Cooler heads needed in heated E2EE debate, says think tank End-to-end encryption (E2EE) has become a global flashpoint in the ongoing debate between the security of private communications versus the need of law enforcement agencies to protect the public from criminals. The Register has written at length about this increasingly strident back-and-forth that is seeing proponents of both …
-> governments that may want to spy on and suppress their citizens
We saw with Covid how the 'free' press and the 'free' internet effectively closed off debate about Covid, and how we mere earthworms must accept the 'wisdom' of those in power. There was only one point of view, and if you didn't stick to it you were accused of spreading false information.
RIPA? Remember that? Supposed to be used for terrorists and serious crimes? How about being used to see which parents managed to get their children to a better school?
I do not trust the government one inch.
Sounds like he was unhappy that there were sites that chose to diminish his ability to spread conspiracy theories like "masks don't work" and "the vaccine is killing thousands of people". Based on their own freedom of speech, sites have the right to decide what speech they don't want to amplify.
I'd ask him where governments were preventing him from spreading his drivel, but he'd just mumble something about Twitter being a "town square" or claim he was shouted down by other citizens in a local city council meeting for claiming that wearing masks is suffocating his children's brains of oxygen.
And here we go with the hyper polarisation. It seems we just cannot help ourselves.
Is there no space for a more nuanced conversation?
It is well known among the YouTube channel set that even mentioning the "coof" in passing can get your videos demonetized or worse have videos removed. I realise that the likes of Google et al are trying to deal with the worst excesses of the internet loonies, but actual debate (even hearing alternative opinions from qualified professionals) is very frequently swept up in that process. This is leading to posters coming up with all sorts of code words for these things in order to just mention the subject in passing. It's pretty depressing.
"Is there no space for a more nuanced conversation?"
Literally everywhere? Here, for example? It's not our fault that some of the people who choose to post aren't at all nuanced, and some people are pretending to be when they're clearly not. The Register hasn't banned anyone. And if they did, it's still not a problem, because there are lots of other places that don't and you are entirely within your rights to go over there for whatever kind of conversation you want. I participate on multiple online forums, each with different rules. Find the ones you like and go talk there.
Nuanced conversation is all well and good, but you can't have nuance around security... it's hard enough to do security well, let alone when trying to ensure that your black paint scatters 99% of incoming light.
There aren't many things that are black and white - but encryption is one of those things:
- Either communications are encrypted at source, and only able to be decrypted at the destination OR
- they are not effectively encrypted, and may as well not be at all
Surely the best way is to ensure e2ee and then, as the service provider create a second layer of encryption over that. Thus my e2ee service will nor know your keys but will ensure that the transport layer data is securely overencrypted.
So when HMG or similar or quasi-legal entities request access we can deliver that on proof of warrant. This will protect against casual hackers whilst ensuring that your already encrypted messages are secure against attack <g>.
Thus we can protect against non authorised interception whilst leaving your safety in your own hands...
And for a small extra fee we can produce significantly different large prime numbers preventing against near prime number identification.
How could this be an issue?
"E2EE essentially encrypts messages at every step of the journey in cross-communications"
That's not well worded.
Essentially it encrypts messages *once* at the start of the journey, and they remain encrypted all the way to the end, where they are decrypted by the recipient.
If you want to break it, it has to go at either endpoint. Phone to Facebook? Capture it at Facebook. Phone to Phone? You have to capture it at one of the phones.
How about a sweepstake on when the first one makes it? Betting options:
1. when hell freezes over
2. not in my lifetime
3. when a Boltzmann brain mandates it
4. When a tart with a heart of gold opens a hose of ill repute
5. when horse feathers become a commodity
It's been done already. Dictators have quite often obtained their power by violence or stealth, but although it's less common, history includes dictators who got into power by winning a fair, democratic election. The countries usually didn't stay democracies much longer, because history has even more examples of aspiring dictators who didn't figure out how to subvert the democracy and got voted out before they could entrench themselves.
Ancient Rome was in the habit of assigning a dictator to deal with an emergency. For example when Italy was invaded by Hannibal and his troops they installed Fabius Maximus to deal with the emergency as dictator:
"Fabius's tenure of the dictatorship in 217 was his second term in that office, with Gaius Flaminius as his deputy"*
But, of course, the Romans returned to their version of democracy (voting by male free citizens only) after the emergency had been dealt with.
* https://en.wikipedia.org/wiki/Quintus_Fabius_Maximus_Verrucosus
Stay tuned for the possibility of aspiring dictators who didn't figure out how to subvert the democracy and got voted out before they could entrench themselves, but yet somehow managed to secure reelection so that they might have another go at it.
