British Intelligence Wants Access to Cloud Information and Encrypted Devices
Ami Rojkes Dombe
| 13/12/2018
https://youtu.be/FR1OrwsDm4g
Two senior officials at the British Government Communications Headquarters (GCHQ) recently co-wrote an article titled “Principles for a More Informed Exceptional Access Debate,” which was published on the Lawfare blog.
“The authors represent both the intelligence and security missions in GCHQ. One (Ian Levy) is the Technical Director of the National Cyber Security Centre, the other (Crispin Robinson) the Technical Director for Cryptanalysis for GCHQ.
“GCHQ also houses the National Technical Assistance Centre, the part of the UK government that manages targeted access to communications and complex digital forensics – including encrypted devices – for UK law enforcement, so we understand many of the challenges facing them.
“The UK government strongly supports commodity encryption. The Director of GCHQ has publicly stated that we have no intention of undermining the security of the commodity services that billions of people depend upon and, in August, the UK signed up to the Five Country statement on access to evidence and encryption, committing us to support strong encryption while seeking access to data.
“Any functioning democracy will ensure that its law enforcement and intelligence methods are overseen independently, and that the public can be assured that any intrusions into people’s lives are necessary and proportionate. In the UK, under the Investigatory Powers Act 2016, that means a Secretary of State and an independent judge must both sign-off the use of the most intrusive powers. We believe this provides world-class oversight of our law enforcement and intelligence agencies.”
Regarding the use of decryption tools, the officials say the debate should not only focus on the technical aspect. “It’s not just the technical details that are important. It’s also important that we’re clear about what is actually useful to law enforcement, and that’s not always been consistently explained. Without an open, consistent approach, people talk about what they think law enforcement wants, rather than what would be useful.”
Service Providers Should Cooperate
“Service providers should help law enforcement to understand the evolution of their products and services to help law enforcement keep current without wasting resources reverse engineering things. […] Any exceptional access solution should not fundamentally change the trust relationship between a service provider and its users.
“This means not asking the provider to do something fundamentally different to things they already do to run their business. […] Any solution should be subject to some form of peer review and incremental implementation. The public has been convinced that a solution in this case is impossible, so we need to explain why we’re not proposing magic. That’s different to traditional intercept.”
Levy and Robinson also address the matter of public trust in information security. “Much of the public narrative on this topic talks about security as a binary property; something is either secure or it’s not. This isn’t true – every real system is a set of design trade-offs. […] We should be honest about that – the systems we use today aren’t perfectly secure.”
The officials also claim that there is no single solution to enable lawful access to all the information the government wants. “…We definitely don’t want governments to have access to a global key that can unlock any user’s data. Government-controlled global key escrow systems would be a catastrophically dumb solution in these cases. Furthermore, solutions should be designed so the service provider – in the form of a real human – is involved in enacting every authorized request, limiting the scale of use.”
Access to Cloud Backups
“Under UK law, the government has the power to authorize Equipment Interference. That includes everything from covertly entering a suspect’s house to copy data through to more technical things like ‘awful hacking.’ Lawful hacking of target devices initially sounds attractive as the panacea to governments’ lawful access requirements – just hack the target’s device and get what you want. But that requires governments to have vulnerabilities on the shelf to use to hack those devices, which is completely at odds with the demands for governments to disclose all vulnerabilities they find to protect the population. That seems daft.”
So what do the GCHQ officials suggest? “We’re not talking about weakening encryption or defeating the end-to-end nature of the service. In a solution like this, we’re normally talking about suppressing a notification on a target’s device, and only on the device of the target and possibly those they communicate with. That’s a very different proposition to discuss and you don’t even have to touch the encryption.
“…We collectively need to decide whether hardware changes are a reasonable thing to ask a vendor to do. Also, the vendor isn’t generally involved in encrypting an individual device, unlike calls or chats made online. Getting the data off the device itself may end up being hard, but perhaps there are other ways, for example, in some cases, by getting access to cloud backups. If those backups are encrypted, maybe we can do password guessing on big machines. Again, the details matter.”
https://youtu.be/FR1OrwsDm4g
Two senior officials at the British Government Communications Headquarters (GCHQ) recently co-wrote an article titled “Principles for a More Informed Exceptional Access Debate,” which was published on the Lawfare blog.
“The authors represent both the intelligence and security missions in GCHQ. One (Ian Levy) is the Technical Director of the National Cyber Security Centre, the other (Crispin Robinson) the Technical Director for Cryptanalysis for GCHQ.
“GCHQ also houses the National Technical Assistance Centre, the part of the UK government that manages targeted access to communications and complex digital forensics – including encrypted devices – for UK law enforcement, so we understand many of the challenges facing them.
“The UK government strongly supports commodity encryption. The Director of GCHQ has publicly stated that we have no intention of undermining the security of the commodity services that billions of people depend upon and, in August, the UK signed up to the Five Country statement on access to evidence and encryption, committing us to support strong encryption while seeking access to data.
“Any functioning democracy will ensure that its law enforcement and intelligence methods are overseen independently, and that the public can be assured that any intrusions into people’s lives are necessary and proportionate. In the UK, under the Investigatory Powers Act 2016, that means a Secretary of State and an independent judge must both sign-off the use of the most intrusive powers. We believe this provides world-class oversight of our law enforcement and intelligence agencies.”
Regarding the use of decryption tools, the officials say the debate should not only focus on the technical aspect. “It’s not just the technical details that are important. It’s also important that we’re clear about what is actually useful to law enforcement, and that’s not always been consistently explained. Without an open, consistent approach, people talk about what they think law enforcement wants, rather than what would be useful.”
Service Providers Should Cooperate
“Service providers should help law enforcement to understand the evolution of their products and services to help law enforcement keep current without wasting resources reverse engineering things. […] Any exceptional access solution should not fundamentally change the trust relationship between a service provider and its users.
“This means not asking the provider to do something fundamentally different to things they already do to run their business. […] Any solution should be subject to some form of peer review and incremental implementation. The public has been convinced that a solution in this case is impossible, so we need to explain why we’re not proposing magic. That’s different to traditional intercept.”
Levy and Robinson also address the matter of public trust in information security. “Much of the public narrative on this topic talks about security as a binary property; something is either secure or it’s not. This isn’t true – every real system is a set of design trade-offs. […] We should be honest about that – the systems we use today aren’t perfectly secure.”
The officials also claim that there is no single solution to enable lawful access to all the information the government wants. “…We definitely don’t want governments to have access to a global key that can unlock any user’s data. Government-controlled global key escrow systems would be a catastrophically dumb solution in these cases. Furthermore, solutions should be designed so the service provider – in the form of a real human – is involved in enacting every authorized request, limiting the scale of use.”
Access to Cloud Backups
“Under UK law, the government has the power to authorize Equipment Interference. That includes everything from covertly entering a suspect’s house to copy data through to more technical things like ‘awful hacking.’ Lawful hacking of target devices initially sounds attractive as the panacea to governments’ lawful access requirements – just hack the target’s device and get what you want. But that requires governments to have vulnerabilities on the shelf to use to hack those devices, which is completely at odds with the demands for governments to disclose all vulnerabilities they find to protect the population. That seems daft.”
So what do the GCHQ officials suggest? “We’re not talking about weakening encryption or defeating the end-to-end nature of the service. In a solution like this, we’re normally talking about suppressing a notification on a target’s device, and only on the device of the target and possibly those they communicate with. That’s a very different proposition to discuss and you don’t even have to touch the encryption.
“…We collectively need to decide whether hardware changes are a reasonable thing to ask a vendor to do. Also, the vendor isn’t generally involved in encrypting an individual device, unlike calls or chats made online. Getting the data off the device itself may end up being hard, but perhaps there are other ways, for example, in some cases, by getting access to cloud backups. If those backups are encrypted, maybe we can do password guessing on big machines. Again, the details matter.”
