
The second crypto war and the future of the Internet - grey-area
https://agenda.weforum.org/2015/01/the-second-crypto-war-and-the-future-of-the-internet/
======
UVB-76
_> If you’re using an up-to-date iPhone to send a text message to another
iPhone user, and the little bubble containing your message is blue, then
neither Apple, nor your ISP, nor any law enforcement agency tapping into the
transmission line is likely able to read the contents of the message._

That is incorrect and dangerous advice to give users.

As has been discussed before, as long as Apple controls the public key
exchange process, they have the capability to intercept and decrypt your
messages if they wish, or are compelled to do so.

~~~
rdl
Apple also controls the OS on both sides, and could silently push a "special"
update to virtually anyone. If e.g. Abu Bakr al Baghdadi had an iPhone and was
communicating with operations, and that phone could be identified, it'd be a
race at NSA/TAO between compelling or technically subverting Apple to push
such an update (if there is no other better solution), and the incoming
Hellfire missile from CIA.

That said, iMessage in design and even implementation is utterly amazing
compared to the normal quality of such systems from big companies. It is by
far the most secure large-scale easy to use communications system available
today. I think WhatsApp/Moxie-enhanced will probably surpass it when
available, but that's an add-on application. iMessage is an out of the box
default.

~~~
anonbanker
> Abu Bakr al Baghdadi had an iPhone and was communicating with operations,

I don't know what is more stunning; the blatant racism, or the fact that
nobody seems to care about it.

~~~
Khaine
How is that racist?

~~~
DanBC
Anonbanker doesn't know who Abu Bakr al Baghdadi. So, if you think it's just
some made up name it does come across as racist.

~~~
anonbanker
DanBC speaks truth, and I stand with egg on my face for playing the racism
card, when it turned out I was actually the racist one for assuming the name
was a joke.

------
oconnore
The difference is that most devices are now running strictly proprietary
software. The crypto war and the "war on general purpose computing" mean that
privacy is being attacked from two fronts, not just one.

In the '90s, you could distribute code for PGP in a book, and effectively
circumvent regulation. Now, you can ban encryption apps in the walled garden
and effectively shut down an entire genre of computation.

~~~
zxcvcxz
How can you tell when a closed source application is really secure? Is there a
way to be 100% sure or does it always rely on a certain amount of trust in the
developers/distributors? Sorry if it seems like a dumb question..

~~~
api
You can't, at least not practically. You could do debug/trace analysis and
reverse engineer but that'd be a massive undertaking.

But it's also quite hard to tell if an open source application is secure. Do
you have time to audit thousands of lines of impenetrable C/C++/Java/Go/etc.
code? The rash of OpenSSL bugs we've had recently shows that "Linus's law"
really doesn't work -- the fact that the code _can_ be audited openly doesn't
mean anyone is going to spend the time to actually do it. People are busy.

It comes down to the question of "how paranoid are you?"

If I were _highly_ paranoid I'd take a defense in depth strategy -- layer
multiple cryptosystems, possibly on multiple OSes/platforms, etc. But that
level of paranoia comes at a price of course, both in setup time and overhead.

iMessage is pretty good for every day use. PGP is probably better since you
have greater transparency, but is less convenient. SSH and SSL are also pretty
good for every day use. But I would trust none of those things to protect me
from the NSA or a very well funded criminal adversary.

~~~
gknoy
Open source still has its security benefits. When an exploit is publicized,
the "fix" for it can be highly scrutinized, and people can comment
meaningfully on whether it actually fixes it, and can contribute their own. I
remember looking at diffs and the accompanying analysis when heartbleed was
out, and it was informative and reassuring.

When an exploit in closed source software is publicized, we have to take their
word for it that it gets fixed.

------
ewzimm
The first sentence sums up what's wrong with government reactions to crypto.

>[...] for the first time in history, anyone could encode and exchange a
message that no law enforcement agency had the technical ability to intercept
and decode.

Here's one famous counterexample: [https://en.wikipedia.org/wiki/One-
time_pad](https://en.wikipedia.org/wiki/One-time_pad)

People have always been able to communicate secrets. I don't underestimate the
value of doing it conveniently, and obviously many people have been caught by
lazily talking on a wiretapped phone, but the crypto war is only a war on
convenience. There can't possibly be an effective war on communicating secrets
unless people just give up trying. If governments want to fight it, they
should at least be honest and say they're fighting convenient crypto, not
crypto in general. They're fighting crypto that average people can access
easily, crypto that makes everyday privacy achievable, not crypto used by
coordinated criminals. At least it would make more sense and could lead to a
reasonable debate.

~~~
lukifer
Given the "code == speech" SCOTUS ruling, they may not be able to outlaw
crypto tech itself, but they can damn sure throw you in a cage for using it,
based on ISP monitoring and mandatory key disclosure.

As with guns, the criminals will simply ignore the law. Anti-crypto
legislation will be aimed squarely at We The People.

