Encryption, Ghosts, Backdoors, Interception, and Information Security
While talking about mobile network security we had a little chat about the things to come and to think about. Compromise of communication is a long time favourite. Hats of all colours need to examine metadata and data of messages. Communication is still king when it comes to threat analysis and intrusion detection. That’s nothing new. So someone pointed into the direction of an published article. Some of you may have read the article titled Principles for a More Informed Exceptional Access Debate written by GCHQ’s Ian Levy and Crispin Robinson. They describe GCHQs plan for getting into communication channels. Of course, “crypto for the masses” (yes, that’s crypto for cryptography, because you cannot pay your coffee with it) or “commodity, end-to-end encrypted services” are also mentioned. They explicitly claim that the goal is not to weaken encryption or defeat the end-to-end nature of the service. Instead they propose to take advantage of existing weaknesses in the implementation. This can either be done by using an exploit, or it can be accomplished by the lack of identity verification, for example in (large) groups such as chats. This is not a new idea. Basically this technique was and is being used throughout the ages, with or without the Internet.
Matthew Green has written a comment on these ghost users or ghost devices. The key point is not to be distracted by the amicable style of GCHQs proposal. It boils down to changes which will weaken the security of the system, or to using communication infrastructure which is less secure, because it allows either backdoors or has no end-to-end encryption. The discussion can be seen as a preparation for adopting legislative measures such as Australia’s Assistance and Access Bill 2018. This bill has drawn a lot of criticism. If One Eye does it, why shouldn’t the remaining Four Eyes? We recommend Matthew’s article to anyone who relies on secure communication.
In case you had not time following the news regarding interception of communication – nothing has changed. Either you have a secure system (of which end-to-end encryption is a key component), or you don’t. It doesn’t matter if you rephrase the idea of having escrow keys, backdoors, or strategic weak points in a communication architecture. The principles are the same. The worst case scenario is the fact that we keep collecting extra 0day exploits for legal reasons. That’s not information security, it’s something radically different.