Two things happened recently. One was the awful bomb in Manchester, the other was a minor inconvenience to me to make changes to my secure server to maintain my PCIDSS compliance (see previous blog).
The UK government has said that it's going to force all communications companies to allow encrypted data to be decrypted. This is not a good idea; let me explain why.
In our 65 million UK population, there are only a few would-be terrorists. The job of our security service, is to look for a needle in a haystack. There's two important rules in doing this. 1) Don't add a ton of hay to the haystack and 2) don't burn down the haystack.
The bomber, Salman Abedi, was known to the security services. He's been reported to the police several times for things he's said, but presumably they get tons of such reports, most of which they don't take much action on. Now add to those tons of reports, megatons of decrypted phone messages, facebook posts and tweets, and you can see what I mean about adding to the haystack.
But there's also the other side.
If you want to make it possible to decrypt people's encrypted messages, then you won't be able to use existing encryption systems, which are designed to be as difficult as possible to break, and which don't have third-party backdoors. You won't be able to use RSA for key exchange, or you won't be able to use DES, AES or any of the known-strong crypto systems. You'll have to design a new system. I'll give it a name. Let's call it Weakkey for key exchange; if you compromise the key exchange, then you can continue to use strong crypto.
So when you do the key exchange that starts off a crypto session, Weakkey will send a copy of the crypto keys to a third party for escrow (let's call this escrow agency UKGOV, for example). And then the end-to-end encryption will be done using existing strong crypto, and government will be happy, because they'll be able to keep a copy of the encrypted messages, and they'll have a copy of the keys so they can, if they want, decrypt it.
Which, of course, they will, because what's the point of having such a system unless you use it? If using Weakkey prevents even one bombing, that will be great.
So people like you and me will be able to use encrypted communications, but we'll know that UK Gov will be able to read our mail, and maybe we won't like that. Don't worry! I have a solution. The HTTPS protocol uses the strongest encryption available, because it's transmitting credit card data over the internet. So all I have to do, is use my browser to send an https-encoded message to you.
OK, then we'll have to include the encryption used by HTTPS in the Weakkey scheme. Now the evil bombers have no place to hide, yet internet commerce can still take place because it doen't matter if UK Gov can see your card data, they being so honest.
Until it leaks.
Because governments are as waterproof as a sieve. Remember Wannacry? That happened because the US government CIA developed a back door, and kept it secret ... until it leaked. More recently - the name of the Manchester bomber was leaked by the US, followed by crime scene pictures that should not just yet have been published.
Because here's a list if UK government data leaks.
And what will happen when Weakkey leaks?
My monthly PCIDSS compliance test will fail, because the crypto systems have been found to be insecure. And so will everyone else's. And companies all over the UK, will have to make emergency repairs to their secure servers, preventing the use of Weakkey and returning to ... to what? Anything that isn't Weakkey is (in the UK) illegal. So all ecommerce in the UK will come to a sudden halt. You won't be able to use Paypal, Amazon, internet banking. You won't be able to use your credit card online, except to non-UK companies, and you'll only be able to use it outside the UK if you're willing to use illegal (non-Weakkey) systems.
And that's what I mean by "burn down the haystack".
Something must be done! Hmm... this is something, therefore we must do it!ReplyDelete
Ironic that UKGOV would fine organisations who leak customer data because of weak encryption or poor encryption use/policy. The ICO recommends using encryption!ReplyDelete