~~~
ewzimm
I agree, but I also think if that happens, crypto will adapt to things like
custom protocols built to be indistinguishable from regular traffic.

The great thing about code is that there's usually a way to change the rules.
The scary part is that it leads to an endless arms race.

~~~
crpatino
> crypto will adapt to things like custom protocols built to be
> indistinguishable from regular traffic.

The name is steganography, and has been used since ancient times.

The best way to ensure the secrecy of a message is to prevent the adversary
from learning the existence of the message. Second best is to provide a bunch
of big dumb decoys for the real message to hide.

------
IshKebab
Despite what Apple say, they _can_ read their messages. The NSA could get a
secret court order that says "Please silently disable encryption for user Dave
Jones in your next software update and forward his messages to us. Tell no-
one."

I don't see how Apple could avoid that - the government already uses secret
legal means to make them do things they don't want to and prevent them from
telling anyone. This is no different.

------
lawl
The cloudflare CEO talks about "SSL added and removed here" [0].

Then I go to their website [1], and see that unfortunately they forgot to add
this annotation in the description of their product [2].

Could anyone tell them please :)?

[0] [https://agenda.weforum.org/wp-
content/uploads/2015/01/prince...](https://agenda.weforum.org/wp-
content/uploads/2015/01/prince-1024x768.png)

[1] [https://www.cloudflare.com/ssl](https://www.cloudflare.com/ssl)

[2]
[https://www.cloudflare.com/images/ssl/ssl.png](https://www.cloudflare.com/images/ssl/ssl.png)

~~~
austerity
They are very clear and upfront about it and there are many cases where their
simplest offering (the one with no encryption behind edge server) is good
enough.

~~~
lawl
except the one with selfsigned certs doesn't really make a difference, and
even for the last one as far as i know they still decrypt and recrypt stuff
with their own key to be able to do caching etc.

Meaning, it's still not end to end, which is what you would expect when you
hear SSL. Where are they upfront about that?

------
MarcScott
I've created a little series of lessons to teach our Year 8 (12yo) students
about cryptography, as a direct response to all this rubbish.

[https://bournetocode.com/projects/8-CS-
Cryptography/](https://bournetocode.com/projects/8-CS-Cryptography/)

If there is a second crypto war, I want my students to have a little bit of a
head start.

~~~
aethertap
This is cool, thanks for sharing. I'm passing it on to the relevant teachers
at our school.

------
yarper
[https://en.wikipedia.org/wiki/CipherSaber](https://en.wikipedia.org/wiki/CipherSaber)

This is the best relic from the past war. We may need a new one soon...

~~~
juliangoldsmith
Are current ciphers even simple enough for something like that? RC4 is pretty
trivial to implement, but I think of AES as being pretty complex.

~~~
ryan-c
Part of the point of CipherSaber was that not only is RC4 trivial to
implement, but it is feasible to do so _entirely from memory_. I can't think
of any other cipher that comes close to that except for maybe XXTEA (and it's
progenitors, TEA and XTEA).

RC4 is so trivial that several people (including myself) were able to write
implementations that fit in a single tweet.

------
srj
I feel this is the largest threat to freedom in the US in a long time,
possibly ever. If the US has the ability to decrypt traffic from all of the
major players I think, based on their history, they'll likely try to collect
everything. All emails, purchases, internet searches, and so on would be
cataloged. For example, if I applied for a government job in the future I
could have my allegiance called into question for writing this comment. They
would easily know who all but the most vigilant are based on information
provided during purchases, correlated with IP addresses and cookie
information.

