Secure Messaging

Andrew Jeffery
Aug 9, 2017 · 4 min read

I am concerned about the views expressed in recent months by the Australian federal government regarding encryption technologies and communication, and the lack of information on the means of access.

The government’s rough position is captured in this press release:

https://www.attorneygeneral.gov.au/Mediareleases/Pages/2017/SecondQuarter/Tackling-Encryption-and-Border-Security-key-Priorities-at-Five-Eyes-Meeting-in-Ottawah.aspx

Extracts like:

I will raise the need to address ongoing challenges posed by terrorists and criminals using encryption.

seem to indicate that there’s a belief that encryption is discriminatory: That encryption used by terrorists and criminals can be different from that used by non-terrorists and non-criminals, to the point that encryption used by terrorists and criminals can be compromised whilst that used by non-terrorists and non-criminals cannot.

This is not how cryptography works.

However, if it did, there is still a concern: People transitioning from non-terrorist, non-criminal status to criminal or terrorist status. Supposing that the non-terrorist, non-criminal’s communications were secure even from the government, it’s hard to imagine that the subject would stop using that secure mechanism in their transformation to terrorist or criminal. If they do not stop, then by definition the government cannot access their communications. Assuming all of their communications are secure this may prevent intelligence organisations from learning of their transition, which is counter to the organisations’ wishes.

So, alternatively:

The government’s position could be read as wanting to weaken cryptography for all users, including non-terrorists and non-criminals. This is in itself concerning, for several reasons concerning scope — what does the government want to compromise? There are a number of axes:

1. Cryptographic building blocks
* Symmetric or asymmetric ciphers
* Cryptographic hashing functions

If the answer is core cryptographic building blocks, there’s still a question of how, and which building blocks. Regarding how, compromise by research is fair game, and indeed impressive if this is a proposed approach. However I suspect given success is not guaranteed that this is not the avenue of attack. If the answer is not research to break the protocols, then the government is attempting to put the cat back into the bag: Attempts to engineer vulnerabilities into existing, unbroken-or-hard-to-break protocols will not get traction, and communications using these protocols will tend to remain protected.

There is an alternative to attacking the core mathematics:

2. Attacking implementations of cryptographic protocols
* OpenSSL
* BouncyCastle
* libgcrypt
* NaCL
* libsignal-protocol-*
* Proprietary libraries

The issue with this approach is fragmentation: If an implementation is compromised it risks being swapped out with an alternative implementation, potentially of the same algorithm. The swap may re-initiate secure communications for the users (depending on the key scheme it may force generation and confirmation of new identities). This approach begins to suffer the problem of scale, and any uncompromised library means secure messaging is still available to anyone who needs it.

3. Compromising companies, applications and platforms using cryptography
* Facebook
* Google
* Apple
* OpenWhisperSystems

If compromising cryptographic libraries began to suffer from scaling issues, then compromising companies, applications and platforms takes this suffering to new levels. Each must be compromised on a case-by-case basis to enable large-scale, passive surveillance. This compromise may be by technical means, or by legislation. The problem with a legislative approach is that there will be platforms that are outside of the jurisdiction of Australia or its Five Eyes partners and therefore uncooperative. The problem with a technical approach is non- homogeneity, and the potential for missing huge swathes of communications.

Issues 1. to 3. are listed in order of descending catastrophe. Purposefully compromising core cryptographic building blocks can open the door to anyone breaking the protocol, not just the Australian government. Unfriendly nation states or bad actors could obtain the capability to read communications of the world, where communications range from cat pictures sent via secure messaging apps to the technologies that manage the fundamentals of a country’s economy and national security. This sounds grandiose but is not an overstatement.

“The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia” is patently false. The laws of mathematics are independent of political lines.

Compromising cryptographic libraries is similarly disastrous, but the damage is constrained by the adoption level of the libraries in question. Compromising companies and their platforms will likely drive lower use of the platforms and therefore generate lower coverage.

In my opinion none of these options are sensible, and some are infeasible or impractical for the aim. I am against the enablement of large-scale surveillance alluded to by the government’s comments even in the face of claimed terrorist threats. What we need to fight issues such as terrorism is creativity, not bland, mindless law-mongering. Secure cryptography is a fundamental building block of a modern, functional society. It is not healthy for the government to distrust its own population at large.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade