Feds put heat on Web firms for master encryption keys
Adam Back
adam at cypherspace.org
Fri Jul 26 07:10:57 PDT 2013
I suspect the companies cleverly saying they do not give keys are giving
account access or emails directly, and just engaging in misleading PR spin.
There's a lot of it been going on lately and people are seemingly niave
about reading PR spin. (Push vs pull access to data under blanket FISA blah
blah, right).
Basically the defacto behavior of justice system supoenas for ISPs is that
they'll try to get anything you have, and they'll even try to get things
they are legally prohibited from getting. So your best bet is to not have
anything useful to give.
Like "zero-knowledge" (spider oak, mozy online backup) meaning end2end
secure so only the user has the keys and the ISP holds cyphertext.
I do think asking for the server keys is too far, probably contravenes
multiple laws, and is ridiculously intrusive - giving access to everything.
Forward secrecy is a good step, and its confusing why not everyone is using
it. Google apparently is. Others not so much. People have been talking
about that since early 1990s. Still not prefering or enforcing forward
secret ciphersuite, seriously?
Probably time to deprecate HTTP (in favor of HTTPS) and deprecate
non-forward-secret ciphersuites, to a should-not or whathave you
(implementations might implement but must warn).
ps Pretty cool to see cypherpunks list back in action. And first post I
read was John Youngs longer dense poetic post. Just like old times :)
Adam
On Fri, Jul 26, 2013 at 01:46:02PM +0100, Karel BĂlek wrote:
>this is fucking disgusting
>
>(I am sorry, I had to say that)
>
>why do the big US companies bother with encryption anymore...
>
>On Thu, Jul 25, 2013 at 10:19 AM, Eugen Leitl <eugen at leitl.org> wrote:
>>
>> (See also https://en.wikipedia.org/wiki/Convergence_(SSL) )
>>
>> http://news.cnet.com/8301-13578_3-57595202-38/feds-put-heat-on-web-firms-for-master-encryption-keys/
>>
>> Feds put heat on Web firms for master encryption keys
>>
>> Whether the FBI and NSA have the legal authority to obtain the master keys
>> that companies use for Web encryption remains an open question, but it hasn't
>> stopped the U.S. government from trying.
>>
>> Declan McCullagh by Declan McCullagh July 24, 2013 4:00 AM PDT
>>
>> Large Internet companies have resisted the government's demands for
>> encryption keys requests on the grounds that they go beyond what the law
>> permits, according to one person who has dealt with these attempts.
>>
>> (Credit: Declan McCullagh)
>>
>> The U.S. government has attempted to obtain the master encryption keys that
>> Internet companies use to shield millions of users' private Web
>> communications from eavesdropping.
>>
>> These demands for master encryption keys, which have not been disclosed
>> previously, represent a technological escalation in the clandestine methods
>> that the FBI and the National Security Agency employ when conducting
>> electronic surveillance against Internet users.
>>
>> If the government obtains a company's master encryption key, agents could
>> decrypt the contents of communications intercepted through a wiretap or by
>> invoking the potent surveillance authorities of the Foreign Intelligence
>> Surveillance Act. Web encryption -- which often appears in a browser with a
>> HTTPS lock icon when enabled -- uses a technique called SSL, or Secure
>> Sockets Layer.
>>
>> "The government is definitely demanding SSL keys from providers," said one
>> person who has responded to government attempts to obtain encryption keys.
>> The source spoke with CNET on condition of anonymity.
>>
>> The person said that large Internet companies have resisted the requests on
>> the grounds that they go beyond what the law permits, but voiced concern that
>> smaller companies without well-staffed legal departments might be less
>> willing to put up a fight. "I believe the government is beating up on the
>> little guys," the person said. "The government's view is that anything we can
>> think of, we can compel you to do."
