9 March 2017

State of encryption, part II: Policy limbo


by Brad D. Williams

The past year has seen significant developments in encryption technology, policy and legal cases. With a new presidential administration and Congress, it’s timely to consider the current state of encryption and what the future could hold. This two-part series explores some of the core issues around encryption. Part I explored legal issues and the implications of recent cases on encryption. Part II surveys recent developments in and the current state of encryption technology and policy. 

President Donald Trump’s administration is still rounding out its cabinet and agency deputy appointees, as well as acclimating new National Security Advisor H.R. McMaster, who has not publicly expressed views on encryption.

Trump campaigned as a “law and order candidate.” On issues ranging from immigration to domestic crime and international terrorism, Trump aligned squarely on the side of law enforcement and the military.

Trump did not mince words on the February 2016 Apple vs. FBI case, telling Fox & Friends in February 2016:

But to think that Apple won’t allow us to get into her cell phone — who do they think they are? No, we have to open it up. I agree 100 percent with the courts …This is a case that certainly we should be able to get into the phone. And we should find out what happened, why it happened and maybe there’s other people involved. And we have to do that.

Later, at a Feb. 19 campaign rally in South Carolina, Trump called on customers to boycott Apple, telling the crowd:

Boycott Apple until such time as they give that information. Apple ought to give the security for that phone, OK. What I think you ought to do is boycott Apple until such a time as they give that security number. How do you like that? I just thought of it. Boycott Apple.

Trump’s first priority appears to be identifying leakers who are using Confide, an encrypted messaging app, to leak information to the media.

On Monday, Politico reported that White House Press Secretary Sean Spicer was conducting random phone inspections, supervised by White House lawyers, to identify leakers using Confide. Spicer instructed White House staff not to tell the media about the searches or meetings about the leaks. The story was leaked.

James Comey, who Trump has retained (even while criticizing) as FBI director but who is under pressure from both parties, is expected to maintain his stance on mandatory back doors in all encryption technologies.

Jeff Sessions, Trump’s new attorney general, appears to share similar views with Trump and Comey. In response to questions from Senator Patrick Leahy, D-Vt., during Senate confirmation hearings, Sessions wrote (p. 38):

Encryption serves many valuable and important purposes. It is also critical, however, that national security and criminal investigators be able to overcome encryption, under lawful authority, when necessary to the furtherance of national-security and criminal investigations.

Participants on a crypto panel at the RSA Conference 2017 in February scoffed at Sessions’ notion of “overcoming” encryption.

In a January 2016 op-ed in the Wall Street Journal, Trump’s new CIA Director Mike Pompeo (then a Republican Representative from Kansas) wrote that, “[T]he use of strong encryption in personal communications may itself be a red flag.” He wrote, however, that mandatory encryption back doors would “do little good.”

Adm. Michael Rogers, who looks to remain on as leader of the NSA and U.S. Cyber Command, has said he prefers “front doors.” Rogers thinks the U.S. “can create a legal framework” for accessing the data it needs for national security.

In Congress, the outlook is uncertain. In April 2016, after the Apple-FBI encryption case, Sens. Richard Burr, R-N.C., and Diane Feinstein, D-Calif., introduced the Compliance with Court Orders Act, which would have mandated encryption back doors. The bill was eventually withdrawn in the face of significant opposition and criticism, including being called “ludicrous, dangerous and technically illiterate.”

A second version was introduced as a “discussion draft” in September, but it stalled. Burr won reelection last year, but Feinstein left the Senate Intelligence Committee. The bill’s future is uncertain.

On the House side, Judiciary Committee leaders Bob Goodlatte, R-Va., and John Conyers, D-Mich., and Energy and Commerce Committee leaders Fred Upton, R-Mich., and Frank Pallone, Jr., D-N.J., formed the Encryption Working Group in March 2016, which released its year-end report in December. Based on months of interviews, the report proposed four points for further discussion.

Meanwhile, in June 2016, Rep. Michael McCaul, R-Texas, and Sen. Mark Warner, D-Va., released a report that endorsed the idea of forming a commission to study the subject further.

Current State of Encryption Technology

Encryption applies to data in three states: In transit, at rest and during processing. This article focuses on data on the internet and personal mobile devices.