E2EE is not terribly hard to implement. If the major services are banned from offering it then first there will be some smaller players offering it (such as Signal). If those are banned as well then there will be FOSS packages to make it easy to operate your own private E2EE network - handily packaged for your local terrorist cell to start using. Sure key distribution is hard, but the only people who will suffer from that are ordinary law-abiding people. The horsemen of the apocalypse will be happy to spend time and money doing secure key distribution for their illegal stuff. The only people who will suffer are the law-abiding.
And if that happens, then all the lovely traffic data that is visible today will disappear underground as well.
If I may disagree, E2EE at a system level is very hard to implement. For example, it seems likely that most mobile phones have screen capture and OCR available to governments so the Signal app may prevent in-flight reading but probably is vulnerable at both endpoints.
I suspect most 4G multi-cpu modems in phones are back-doored to be able to read and write to system memory. Its the most logical place to put the surveillance, as like the intel management engines and the AMD equivalent, they are all closed source, and present on all hardware, and can't be disabled without limiting functionality so people won't or can't. We have historical examples of it already from the Samsung S3 for example.
I do wonder if this E2EE debate is a pure distraction play, and that the governments don't need it, but want the debate to focus on this irrelevancy, where if they do get access it might make it easier or cheaper, but ultimately doesn't interfere too much with their operations.
Which still leaves open the reality that those who actually need serious comms security (for good or ill) will take serious steps to ensure they have it.
The losers will, as usual, be the foolish, and the ordinary folk who get stomped on by the rich and the powerful.
> For example, it seems likely that most mobile phones have screen capture and OCR available to governments so the Signal app may prevent in-flight reading but probably is vulnerable at both endpoints.
What happens once the communication has reached its endpoint is, by definition of what end-to-end means, outside the purview of E2EE systems. That's SEP. I can always take a photo of someone's screen, or even ask them (with the help of a rubber hose) and they could tell me verbally what the message they received was.
I think the stake for a place in the argument for anyone arguing against has to be the willingness to post online their login credentials for their bank, shopping sites, social media, work etc. We need that to be able to see the extent to which they understand their "If you've nothing to hide...." mantra.
The executive summary says "At the forefront of the discourse is a false dichotomy between protecting privacy and ensuring national security. ... On the privacy side, it is believed that governments and law enforcement agencies desire unrestrained exceptional access to EZEE communications to spy on their citizens." If that's what they believe that to be the whole of the privacy side then it certainly is false. The essence of privacy isn't just to protect against governments and law enforcement to spy on their citizens - it's to protect against anybody spying on anyone.
Although they then go on to say that the issues are more nuanced letting that misleading summary of the argument stand unmodified in the executive summary - and in the first paragraph which might be the reading limit for some skimming the report - is seriously misleading. It's just asking to be quoted out of context.
Unless the government has control over the apps you run on your phone and your computer, you will always have the ability to use something with E2EE.
Do they just want to make it harder to access by blocking big tech companies from supporting it, so the default will be people not using E2EE or do they really want to go down the road of controlling everyone's PC and smartphone? Even Putin isn't able to do that. They might need to hire whoever set up the Great Firewall.
The debate about whether SERVICE PROVIDERS (e.g. FB, WhatsApp, Signal, etc) should provide E2EE is interesting........but completely irrelevant.
(1) Any group can implement private encryption, such that all messaging within the group will be encrypted BEFORE MESSAGES ENTER ANY PUBLIC SERVICE.
(2) This private encryption scheme can deploy the Diffie/Hellman algorithm to ensure that there is a unique random key for every message AND THERE IS NO PUBLICLY SHARED KEY. Not only that, but the sender and the recipient of such a message DO NOT KNOW ANYTHING ABOUT THE ENCRYPTION KEY.
(3) Groups with technical skill will be able to do this relatively easily. Banning this approach will be impossible.
So......even if the E2EE scheme implemented by the service provider has some backdoor (for the "authorities"), then all the authorities will find spewing out of the backdoor will be more encryption!!! ....and not the plain text messaging which they expect.
Ref: Applied Cryptography, Bruce Schneier, ISBN 978-1-119-09672-6
"sender and the recipient of such a message DO NOT KNOW ANYTHING ABOUT THE ENCRYPTION KEY."
That's not true. The sender needs the key to encrypt the message, and the intended recipient needs the key to decrypt it. This is still true even if the encryption is done on pen and paper and the resulting gobbledygook is typed into the device, which I think is what you're getting at.
Diffie Hellman key exchange allows 2 parties to agree on a common encryption key by only communicating information that doesn't reveal anything about the key.
"That's not true"
Really? If the DH exchange is done by two software clients, the secret key will be calculated twice, once by the sender SOFTWARE, and once by the recipient SOFTWARE. In both cases, the secret key will exist only for a fraction of a second....before being destroyed.
......and of course, the SOFTWARE does not need to disclose the secret key to the human user.
......and of course that means that when PC Plod turns up demanding disclosure of the secret key, there will be quite bit of bother, and quite a bit of confusion.
