A MESSAGE FROM OUR FOUNDER AND CEO -
The disaster that is government encryption policy continues to amaze me. The struggle is much like watching a clown car unload a hysterical shower of wacky painted faced comedians. The two current proposals from anti-encryption advocates are clown ideas that only a pie throwing contest with huge squeaky shoes could top.
The first proposal is "crumple zone" encryption. The concept is simple; provide encryption that is strong enough to withstand assault from private sources but weak enough that governments can break. The idea was labeled "crumple zone" after the part of an auto, usually the front and rear, designed to crumple easily in a crash and absorb the main force of an impact. When applied to encryption; the crumple zone is a large key that would, in theory, cost millions of dollars to break. Thus, government and law enforcement would try to avoid having to break lots of keys since they would also break their budget.
However, the "crumple zone" concept crashes on two factors. The first factor is this concept has been tried before and failed. The implementation of intentionally weak keys that only government could break was imposed during the Clinton years. In the 1990s, US regulators limited the key size on export software in order to provide access to the intelligence and law enforcement agencies. Technology, however, never stands still for such limits despite the fact that millions of computers were equipped with the castrated security.
In March 2016, security researchers Nimrod Aviram and Sebastian Schinzel announced the DROWN attack - “Decrypting RSA using Obsolete and Weakened eNcryption". Basically, the limited key sizes from the 1990s still in use were breakable using modern hardware. At first, the cost was $18,000 per key then it dropped to $400 finally, with the introduction of faster "bit coin mining" GPU configurations and commercial cloud computing the cost was reduced to a few cents for a real-time decryption of traffic. Thanks to dumb idea number one - limit the key size - about 33% of all secured web sites were vulnerable to the DROWN attack.
The lesson of the DROWN attack is setting arbitrary limits on today's production code will become tomorrow's mass exploit that criminals and hackers will use to grab your credit card with minimal resources. The limits placed by narrow minded bureaucrats in the 1990s cost millions to fix, added to the crime rate and many sites remain vulnerable to this day. If you must rely on the down-level key size software for financial security stand by for the North Korean Army to be smashing your customer accounts in no time.
Now even though "crumple zone" encryption does not meet the crash test of tomorrow's computing resources there is another logical hole that re-enforces the idea as a major failure. The "crumple zone" is designed to cost the government loads of money and limit the decryption to a few targets by budget alone. Yet, the government already spends loads of money targeting a limited number of individuals using hack attacks based on flaws inside operating systems. So, for all practical purposes, the government does not need a "crumple zone" castration key if it already uses expensive exploits to target an individual.
So why offer "crumple zone" as a solution? Well, to be honest, other than grabbing FBI grant money and putting up an obsolete concept that failed once before, I am not sure there is a point. It might be useful to a government for mass surveillance if it was also equipped with a multi-billion dollar budget, top secret supercomputing powers and a willingness to ignore the Constitution. However, we all know that (N)o (S)uch (A)gency has the combination of money, super-computers and a morally corrupt nature to undertake such an illegal operation.
The second proposal from the anti-encryption brigade is a variation on the back door key idea. In this case, the Department of Justice has teamed up with MIT and a think tank of scientists to cock up an internal back door. Basically, the encryption protecting a cell phone is under the user generated passcode that secures all the data. The new-old back door idea is to generate a special access key that will unlock the cell data without the user passcode. The back door key would be stored on the device and is itself encrypted with a skeleton key held by the manufacturer. Thus, according to the think-tank, the data is safe from bad guys but available with a court order to good guys.
This new-old concept is still just as bad as the old-old concept. The manufacturer who holds the skeleton key becomes the target of every criminal, international spy, military agent and nefarious lawyer. The manufacturer also becomes liable to not only law enforcement but to any failure in the cell phone software, hardware or insider threat physical access that breaks into their store hold of skeleton keys.
One can argue that no such thing could happen and one could also argue that rainbow ponies are real and they shoot golden nuggets after lunch. The CIA, FBI and NSA have recently suffered from massive breaches all due to the insider threat. The leaks that brought us the NotPetya virus were from secret NSA software that somehow was stolen or lost. The Vault 7 spyware on Wikileaks is a massive treasure trove of espionage tools used by spooks at Langley also brought to us by a leak at the CIA. The leaks that breached the FBI counter-intelligence operations against Russia were due to an insider bought and paid for by the KGB; Robert Hannsen, a decorated FBI veteran who sold out his country for money.
The history books are filled with recent names such as Ames, Pollard and Walker, all insiders who sold out the highest level of secrets to the enemies of America. Now, thanks to the efforts of the Department of Justice, the US government would like to add to the list of dammed traitors, spies and turncoats who will sell the secret skeleton keys to the highest bidder. These skeleton keys are not part of a multi-billion dollar security agency with the highest secret access mechanisms; instead they will be held by some silicon valley company which may go out of business next week.
If anyone in government ever tells you that they can keep back doors safe from bad guys just say two words to them: Edward Snowden. If Snowden could walk out of NSA HQ with the crown jewels an even more evil future Snowden could walk out with the keys to the entire nation. The point is very clear. One mole and we're all sunk.
Lesson one for President Trump: Back doors are a suicide note. Reject them because a bad guy will use them against us.
Of course, it could also happen by mistake. One fine example is Trustico. Trustico was a UK-based reseller of TLS encryption certificates issued by the browser-trusted authorities Comodo and Symantec. One day, in response to an annoying associate, the CEO of Trustico sent an email which contained the private keys of 23,000 certificates. News Flash - this massive security breach is brought to you by the expert you paid good money to provide security.
The first rule of encryption is never keep the keys lying around. The second rule is never to brag you keep the keys lying around. Clearly, the CEO of Trustico broke both rules in one fell swoop. Certificate Authorities are not permitted to keep the customer keys. According to Trustico, it kept the private keys in "cold storage" which is a way of saying they were in the Fridge next to the frozen broccoli.
Now just when you think things could not get worse for Trustico, at the same time the email story broke a researcher revealed a serious security flaw in the Trustico web site that would let attackers gain root privileges on Trustico's servers and execute arbitrary code. Translation: Now everyone had access to the "cold storage" containing the keys and the broccoli.
The Trustico incident is a clear demonstration that even the best laid plans of encryption security can be foiled by stupid. The Department of Justice in its zeal to enforce the law and bust criminals is again making a layer cake of folly that will leave a bad taste. The new-old back door plan is complex, less secure and dependent on idiots making the right choices all the time. The CEO of Trustico, a very rich guy whose very life blood depended on information staying secure made the wrong choice in a fit of anger and frustration. So what are the odds that an underpaid engineer living on cat-food and promises of a 10% cut in wages is going to make the right choice?
The government struggle to find a way to give good guys access while keeping the bad guys out is a fool’s errand. The software and hardware is not smart enough to recognize a hacker in a hoodie much less Robert Hannsen in a business suit with his FBI badge. The reason why encryption is so powerful is because it locks everyone out at the will of the owner. It is up to the owner to decide who should or should not have access.
In some nations, the back door access is a hammer across the knee cap. In other nations, simple use of encryption will get you the firing squad. In America encryption has been in use since 1775 when our nation was born. Perhaps one should reflect on the fact that in 1775 King George killed those who used encryption in America. The founding fathers knew of this technology and used it for personal protection. They made no provisions in law or the Constitution to restrict, forbid or deny the use of encryption. This was no oversight.
CHARLES R. SMITH
CEO FOUNDER OF SOFTWAR INC.