More than half of all internet data in transit is now encrypted. A recent report by the Center for Strategic and International Studies estimated only 18 percent of global communications are encrypted, with that number predicted to rise to 22 percent by 2019. CSIS noted that “most email” is still recoverable by law enforcement because few use end-to-end encryption — which protects email in users’ inboxes and not just during transit.

On Friday, Google released an end-to-end encryption tool called E2EMail to the open-source community to encourage its further development and adoption. E2EMail enables OpenPGP encryption of Gmail via a Chrome browser extension built on an open-source JavaScript crypto library developed at Google.

Most data in transit on the internet is encrypted using Secure Sockets Layer (SSL) or Transport Layer Security (TLS). In recent years, researchers have revealed multiple vulnerabilities in and proof-of-concept exploits against versions of SSL and/or TLS, notably Heartbleed, POODLE and FREAK.

Most of the known vulnerabilities have available patches, although their implementation can be sporadic. For instance, The Register reported in January that 200,000 unpatched systems remain vulnerable to Heartbleed almost three years after a patch was issued. Outdated or poorly configured encryption technologies can leave user data vulnerable.

Additional risks arise from hackers exploiting cryptographic certificates. Sometimes the vulnerability to encrypted data arises from technologies unrelated to encryption, such as Google’s recent disclosure of the “Cloudbleed” bug illustrates.

In addition to exploiting SSL/TLS vulnerabilities, cybercriminals are increasingly employing SSL in their attacks. Some security appliances don’t — or can’t — inspect the content of encrypted network traffic, providing criminals cover.

Data at rest is usually located in the cloud or on devices. Cloud services often use some version of Advanced Encryption Standard (AES). For instance, to encrypt data at rest, Google Drive uses 128-bit AES, Dropbox uses 256-bit AES and Apple’s iCloud uses “a minimum of AES-128.” These services also use SSL/TLS with varying strengths of AES block cipher to encrypt data in transit.

While theoretically possible, it’s not feasible to brute-force crack AES-128 encryption. AES-256 is practically impossible, based on current technologies. Bigger concerns with AES arise from so-called side-channel attacks.

Cryptographic methods can become ineffective as computational power increases. Recently Google performed the first successful collision attack on SHA-1, an obsolete cryptographic hash function that was widely used in the Web’s early days. For years, cryptographers have urged retiring SHA-1 in favor of stronger hash functions, such as SHA-3 and SHA-254. Google’s attack demonstrates why.

Smartphone manufacturers are increasingly providing encryption capabilities for data stored locally. All iPhones, which are made exclusively by Apple, now encrypt local data by default. Android phones present a different challenge: Google provides the Android operating system, but different manufacturers make the phones that run Android. Encryption use has been inconsistent: Google tried to mandate device-level encryption, then backed down and has since tried again.

CSIS estimates that 47 percent of all devices now use encryption. In response, digital forensics companies continue to expand capabilities. Last week, Cellebrite announced a new service capable of unlocking iPhone 6 and 6+ models.

If adoption is rising, so too are the applications of encryption spreading. Signal, a widely used encrypted messaging app, just released beta support for encrypted video calls.

Tokenization continues to be widely deployed by financial institutions and payments processors, particularly for safeguarding credit card numbers. While not encryption proper, tokenization provides effective data security while overcoming many historical drawbacks to conventional encryption (e.g., slower processing, database field-length limitations, etc.).

Usually, data must be decrypted during processing. Security company Enveil, which presented at the RSAC17 Innovation Sandbox, claims to have developed a method of homomorphic encryption that would allow data processing without decrypting data. The idea has been around for 20 years but has not been feasible at commercial scale. Enveil’s technology, if proven, represents an industry breakthrough.

Some have warned of the threat that quantum computing and artificial intelligence could pose to encryption, but participants on the RSAC17 crypto panel said both technologies are likely to have “minimal impacts.”
What’s Next for Encryption Policy?

In a December 2016 “Paper for the Next President” on surveillance, the Center for a New American Society Senior Fellow Adam Klein wrote, “For now, there appears to be little prospect of a decisive resolution either way … absent a major terrorist attack or some other event that dramatically alters the political balance.”

During hearings last April after the Apple-FBI case, many in Congress seemed ready to stop discussing encryption back doors and enter “the next phase of the Crypto Wars” by exploring lawful hacking.

And in the event of a terrorist attack? In a blog post penned in December 2016, cryptography expert Bruce Schneier wrote, “it’ll be open season on our liberties.”

No comments: