New National Academies Report on Crypto Policy

The National Academies has just published "Decrypting the Encryption Debate: A Framework for Decision Makers." It looks really good, although I have not read it yet.

Not much news or analysis yet. Please post any links you find in the comments, and I will summarize them here.

Posted on February 16, 2018 at 9:17 AM • 27 Comments

Comments

Tony H.February 16, 2018 2:41 PM

It may well be very good. What I find amazing, though I guess I shouldn't by now, is that I can't identify a single non-US contributor in it. Well sure, if this was some classified memo to the NSA or something, but does a body like the US National Academies really need to pointedly take no input from the rest of the world? Like the US courts (they virtually never refer to decisions from other countries in their reasoning) it seems like Not Invented Here syndrome writ large.

DGFebruary 16, 2018 4:07 PM

New National Academy of Sciences Report on Encryption Asks the Wrong Questions
https://www.eff.org/deeplinks/2018/02/new-national-academy-sciences-report-encryption-asks-wrong-questions

The report collapses the question of whether the government should mandate “exceptional access” to the contents of encrypted communications with how the government could accomplish this mandate. We wish the report gave as much weight to the benefits of encryption and risks that exceptional access poses to everyone’s civil liberties as it does to the needs—real and professed—of law enforcement and the intelligence community.

and

...We described what we saw as “three truths” about the encryption debate: First, there is no substitute for “strong” encryption, i.e. encryption without any intentionally included method for any party (other than the intended recipient/device holder) to access plaintext to allow decryption on demand by the government. Second, an exceptional access mandate will help law enforcement and intelligence investigations in certain cases. Third, “strong” encryption cannot be successfully fully outlawed, given its proliferation, the fact that a large proportion of encryption systems are open-source, and the fact that U.S. law has limited reach on the global stage. We wish the report had made a concerted attempt to grapple with that first truth, instead of confining its analysis to the second and third.

Lets not accidentally endorse escrowed encryption.

albertFebruary 16, 2018 5:05 PM

@Tony H.,

"...Like the US courts (they virtually never refer to decisions from other countries in their reasoning)..."

Don't be a meanie:)

US Courts -must- confine their decisions to US case law*, just like courts in other countries.

Besides which the US isn't obliged to follow international law if we don't want to, and we certainly don't need advice from other countries(no offense if you are a citizen of another country)

Why the NAS doesn't take input from other nations is a question you should put to them.

--------
*in theory, that is.
. .. . .. --- ....

Mike BarnoFebruary 16, 2018 5:45 PM

@ albert :

...the US isn't obliged to follow international law if we don't want to...

If the "international law" in question is established through a treaty to which the United States government is a signatory, then yes, the USA is obliged to follow it. If the "international law" is some other agreement that the USA has not formally adopted, then the only consequence of noncompliance is opprobrium in the view of nations which treat it as international law.

There is a considerable amount of case law on the topic of treaty obligations that are seen as being in conflict with the USA Constitution or federal laws. But it's not as simple as "if the President thinks it's not in the nation's immediate interests, he can disregard it and do whatever he wants."

Clive RobinsonFebruary 17, 2018 1:20 AM

@ CallMeLate...,

"download as guest" doesn't work here.

When I tried it, it wanted you to create an account...

I have a policy with US sites that ask for my details, and it's a quote some political type thought up wgich is "Just Say NO".

Looking at the lawfareblog link @Will Morhler provided, they give a list of eight points. Of which the first is,

    To what extent will the proposed approach be effective in permitting law enforcement and/or the intelligence community to access plaintext at or near the scale, timeliness, and reliability that proponents seek?

Nothing short of "plaintext before it's sent", will meet the NSA FBI/DoJ, LEO "timeliness", with "from every place in the world connected or not", for "scale", and of course with 110% reliability (because the dozy-dopes believe "managment speak" ;-).

The simple fact is as I've said before there are ways to keep the idiots out of your "papers and communications" but they don't appear to recognize that as it does not fit in with their narative...

And that alone should tell you much of what you need to know...

So at some point expect ludicrous levels of punishment for not revelealing a key and plaintext. In the UK it was something like 6 years under RIPA though judges have been reluctant to convict let alone give more than short times in prison.

In part because of the "setup" asspect where somebody sends you an encrypted message to "frame you", that is one you have not seen or can not decrypt. Likewise in part because you are maybe just a courier/forwarder etc. But also with the realisation that you may never have possesed the keys and they are now long gone anyway or are beyond judicial reach. Likewise issues to do with "plaintext" nolonger being available.

It's not that hard for someone of nefarious intent to send something a users local automated spam filter removes and thus it's probable they never even saw the email let alone any attachment[1] it might have had. Even if you did what would you do with such an "armoured" --encrypted-- message any way, if you or your email systen do not have the key/keys, most would just delete it others just "park it" in a "junk/spam/unknown folder", a few might send a resend reply of some form etc.

What an entirely innocent individual might or might not do depends on many things. The one thing you can count on however, what ever they do, some lawyer with a smart mouth will make it sound like they are doing it for the worst of reasons...

For instance I do not do "social networking" like @Bruce I never have I'm of an age and disposition where it does not appeal. As you maybe aware for the likes of "Boarder Patrol" that is a sign of "bring guilty" as they see it as "not normal" behaviour (which says more about their limitations than anything else). Likewise as I tell people only half jokingly the "Negative Signal to noise ratio"[2] is the reason I gave up social email.

The problem is too many "geeks" think technology is somehow "magic" and thus will some how save them. It won't, in fact it's actually more likely to convict then. Even the almost impossible task of good OpSec will not save then either if they don't plan correctly. Because at the end of the day HumInt will get you unless you know how to mitigate it. HumInt is at the end of the day that soft squidgy mess of dealing with humans and all their weaknesses and selling then selves out along with everyone else they can for the biblical "Fourty pieces of silver" or even just to stop some one "squeezing their cohones". Even XKCD understands this with the $5 wrench.

The likes of LEO and IC entities have collective memory of what works in their favour here and you will get to hear of MICE etc to "get an in" then reenforce it till they have have a body to turn on their rotisserie. It's why the Mafia and other Criminal organisations are said to have codes of conduct/silence "Omerta" with disappearance after brutal tourture and murder being the sole punishment for breaching them.

It's mitigating HumInt that should be your first step the lessons of this are hundreds if not thousands of years old. Second you then need good OpSec the lessons of which go back to Queen Elizabeth I -v- Mary Queen of Scots in documented history and presumably a lot earlier. There are several other steps inbetween before you get to the technical stuff. Thus starting with thinking technology will save you is the wrong attitude.

However technology will destroy just as easily as any informant if you get it wrong. So the KISS principle should apply at all times as "Complexity kills" not just in secrecy/security systems but safety systems as well as industrial history has well documented.

One area to remember is that the more technical the solution the less deniability it has. Take for instance, strong authentication "fingers you". That is having a password / passphrase or crypto key in your possession is worse than your signiture on a confession.

I remember the grugq has similar views and he's generaly worth listening to[3].

As I've mentioned quite a lot and more frequently of late,

    You can not trust the technology when the security end point comes before the communications end point

Which is why I talk about paper and pencil ciphers as a way around the end point issue of modern technology (though look out for end run attacks).

But I also mention "Plain Text Codes" such as the "One Time Phrase" in it's various forms. Unlike ciphers that are designed to look like they are "random" thus stand out to even an untrained eye, the code phrase is made to look like innocent plain text, such as "Do you want to meet for a drink on friday" thus be indistinguishable to even the most trained of eyes.

Oh but you have to be careful what you say as well... Even proffesionals can get it wrong. Read the last bit of,

https://www.theglobeandmail.com/news/politics/naval-intelligence-officer-sold-military-secrets-to-russia-for-3000-a-month/article4603089/

It might make you smile at just how daft it was for the handler to say that.

[1] I once worked at a company with a world wide "tech support" email address that was well publicised. Back then the rule was somebody got the task of going through the inbox manually sorting out not just SPAM from real messages but then forwarding to various regional internal email boxes. For most people you can only imagine what we had to go through. Lets just say by number the actuall support messages were a fraction of a percent of the total, likewise they were usually those that sent the minimum of attachments. However it was also at a time when "HTML email" was starting to get sent, and likewise "image email" as some corporate marketing wonk would deem it the way to send a corporate identity etc... Lets just say you needed a strong stomach as some were just realy realy nasty.

[2] Yes, I know the signal can only go to zero not negative. But believe me when you have to go through what feels like infinite noise looking for a signal you quickly include your "search for signal" effort into the equation, thus negative infinity starts to look real, very real and just around the corner ;-)

[3] I could not find the article I was looking for when he was talking about using weak or apparently "oblivious authentication", so an OpSec article will cover some of it, https://blogsofwar.com/hacker-opsec-with-the-grugq/

Clive RobinsonFebruary 17, 2018 2:07 AM

@ Albert, Tony H, Mike Barno,

US Courts -must- confine their decisions to US case law*, just like courts in other countries.

You are forgetting that US law is not actually US in origin, but English law.

Thus yes they do have to take note of some but by no means all English court decisions.

But there is also the very real problem of "non primacy". The US has the very strange view point that it's law and it's executive has primacy as part of the rather silly doctrine of "American Exceptionalism". It's far from true and something US corporates are starting to find is a problem for them, and that it's only going to get worse a lot worse and most likely fairly quickly.

The most noticeable case was Microsoft and a less than bright judge over records kept on a server in the Republic of Ireland.

The judge rather stupidly decided that Microsoft should just hand the data over and made an order to that effect. Microsoft being a little more knowledgable about international law and that of both Europe and the Republic of Ireland quite rightly refused...

Under international custom and practice the law as prevelant in the Republic of Ireland took primacy over the records stored there. The fact they are electronic rather than paper makes no difference legaly. In such cases the way it is supposed to work is that the judge obtains expert opinion from a person who has sufficient standing in the law in the Republic of Ireland and takes it as given and acts accordingly.

It's similar to what has happened recently in the UK over the Laurie Love Extradition. The UK has certain standards for the keeping and treatment of prisoners, that the country requesting extradition must be shown to be the equal of. Thus in the simplest case if it is a crime where the requesting country or state has a death penalty then the extradition is quite rightly refused (because it stops backdoor executions of inconvenient people by the UK Government amongst other things). In less simple cases it is a question of "harms" and unsuprisingly the US jail system was judged to be a significantly more dangerous place and have insufficient health care etc. Thus it was more likely than not that Mr Love would have been harmed significantly and even have lost his life. Thus after consulting a person with standing over the US prison system the judge quite rightly refused extradition.

CallMeLateForSupperFebruary 17, 2018 7:50 AM

@Clive
"When I tried it, it wanted you to create an account..."

That seemed to be so, at first glance, but some of the text seemed to say that the document could be had by D/L as guest. Below the text, three big "buttons":
"sign in"
"create account"
"download as guest"
I understood those to be three distinct, unrelated options. Thus I ignored the first two (like you, I do not play the "sign up/in & give PI" game) and tried the third. No joy, but no error either.

At that point I suspected that the buttons required JavaScript in order to operate. But when I "hovered" over the button, an ordinary link, not the give-away "javascript" message I had expected was displayed at bottom of my browser.

So I moved on; life is too short to play "catch me, f**k me" with web page designers.

MrCFebruary 17, 2018 8:32 AM

I skimmed it. It's dreck. 100 pages of building castles in the air while completely ignoring:
(1) The *fundamental* technical problem that we simply don't know how to make a cryptosystem that's both backdoored and otherwise secure, quite likely because it's impossible.
(2) The *fundamental* legal problem that forbidding individuals from communicating with others or storing their papers and effects in a format the government cannot read is utterly unconstitutional, completely outside the historical scope of (Anglo-American) law enforcement powers (despite the disingenuous "going dark" rhetoric), and ultimately corrosive to liberty and democracy.

CallMeLateForSupperFebruary 17, 2018 8:50 AM

@Clive
"Nothing short of 'plaintext before it's sent', will meet the NSA FBI/DoJ, LEO "timeliness" [...]"

When one collects and correlates every statement LEs & TLAs have said on this matter, that (what you said) is the only possible conclusion. It's a case of "their meaning and intent lies not in what they state but rather in what they do not state".

"The simple fact is as I've said before there are ways to keep the idiots out of your 'papers and communications' [...]"

There is a "free lunch" here: the same methods can also keep the odd smart one out of your stuff. ;-)

Samwise GamgeeFebruary 17, 2018 11:04 AM

"The question of whether encryption should or shouldn’t be compromised for “exceptional access” should not be treated as one of several in the encryption debate: it is the question."

From the EFF report.

Yes, that is exactly correct. "Exceptional access" is like claiming one can be a little bit pregnant. Once the access is there the debate no longer turns on whether access is possible but rather what kind of baby "access" is going to grow up to be. Given the history that the USA has had with the same kind of language in the 4A--viz. "reasonable"--I am pessimistic that the exceptional access baby will grow up into anything other than a social monster. The word "exceptional" is soothing to those who want to be soothed but it boils down to nothing more than a claim that "we are from the NSA/FBI and we are here to help."

