Thoughts about Secure Communication and Wiretapping
Secure communication is a very important cornerstone of modern network design and corporate infrastructure. The need to communicate securely is part of everyday life. Businesses, political groups, individuals, governments, non-governmental organisations, and many others use secure communication. The basic idea is that you put a decent portion of trust into the way you exchange messages. Typically the message is only seen by the sender and the recipient. Many take this property of message exchange for granted, but you have to use suitable protocols to meet this goal. Secure communication protocols usually use encryption or steganography to protect and hide the transported messages. Anyone intercepting the data transmission must not be able to decode the original message(s) sent. This is the idea, and when designing secure protocols there is no way around it. Some use cases might involve a kind of master key or key escrow in case an employee leaves the company, but any scenario does not allow the distribution of key material to untrusted parties.
Well designed secure communication is the best defence against attackers trying to intercept data travelling through the Internet (or any other network). This is why bodies such as the European Commission and the Department of Commerce in Germany issued recommendations to utilise encrypted data transmission for messaging, mainly to counter the ECHELON network (which dealt with analog data) and industrial espionage. These recommendations completely contradict the proposals for wiretapping during the Clinton era in the US. Back in the 1990s the US government proposed a mandatory key escrow service. Telecommunication companies would have to use the so-called Clipper chip for encrypted voice transmissions. The chip’s key could have been provided to governmental authorities after „establishing their authority”. Clipper would have been a mandatory backdoor to intercept communication. The concept was created in 1993 and declared defunct in 1996.
A similar call for backdoors hit the users of RIM Blackberry devices recently. Lebanon, India, Saudi Arabia and the United Arab Emirates voiced concerns about the level of security of the messaging service between Blackberry devices (and Skype and virtually every web e-mail service using SSL/TLS, possibly everything using SSL/TLS). There were threats to disable the secure communication facilities unless access to the transmitted data was provided. The Obama administration is preparing a bill for broadening the wiretapping capabilities of government departments. The details are yet to be published, but the wish-list looks similar to the Clipper chip and row over the Blackberry capabilities. If this bill really passes Congress, then it will change the way we communicate and possibly destroy or at least compromise the majority of e-commerce on the Internet. It doesn’t have to be e-commerce, take e-voting for example. In democracies your vote must remain secret. What about the trust in free elections when someone else holds the key to your ballot box?
The idea of introducing wiretapping or key escrow hooks to secure communication protocols completely defeats the purpose of this technology. Sparked by the Clipper chip initiative a group of well-known experts wrote the paper titled „The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption”. The publication outlines the technical risks, costs, and implications of deploying systems that provide government access to encryption keys (a sentence taken from the abstract). Encryption is used very widely and its deployment increases. It is a common technology. Software libraries exist, protocols are well-defined, even developer not familiar with the cryptographic foundations can use it (this being an advantage and disadvantage at the same time though). The frustration of hitting a wall of (nearly) perfect white noise when eavesdropping is understandable. Your only option is to break the code, do a traffic analysis to obtain more information or to go after the sender(s) and recipient(s). Either way you have to put some effort into your investigation. Weakening the tools for securing the information infrastructure is no solution, because the side effects hit attackers and defenders alike. The US administration says that it has to go after the Internet communication, because terrorists and criminals have ceased to use phones. The problem is that they ceased to use phones precisely because of wiretapping. There will be similar evasive actions in the future. To quote Philip R. Zimmermann, the author of PGP: „If privacy is outlawed, only outlaws will have privacy.”
Secure communication is a legitimate concern of businesses, individuals and government departments alike. If you introduce hooks into the communications channels, then you introduce flaws that can be attacked.
If you’re interested in an in-depth discussion, check out the Designing Secure Protocols And Intercepting Secure Communication by Moxie Marlinspike at DeepSec 2010.