The real criminals of course would use any number of other systems (say those
based in other countries) which would not be collected in the dragnet. It
would only be the average citizen who suffers.

~~~
lbarrett
Yeah. The irony I see in all of this is that the government did this to
themselves. Government overcollection of information led to public need for
encryption, which in turn led to the fact that the government can't collect
information when it _does_ have a legal mandate to do it.

The best answer here is: the government should obey the laws and not spy on
citizens, and maybe then the citizens won't seek refuge.

------
wahsd
I don't quite understand how the government thinks this will go. How do they
think they are going to prevent encryption?

Also, does anyone else realize that they are essentially expecting to have no
limitations? They want to, not only be able to essentially have access to your
person at any time ... which is understandable to a certain extent ... under
authority of a legal and proper warrant; but they now also want to be able to
monitor and track every single thing you do and are at all times for future
recall. Essentially, they are wanting to be able to reference the experience
of your life, approaching your memory.

So what stops the government from reading your memories, once that technology
is fine tuned? We are seriously on a precipice here, because humanity's
political and civil society has not caught up to the exponential advances in
technology.

The last time such a mismatch existed it resulted in WWI and WWII. Before we
emerged, mumbling .... "WTF, just happened"

------
golemotron
> British Prime Minister David Cameron recently pledged that “modern forms of
> communication” should not be “exempt from being listened to.”

Why not? By the same logic, tables at all restaurants should be bugged.

Before technology, when people met the only way to know what they were saying
was to be there. The world survived that.

------
p01926
While certainly not a magic bullet, zero-knowledge systems are our best last
line of defence against zero-day exploits. As the author is the CEO of the
company that issued the infamous "Heartbleed Challenge", he should acknowledge
that far from being some war of geeks vs spies, it's geeks vs malicious
hackers. Yes, as far as Google's concerned, GCHQ fits that description, but
it's silly to claim it's just about them. Even if you consider some
intelligence agencies benign, there are a hundred-fold more that definitely
aren't.

And the only underestimation happening here is the politicians'. If the
cryptopocalypse were to happen tomorrow (i.e. David Cameron's fantasy),
modernity would end as we know it. Financial markets wouldn't so much collapse
as cease to exist. Hungarians recently took to the streets over a tax on data;
what would happen if e-commerce became impossible? Imagine the impact on the
rule of law if 10% of the economy disappeared overnight. Encryption isn't a
threat to LE, it's the only thing protecting them from a nightmare.

------
yuhong
BTW, the infamous 40-bit limit was set as part of a deal between NSA ans SPA
in 1992, and applied to the RC2 and RC4 algoritms.

~~~
gonzo
CMDF (DES w/ 40-bit keys), too.

~~~
yuhong
I am talking about what was guaranteed to be exportable under the "7-day"
review process, though 40-bit was a good rule of thumb for other algorithms.

------
w8rbt
When everything on the wire uses strong crypto, the only useful network data
will be metadata. It will be interesting to see how traditional network
IDS/IPS evolve to handle this. The signatures will be useless when they can't
parse plaintext packets. Of course, orgs can always attempt to terminate SSL
and do things with the cleartext packets, but that can get dicey.

Strong encryption on the wire (in transit) also renews the focus on the end
points. The data are plaintext in memory on the devices. If the end points can
be compromised, the data access problem is solved. Lot's of people are writing
exploits (both good and bad guys) to do that.

When you combine network metadata with local device data, you've got a pretty
complete picture.

~~~
mirimir
Right. End-to-end encryption is just one of three key aspects. The second is
hiding or randomizing metadata. Old-school Mixmaster nyms with Tor transport
and alt.anonymous.messages as inbox does a good job. It's fatal weaknesses are
complexity, and consequently small anonymity space.

Services such as CounterMail, Tutanota and ProtonMail are taking user-friendly
(abeit weaker and proprietary) approaches. DarkMail may eventually be a
fundamental solution, but may be too ambitious.

The third is end-point security. It's crucial to use full-disk encryption, and
to avoid being exploited. That involves both software and wetware hardening.

But even that's inadequate. It's essential to compartmentalize unconformable
information in separate and isolated compartments. Isolation comprises all
aspects: devices, network and Internet connectivity, communication partners,
and so on.

~~~
unsignedint
I like to also add an anonymous recipient feature present in OpenPGP. (-R or
--throw-keyid for GnuPG) to strip metadata. (Supported at least on GnuPG for
encryption/decryption, and Mac version of PGP for decryption. For some reason,
not on Windows.) Also, implementations like GnuPG will allow recipient ID to
be spoofed, but even less implementation will support it.

I believe using this in conjunction with some garbage recipients (with a
secret key thrown out immediately after the creation of a public key) will
randomize metadata quite well for OpenPGP.

EDIT: clarified option switch is for GnuPG

------
droope
The crypto war is not being waged by apple or google, that is ridiculous!

------
guard-of-terra
This time we should not fear of loud laws, but of silent subversion. You can
no longer tell good guys from bad; everyone you trust can betray you. Forced
to make pacts with bad people, giving them everything of yours.