Sancho_PFebruary 17, 2018 6:29 PM

@CallMeLateforSupper, Clive Robinson re “download as guest”

They don’t want you to create an account, simply they are unwise email address harvesters waiting for a data breach, and it requires JS.

Why not give them your address, say callmelate@mailinator.com, you’d make them happy and also could watch if they try to send you spam.
This “receive anymail only & short term watch” function is ideal for one time pads.
To read such emails requires JavaScript (https://mailinator.com).

But be aware, if you send an email (e.g. for test purposes) to such an instant address your sent email content + detailed metadata is totally public.
On the other hand, part of the metadata (header) can be very useful … check it out! (click text/html and select json)

- Oh it’s encrypted, damn, I don’t have the key, what to do now?

Sancho_PFebruary 17, 2018 6:31 PM

Re: NAS report

Indeed a low-grade paper, biased from the beginning, ignoring the truth:
Security means: Silent access is impossible.

Interestingly they have tried to define encryption but failed, no surprise.
Encryption is protecting value from snooping.
Encrypted content is kapu, keep out, not your business.
Easy, isn’t it?

Good points, as usual, from @Clive re “keyless possession” of gibberish. To persuade suspects to plea deals and confess before seeing court is the American way of justice but sadly it will be soon standard all over the world.

CallMeLateForSupperFebruary 18, 2018 8:00 AM

@Sancho_P

"[...] and [D/L?] requires JS."
I saw no evidence of JS, but it is possible that the reason I didn't is that the process aborted. No subsequent page loaded. I don't "do" JS.

"Why not give them your address, say callmelate@mailinator.com[...]"
Just to "poke the snake"? That game lo longer temps me. So much to do; so little time.

"To read such emails requires JavaScript (https://mailinator.com)."
JavaScript, yet again. I don't "do" JavaScript. Full stop.

Sancho_PFebruary 18, 2018 5:19 PM

@CallMeLateForSupper

I don't "do" JavaScript. Full stop.
My sincere condolences!

I don’t know how old you are, but if you intend to live a couple of years more:
What about a second hand box + OS of your preference + drive image,
just to enjoy life?
I’m not happy with JS either, but half of the Net’s fun doesn’t work without.

meFebruary 19, 2018 6:54 AM

@DG:
Second, an exceptional access mandate will help law enforcement and intelligence investigations in certain cases

i would add a fourth truth:
Strong encryption (the only possible one) always helps millions of people around the world everyday, even if they might not even notice it.

RSaundesFebruary 19, 2018 10:31 AM

The scariest bit of flawed thinking in the report:

Ray Ozzie, former chief technical officer and former chief software architect, Microsoft Corporation, argued that if a user trusts a vendor to update software, the user should be able to trust the vendor to manage keys that can provide exceptional access. He proposed that this extension of the trust model used for software updates could be used to provide government exceptional access to unlock mobile devices. Ozzie also provided the committee with materials describing how this approach could be extended to real-time communications such as messaging. {page 60}

This completely misses the point. I only trust Microsoft to update my software because I know they are pushing the same update to millions of people. Even if I don't examine it in detail, I can wait a week and see if it exploded on the Internet. Anything troubling they do will be detected by someone. That's not at all the same as decrypting just my data. If the implementation of exceptional access required Microsoft to disclose that it had decrypted all the data stored in all its phones and provided that data to some government, I might be on board. That act would have sufficient corporate implications to keep even Microsoft from undertaking it lightly.

CallMeLateForSupperFebruary 19, 2018 12:42 PM

@Sancho_P

Our respective usages of the internet are very different. I don't experience load failure on half of the web pages I visit.

Whenever a new malware "brand" appears on my radar,
I seek out technical descriptions in order to assess if, and the degree to which, it threatens my machine. In early years, running an OS other than Bill's Malware Magnet conferred great (though not absolute) immunity. In recent years I noticed a startling trend: increasingly, malware requires, *by design*, that a target run JavaScript because it is the means by which the death blow is delivered.

Clive RobinsonFebruary 19, 2018 1:10 PM

@ RSaunders,

I only trust Microsoft to update my software because I know they are pushing the same update to millions of people. Even if I don't examine it in detail, I can wait a week and see if it exploded on the Internet.

The same reasoning as to why I used to get various Linux and similar distro's from CD/DVD on well known magazine covers.