>>
>> A Microsoft spokesperson would not say whether the company has received such
>> requests from the government. But when asked whether Microsoft would turn
>> over a master key used for Web encryption or server-to-server e-mail
>> encryption, the spokesperson replied: "No, we don't, and we can't see a
>> circumstance in which we would provide it."
>>
>> Google also declined to disclose whether it had received requests for
>> encryption keys. But a spokesperson said the company has "never handed over
>> keys" to the government, and that it carefully reviews each and every
>> request. "We're sticklers for details -- frequently pushing back when the
>> requests appear to be fishing expeditions or don't follow the correct
>> process," the spokesperson said.
>>
>> Sarah Feinberg, a spokeswoman for Facebook, said that her employer has not
>> received requests for encryption keys from the U.S. government or other
>> governments. In response to a question about divulging encryption keys,
>> Feinberg said: "We have not, and we would fight aggressively against any
>> request for such information."
>>
>> Apple, Yahoo, AOL, Verizon, AT&T, Opera Software's Fastmail.fm, Time Warner
>> Cable, and Comcast declined to respond to queries about whether they would
>> divulge encryption keys to government agencies.
>>
>> Encryption used to armor Web communications was largely adopted not because
>> of fears of NSA surveillance -- but because of the popularity of open,
>> insecure Wi-Fi networks. The "Wall of Sheep," which highlights passwords
>> transmitted over networks through unencrypted links, has become a fixture of
>> computer security conventions, and Internet companies began adopting SSL in
>> earnest about three years ago.
>>
>> "The requests are coming because the Internet is very rapidly changing to an
>> encrypted model," a former Justice Department official said. "SSL has really
>> impacted the capability of U.S. law enforcement. They're now going to the
>> ultimate application layer provider."
>>
>> An FBI spokesman declined to comment, saying the bureau does not "discuss
>> specific strategies, techniques and tools that we may use."
>>
>> NSA director Keith Alexander, shown here at a Washington, D.C. event this
>> month, has said that encrypted data are "virtually unreadable."
>>
>> (Credit: Getty Images)
>>
>> Top secret NSA documents leaked by former government contractor Edward
>> Snowden suggest an additional reason to ask for master encryption keys: they
>> can aid bulk surveillance conducted through the spy agency's fiber taps.
>>
>> One of the leaked PRISM slides recommends that NSA analysts collect
>> communications "upstream" of data centers operated by Apple, Microsoft,
>> Google, Yahoo, and other Internet companies. That procedure relies on a FISA
>> order requiring backbone providers to aid in "collection of communications on
>> fiber cables and infrastructure as data flows past."
>>
>> Mark Klein, who worked as an AT&T technician for over 22 years, disclosed in
>> 2006 (PDF) that he met with NSA officials and witnessed domestic Internet
>> traffic being "diverted" through a "splitter cabinet" to secure room 641A in
>> one of the company's San Francisco facilities. Only NSA-cleared technicians
>> were allowed to work on equipment in the SG3 secure room, Klein said, adding
>> that he was told similar fiber taps existed in other major cities.
>>
>> But an increasing amount of Internet traffic flowing through those fiber
>> cables is now armored against surveillance using SSL encryption. Google
>> enabled HTTPS by default for Gmail in 2010, followed soon after by
>> Microsoft's Hotmail. Facebook enabled encryption by default in 2012. Yahoo
>> now offers it as an option.
>>
>> "Strongly encrypted data are virtually unreadable," NSA director Keith
>> Alexander told (PDF) the Senate earlier this year.
>>
>> Unless, of course, the NSA can obtain an Internet company's private SSL key.
>> With a copy of that key, a government agency that intercepts the contents of
>> encrypted communications has the technical ability to decrypt and peruse
>> everything it acquires in transit, although actual policies may be more
>> restrictive.
>>
>> One exception to that rule relies on a clever bit of mathematics called
>> perfect forward secrecy. PFS uses temporary individual keys, a different one
>> for each encrypted Web session, instead of relying on a single master key.
