The war on security took another step forward. The US senate is holding hearings with Facebook on their end-to-end encryption plans.
The Facebook side of the war on security is continuing. US senators are holding hearings on what Facebook encryption is. Senators say that they are concerned that if Facebook uses encryption, law enforcement will suddenly be unable to catch “the bad guys”.
In response, senators are demanding that Facebook implement backdoors for law enforcement. The mythical idea is that Facebook should be able to compromise their encryption for law enforcement. At the same time, the encryption should be secure to keep out every other bad actor. Of course, such an idea has long since been debunked by the security community, but that isn’t stopping senators with less knowledge on the subject from demanding it anyway.
Facebook even faced a threat from at least one lawmaker who said that if Facebook didn’t cave into these impossible demands, then lawmakers will legislate them into it anyway. For many observers, there is a lot about the hearing that was simply unproductive. At the same time, the hearing wasn’t a complete waste of time. The EFF (Electronic Frontier Foundation) says that there are some takeaways from the committee hearings. From the EFF:
The first witness was Manhattan District Attorney Cyrus Vance, Jr., who has called for Apple and Google to roll back encryption in their mobile operating systems. Yet by his own statistics, the DA’s office is able to access the contents of a majority of devices it encounters in its investigations each year. Even for those phones that are locked and encrypted, Vance reported that half could be accessed using in-house forensic tools or services from outside vendors. Although he stressed both the high cost and the uncertainty of these tools, the fact remains that device encryption is far from an insurmountable barrier to law enforcement.
As we saw when the FBI dramatically lowered its own estimate of “unhackable” phones in 2017, the level of security of these devices is not static. Even as Apple and Google patch vulnerabilities that might allow access, vendors like Cellebrite and Grayshift discover new means of bypassing security features in mobile operating systems. Of course, no investigative technique will be completely effective, which is why law enforcement has always worked every angle it can. The cost of forensic tools may be a concern, but they are clearly part of a variety of tools law enforcement use to successfully pursue investigations in a world with widespread encryption.
Meanwhile, even as Vance focused on the cost of forensic tools to access encrypted phones, he repeatedly ignored why companies like Apple began fully encrypting their devices in their first place. In a colloquy with Senator Mike Lee, Apple’s manager of user privacy Erik Neuenschwander explained that the company’s introduction of full disk encryption in iOS in 2014 was a response to threats from hackers and criminals who could otherwise access a wealth of sensitive, unencrypted data on users’ phones. On this point, Neuenschwander explained that Vance was simply misinformed: Apple has never held a key capable of decrypting encrypted data on users’ phones.
Neuenschwander explained that he could think of only two approaches to accomplishing Vance’s call for lawful access, both of which would dramatically increase the risks to consumers. Either Apple could simply roll back encryption on its devices, leaving users exposed to increasingly sophisticated threats from bad actors, or it could attempt to engineer a system where it did hold a master key to every iPhone in the world. Regarding the second approach, Neuenschwander said “as a technologist, I am extremely fearful of the security properties of such a system.” His fear is well-founded; years of research by technologists and cryptographers confirm that key escrow and related systems are highly insecure at the scale and complexity of Apple’s mobile ecosystem.
The EFF goes on to say that the hearing demonstrates worrying posturing on the part of lawmakers. They hope that congressional lawmakers will see through what happened in the senate.
With respect to EFFs first point, a lot of this certainly rings true. As many in the file-sharing and DRM (Digital Rights Management) scene will know, making something completely hack proof is completely impossible. There have been countless companies that have stepped forward to declare their DRM completely impervious to hacking and tinkering. The end result has been that this has the stereotypical effect of a red flag to a bull. Often, DRM gets cracked within hours of a commercial release. In many cases, DRM gets cracked even before the commercial release thanks in part to hackers pre-release access they so often have.
The question is, why would cell phone security be any different? At best, security represents a deterrent for 99% of those who ill-intent. This leaves only the absolutely most determined and resourceful entities. There will always be a way to crack something. All it takes is knowledge, skill, and time. This perspective puts into question law enforcement’s position that encryption is this monolithic impervious force that will stop all investigation in their tracks. As a result, it brings up the idea that law enforcement is just looking for shortcuts regardless of consequence.
With regards to the second point, the skepticism about a master key is certainly well-founded. For those who know about DRM on optical disk media or video game consoles, this should be pretty familiar territory. When Blu-Ray came out, there was DRM encoded on each disc. While individual discs could be cracked, that crack would theoretically be only good for that particular disc. The weakness in the system is the fact that there was a master key. That master key mysteriously showed up in the comments section of a website devoted to cracking the DRM which compromised the whole DRM system. As a result, Blu-Ray was permanently cracked.
So, given the history of encryption that utilizes a master key, it is quite reasonable that such an idea would be greeted with wide eyes and vigorous head shaking. Those who know the history of such a system would know that on something with such widespread adoption as cell phones, such an encryption system would be a really bad idea.
Perhaps another troubling aspect in all of this is the fact that this isn’t the first hearing Facebook had to face over it’s plans to better secure its communications. Back in October, UK MPs summoned senior Facebook rep, Nick Clegg. Clegg was summoned by the Science and Technology committee in a move that many observers described as “extraordinary”. Again, the theme was trying to pressure Facebook into abandoning its plans to encrypt communications.
In all of this, lawmakers are trying to pressure Facebook (and, indirectly, others) into implementing something that is technologically unfeasible. Some are convinced that, because they are “innovative”, they’ll somehow magically come up with a technological solution in all of this. The problem is, if Facebook does cave to pressure, they’ll either come up with something that won’t actually work that well or they will simply leave their entire user base exposed with no encryption at all. It’s ultimately a demand that cannot be adequately fulfilling for all parties involved.
Drew Wilson on Twitter: @icecube85 and Facebook.