Sadly the Internet, has unfortunately made that route less viable these days as the mags either just gives links to the distro or to a copy on their own servers. Neither of which is anywhere near as secure if somebody is in a network node between your computer and either source there are several known ways to subvert any download you might make.

Tony H.February 19, 2018 2:09 PM

To be clear, my point ("complaint") with the US courts is not that they don't treat decisions from other common-law countries as binding precedents (they shouldn't), but that they never refer to them as part of their judicial reasoning. Presumably it is just an accepted concept that nothing legally useful could possibly take place in a foreign country. Other common-law countries' judges refer to each other's courts' reasoning (including US ones) all the time, particularly when there is some relatively novel situation to be decided. In the US it's "Not Invented Here so it must be wrong or at least useless".

Clive RobinsonFebruary 19, 2018 3:06 PM

@ CallMeLate..., Sancho_P,

In recent years I noticed a startling trend: increasingly, malware requires, *by design*, that a target run JavaScript because it is the means by which the death blow is delivered.

There always has to be a death blow in such matters, but rarely is it the "coup de grace" or literally, a "stroke of grace" we would call the mercy kill, normally it is the start of a world of pain.

Some long time ago I realised that a "Universal interpreted languge" had a flip side of being universal malware. Back in 1995 my main concern was the then nascent "Java" from Sun. But I realised shortly there after that the then number one browser, tried to jump on Java's name with the entirely unrelated Javascript. Back then The Sun product appeared to be the more dangerous of the two. What realy happend "Was in a Flash Adobe" proved how not to deploy safe software more times than I can remember... Users however "Wised up" and both Java and Flash unsuprisingly got killed in the browser as did other Adobe products.

This did not leave malware writers much choice so I realised JavaScript was next on their list so pulled that, and many commenters over the years on this web site have suggested I was in effect being paranoid. Now however "not so many" :-D

But I've already seen what's next and unless there are some supprise new contenders it's the abomination the W3C has forced on us called HTML5 and it's associated horrors inclufing WebAsm.

Some people as they say "Never learn" and when it comes to many "Web developers" I can see that wheel of history madly rotating along the Information Super Highway. Much like the supposed wheels on Queen Boudica's chariot with it's madly slashing sword hubs cutting down all before them, and leaving mass road kill.

But it's more insidious than just moronic web developers. HTML5 and the other recent outpourings from the W3C have a hidden hand guiding it down the "Collect it all" policy bot from the NSA but from the "Big5 in Silicon Valley" who see dollar signs in every personal bit they can extract. Something like 75% of HTML5 is by design insecure for the user, thus alowing ever more personal data to be harvested by Sillicon Valley...

All of which means we are right royally stuffed in the jacksy by them unless we take precautions. However turning off HTML5 vulnerabilities is quite difficult...

So we have a choice be data raped and sold to whomever has a pocket full of pennies, or give up "bells, whistles and the odd web page"... Personly the less support these born a minute idiots get in their endeavors the better I feel...

After all is it realy to much to ask for a Browser that only does the more secure HTML 3x tags?

Because the main point is only an idiot would let attack code run on their PC without a lot of mainly unreliable defensive code...

Sancho_PFebruary 20, 2018 6:25 PM

@CallMeLateForSupper, Clive Robinson

Maybe our Internet usage is different.
I understand and fully agree, it’s the browser’s fault not to give us the choice of security (but don’t forget the underlying OS … whenever the CPU happily transfers full control to the userland then there is game over, see the power of anti virus SW).

It’s only you don’t live without JS nowadays, there are too many services to miss. I’m on a Mac and enable JS only on well known sites (but know that’s not 100% security).
For “fun” I have a dedicated Linux machine (experimenting in the Net, music, video, youtube, …), dedicated LAN, no data or whatever there, for data transfer (if!) I use SD cards. From time to time I restore the image to clean the system (I do not trust VMs but also have a “clean” Mi$o running on it).

No, I don’t want to miss life because of danger, my time is too precious, I’m aware that it’s going to be worse every day.

John NadaFebruary 23, 2018 3:47 PM

No relation with the *content* of the post, but...

"It looks really good, although I have not read it yet."

I just *love* this sentence. You're ready to be a journalist, Sir.

Disappointing from the great Schneier. :-(

Herb LinFebruary 24, 2018 3:23 PM

If you don't like using your email address to download the report as a guest, just use foo@example.com. It works just fine - i use it all the time. And that's the fastest way to get past all of the various screens.

(I'm a former Academy staff person too.)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.