>> That means even a government agency with the master SSL key and the ability
>> to passively eavesdrop on the network can't decode private communications.
>>
>> Google is the only major Internet company to offer PFS, though Facebook is
>> preparing to enable it by default.
>>
>> Even PFS isn't complete proof against surveillance. It's possible to mount a
>> more advanced attack, sometimes called a man-in-the-middle or active attack,
>> and decode the contents of the communications.
>>
>> A Wired article in 2010 disclosed that a company called Packet Forensics was
>> marketing to government agencies a box that would do precisely that. (There
>> is no evidence that the NSA performs active attacks as part of routine
>> surveillance, and even those could be detected in some circumstances.)
>>
>> The Packet Forensics brochure said that government agencies would "have the
>> ability to import a copy of any legitimate key they obtain (potentially by
>> court order)." It predicted that agents or analysts will collect their "best
>> evidence while users are lulled into a false sense of security afforded by
>> Web, e-mail or VOIP encryption."
>>
>> With a few exceptions, even if communications in transit are encrypted,
>> Internet companies typically do not encrypt e-mail or files stored in their
>> data centers. Those remain accessible to law enforcement or the NSA through
>> legal processes.
>>
>> Leaked NSA surveillance procedures, authorized by Attorney General Eric
>> Holder, suggest that intercepted domestic communications are typically
>> destroyed -- unless they're encrypted. If that's the case, the procedures
>> say, "retention of all communications that are enciphered" is permissible.
>>
>> Valerie Caproni, who was the FBI's general counsel at the time this file
>> photo was taken, told Congress that the government needs "individualized
>> solutions" when "individuals who put encryption on their traffic."
>>
>> (Credit: Getty Images)
>>
>> It's not entirely clear whether federal surveillance law gives the U.S.
>> government the authority to demand master encryption keys from Internet
>> companies. "That's an unanswered question," said Jennifer Granick, director
>> of civil liberties at Stanford University's Center for Internet and Society.
>> "We don't know whether you can be compelled to do that or not."
>>
>> The government has attempted to use subpoenas to request copies of encryption
>> keys in some cases, according to one person familiar with the requests.
>> Justice Department guidelines say subpoenas may be used to obtain information
>> "relevant" to an investigation, unless the request is "unreasonably
>> burdensome."
>>
>> "I don't know anyone who would turn it over for a subpoena," said an attorney
>> who represents Internet companies but has not fielded requests for encryption
>> keys. Even a wiretap order in a criminal case would be insufficient, but a
>> FISA order might be a different story, the attorney said. "I'm sure there's
>> some logic in collecting the haystack."
>>
>> Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation,
>> challenged the notion that current law hands the government the power to
>> demand master encryption keys. Even with a FISA order for the private key,
>> Opsahl said, the amount of technical assistance that a company must provide
>> to the NSA or other federal agencies "has a limit."
>>
>> Federal and state law enforcement officials have previously said encrypted
>> communications were beginning to pose an obstacle to lawful surveillance.
>> Valerie Caproni, the FBI's general counsel at the time, told a congressional
>> hearing in 2011, according to a transcript:
>>
>> Encryption is a problem, and it is a problem that we see for certain
>> providers... For individuals who put encryption on their traffic, we
>> understand that there would need to be some individualized solutions if we
>> get a wiretap order for such persons... We are suggesting that if the
>> provider has the communications in the clear and we have a wiretap order,
>> that the provider should give us those communications in the clear.
>>
>> "One of the biggest problems with compelling the [private key] is it gives
>> you access to not just the target's communications, but all communications
>> flowing through the system, which is exceedingly dangerous," said Stanford's
>> Granick.
>>
>> Update, 11:40 a.m. PT: Adds additional comments from a Facebook
>> representative saying the company has not received such requests.
>>
>> Disclosure: McCullagh is married to a Google employee not involved with this
>> issue.
More information about the cypherpunks
mailing list