Sadly this is not true.
While Applied is indeed a great read, and so is Practical - by the same author.
The level of knowledge required to implement side channel resistant construction of the standard algorithms is well beyond the average reader.
Applied predates ECC and doesn't discuss equal cost branching, it's a great book, but don't roll your own crypto.
Use the peer reviewed code base from the Dublin Professor of Cryptography.
Here is his publications list - https://dblp.org/pid/s/MichaelScott.html
Here are opensource implementations in multiple languages, https://github.com/apache/incubator-milagro
if you really must roll your own, use the output of an actual cryptographer, and don't just type code out of Applied/Practical.
@sed_gawk
This is the usual - and sensible - advice.
But given the widespread attacks on privacy by both governments and big business, this usual - and sensible - advice is of little use to private individuals. In fact, this advice boils down to "no privacy -- suck it up".
If the alternative is to use the help of Bruce Schneier, then so be it! If the alternative is to use the Diffie/Helman algorithm to generate random (and unique) secret keys for every message, then so be it!
As an aside about "roll your own", I've been impressed by the relative success of Thomas Beale, who managed to encrypt three documents in 1822 - and two of these papers remain uncracked to this day. Thomas Beale was not using the skills of expert cryptographers, nor did he have access to advanced mathemantics. He used a book cipher!!! (Ref: Simon Singh, The Code Book ISBN: 0-385-49532-3) A modern book cipher might use a huge concordance of English words indexed with random keys. This would not be too hard to program.
And - returning to the subject of privacy - the goal of encryption is not the sort of privacy achieved by Thomas Beale, the goal is for a private message to be private for reasonable amount of time ("reasonable" defined by the group using the encryption). Not perfect, eternal secrecy......
Not saying suck it up, I'm saying go direct to the source - Schneier is fantastic, as is Scott.
I'm saying Micheal Scott et al, wrote that code, and specifically wrote high quality code that you can use in various languages. There are AEAD implementations and it will run on bare metal.
There are multiple test vectors, and the specific code was provided to Apache Foundation.
It's not the fastest code, but it was written by an actual reputable cryptographer relatively recently.
So use that code if you need it, cross check the outputs from multiple different language implementations .
YMMV but in any case best wishes
Encryption is a mathematical process. You either have have true E2EE for communications in things like banking or you don't, you don't get to put in exceptions for law enforcement.
I'm sure that the construction industry would like to be able to modify gravity at a local level to make their jobs easier whilst putting up buildings but you don't hear politicians arguing that gravity must be susceptible to modification for the construction industry's benefit and yet they still insist that mathematics should be susceptible to modification for the police and security services benefit. Just how stupid are these people and if this is exemplar of their level of intelligence perhaps it's time we found a better way to govern a country?
Now if you'll excuse me I need to go and modify the gravitational constant of the universe, I'm building a 1:1 scale model of the great pyramid of Giza this afternoon!
...The main reason we collectively started looking at E2EE was because governments and security service were caught with their hand in the cookie jar already:
"The growth in popularity of E2EE was a direct result of the Snowden revelations in 2013, which sparked fears about global surveillance and the mass collection of
personal data by intelligence agencies around the world" (page 11)
Around 5,000 BC, writing a message on a piece of dried clay or dead bullrush was enough to guarantee E2EE for all but the messenger.
Around 1800 simple letter-shift cyphers baffled the enemy.
Around 1900 some genius invented one-time pads. Meanwhile military ciphers began to get into their stride, especially when transmitted via Morse code.
Somewhere in the middle of the twentieth century, the scrambler phone came into use. No diplomat, warmonger or spy could be without one. Meanwhile, US Navy pilots over the Pacific did all right talking Navaho to each other over the radio.
Then Germany's reliance on Enigma elevated E2EE to a whole new level.
Eventually some bugger invented the Internet and the authorities decided that E2EE was no longer acceptable. Quite how they expected to secure their own military, diplomatic and intelligence communications made quite an impressive bulge under the carpet. When the carpet proved too small and it escaped to the back of the room, making loud trumpeting noises through its trunk, they declared loudly, "that's irrelevant!" and Groucho Marks' ghost took a bow.
All these computer literate people are so binary in their thinking it’s 2022 already! They all think a compromise on security means that the security is compromised. Nothing could be further from our hearts when we think of the children. We only want security for them especially from the nasty people who want to indoctrinate them into believing 2+2=4.
Most of us are lucky enough enough to live in societies that have a legal system based on "innocent until proven guilty", unfortunately that belief belongs to a time when a stranger was simply someone you didn't know yet. Modern society, particularly in the UK and the US has shifted to believing that a stranger is a threat and that is incompatible with the presumption of innocence. If you are innocent, then nobody has a right to intercept or interfere with your communication. If you are a threat, then the state must protect itself from you by any and all means available. So, which society do you want to live in?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
