for Law Enforcement Act (CALEA), a 1994 law designed to make it easier for US law enforcement to tap phone conversations. Under this law, telephone companies had to design their systems to allow wiretapping -- adding a vector for extraordinary access (similar in kind to what's being requested of Apple). It was due to CALEA-mandated wiretapping capabilities that, in 2012 all of the Department of Defense's phone switches were reported to be vulnerable. Similar capabilities, built to comply with CALEA-like laws, were exploited to eavesdrop on the phone conversations of Greece's Prime Minister and those of at least 100 other dignitaries and politicians, some of them US diplomats. It was these same mechanisms that were used to illegally tap phone conversations of at least 5000 people in Italy. In the Greek case, it's unclear who did it. In the Italian case, the crime appears to have been authorized by a high-ranking official at the Italian SISMI military intelligence agency. From our perspective it doesn't matter -- if the means for extraordinary access weren't there, these crimes almost certainly wouldn't have happened.
The fact that backdoors create technical vulnerabilities is not the only issue. In a global world, in which multinational companies like Apple deploy hardware, applications, and communications services to markets everywhere, how do we determine whose law enforcement and government should be allowed to use this exceptional access, and for what purpose? Who are the “good guys,” and according to whom? Should the Chinese, Canadian, US, and South Sudanese governments all be granted access under the same terms? Whose agendas and policies do we favor, and what does consensus look like? Who governs and audits such decisions, and how can they be implemented in an industry reliant on innovation and speed? And, finally, how do we program millions of machines to respect the huge and dynamic complexity of such decisions, assuming such a process is even possible?
Combine the technical realities with these procedural questions, and you see a recipe for potentially security disaster. Imagine if it weren't phone switches that were vulnerable via exceptional access capabilities, but the computers that run critical national infrastructure, the databases that store medical records, the intellectual property of major US economic interests, the engines of the global financial industry. Closer to home, imagine the frighteningly-plausible scenario of a bad actor obtaining the FBI-requested iPhone cracking software, and using it not to catch criminals but to access national secrets, intellectual property, or personal information from high-ranking officials and businesspeople. Now recognize that misuse only has to happen once to cause unspeakable harm to national economic and security interests.
None of this means that the job of tracking and apprehending terrorists and other wrongdoers on a global scale is easy. Or that the frustration felt by those tasked with keeping populations safe isn't very real. However, the palpable immediacy of these problems does not mean that extraordinary access is a workable idea. Put another way -- however much it might appear like exceptional access is a silver bullet, it is not. Instead such a path would weaken our collective security.
 In using the term “exceptional access” we take our lead from the authors of 2015's definitive and highly-recommended Keys Under Doormats paper, who in turn followed the lead of the “1996 US National Academy of Sciences CRISIS report in using the phrase ‘exceptional access' to mean that ‘the situation is not one that was included within the intended bounds of the original transaction.'”
 A post from the security firm Trail of Bits does a lovely job reviewing the technical specifics and feasibility of the request.
 In an order from a judge, the FBI requested Apple create “limited” custom software that would work to provide access only to the iPhone in question. Many knowledgeable people have affirmed that this is, theoretically, possible, using a per-phone identifier that would ensure the software executed solely on the one device. Apple claims that it is not able to guarantee such software is limited in such a way (a reasonable claim, given the complexity of what's being requested). The key point is that Apple is being asked to create a system that, even if limited, could be used again with only slight modifications, that sets a precedent under a troubling law, and that announces to the world in the US and beyond a means of backdoor access.
Meredith Whittaker and Ben Laurie are co-founders of Simply Secure, an organization that focuses on improving the design of secure technologies. This among many other things.
Detectives from Scotland Yard’s cybercrime unit decided the easiest way to get around their suspect’s careful use of full-disk encryption and strong passphrases on his Iphone was to trail him until he made a call, then “mug” him by snatching his phone and then tasking an officer to continuously swipe at the screen to keep […]
Last week, the San Francisco Municipal Light Rail system (the Muni) had to stop charging passengers to ride because a ransomware hacker had taken over its network and encrypted the drives of all of its servers.
Apple has acknowledged that its Icloud service is a weak link in its security model, because by design Apple can gain access to encrypted data stored in its customers’ accounts, which means that the company can be hacked, coerced or tricked into revealing otherwise secure customer data to law enforcement, spies and criminals.
The Boing Boing Store’s Gift Guide is full of ideas for pretty much anyone in your life like hipster ice cub trays, Xbox controllers, Halo Boards, and even diamond necklaces. As always, all products in the Boing Boing Store come at great discounts, too. Shop by price bucket starting at under $20. Under $20:Bloxx Jumbo Ice Trays […]
Unlike traditional lighters, the SaberLight features an electronic plasma beam that’s both rechargeable and butane-free. This sleek lighter is even approved by TSA, so you’ll never be stuck buying lighters you’ll just have to throw away partially used. For some people, like me, this is a pretty big game-changer. The SaberLight’s beam is actually both hotter and cleaner […]
Holiday shopping is in full swing, and the Striiv Touch is one of the best gift ideas I’ve landed on. Its simple design works for females and males, and its wide range of features makes it suitable for even the non-fitness enthusiasts in your life.Unlike traditional fitness trackers, the Striiv Touch also acts as a smartwatch. It […]