When introducing the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 (the Bill), Minister for Home Affairs, Peter Dutton, stated ‘New communications technology, including encryption, is eroding the capacity of Australia's law enforcement and security agencies to investigate serious criminal conduct and protect Australians’. The Bill contains measures to strengthen the ability of Australia's law enforcement and national security agencies to deal with the challenges of encryption.
As Mr Dutton notes, although effective encryption is key to the security and privacy of electronic communications, its strength presents a vexed issue for authorities who desire to access these communications for security and law enforcement purposes. With the Parliamentary Joint Committee on Intelligence and Security (PJCIS) now reviewing the Bill, it is worth examining how end-to-end encryption works and some of the technical means by which access might be obtained to encrypted communications.
What is E2EE?
Fundamentally, end-to-end encrypted (E2EE) applications are encrypted from the sender of information all the way to the receiver. The security of this E2EE system is enhanced by using ‘public-key cryptography’, which avoids the sending of passkeys that could potentially be intercepted. In public-key cryptography, algorithms are used to generate two numbers: the ‘public key’ and ‘private key’. These keys can be generated by a number of well-known commercially available algorithms, for example RSA.
The public key is distributed to anyone who wants to send a message to the owner of the private key. The public key is used to encrypt the message, while the recipient uses their private key to decrypt. This method differs from older systems of encryption, which required the use of a single shared key, leading to trafficking of code-books to keep the key secret. Public-key cryptography is also used for digital signatures.
Intercepting a message sent using E2EE would provide access to the public key and the encrypted message, but not the unencrypted message (at either end) or the private key, which was never sent. Additional complexity is used in most communications, with sender and receiver using digital signatures in addition to encryption to simultaneously verify the identity of the sender and prove that data has not been modified. This is known as ‘enveloped public key encryption’.
How hard is it to break this encryption, for data encrypted to an up-to-date standard? It has been estimated to take 6,400,000,000,000 years using a 2009-era desktop computer. Supercomputers like China’s Sunway TaihuLight are up to three million times faster than that, and can perform 93 quadrillion calculations per second, so cracking a message might be possible in only 2 million years. This clearly isn’t feasible! Weaker, older, standards exist, but obsolete methods are rapidly phased out when vulnerabilities are found.
If E2EE with public-key cryptography is correctly and carefully used (in the absence of surveillance of keystrokes, for example), then no intercepting party, including the application itself, can access the unencrypted information. Any method that could allow access within the application weakens this protocol.
Possible means of access
Exceptional access and responsible encryption
There are a few methods by which the E2EE system described above could be modified to allow ‘exceptional access’ to unencrypted information. The main methods entail:
- duplicating and storing unencrypted communications (presumably with the application developer) as the message is being sent
- storing the access credentials of the user with either a trusted third party or the application developer (a ‘key escrow’) or
- weakening the encryption standards to make encrypted communications feasible to crack with enough computing power.
These mechanisms may all be effective, but they also carry risks.
With regard to weakening encryption standards, if the computing power of the government is sufficient to break the encryption, then there are many other governments and well-resourced non-state actors that can also break through. In the case of both key escrow and duplication of messages, either the transmission of the private key or the repository itself are rendered potentially vulnerable to outside attack—or leaking from insiders—and if these processes are compromised then the system faces a potentially catastrophic breach. Debates on exactly these methods have been going on for decades, with little progress.
To see the risks of these systems, it is worth considering the analogy of the United States Transport Safety Administration approved ‘Safe Skies’ luggage locks (shown above), which grant master-key access to locked luggage, bypassing the user’s combination lock. In recent years, this system has been completely compromised, with all master key designs available online for 3D printing after the final key (of eight) was released by a group seeking to demonstrate the dangers of weakening online security.
An additional complication is that many apps also publish their source code so users can examine it for vulnerabilities and backdoors, as well as being able to build their own private versions of the software. Therefore, if exceptional access methods were built into well-known applications, security-conscious users would be able to rapidly build their own applications once they were alerted to (accidental or deliberate) vulnerabilities.
Direct device access
Is it technically feasible for an organisation to break into your encrypted conversation without some kind of exceptional access? Not using known methods at current encryption standards, as discussed above. However, if application security is preserved, then approaches such as the German model may be an alternative. Recent amendments to Germany’s investigative powers have allowed the use of ‘state trojans’ to provide full access to devices directly, by exploiting security vulnerabilities in other software or hardware and bypassing any need to break encryption. This process gives total access to the target machine, across all applications and pre-empting encryption. This form of access is significantly stronger than merely compromising user accounts, which for fully end-to-end encrypted traffic would not give access to the information, as it is only decrypted on the source and target machines. The current Bill proposes significant access for this kind of data interception.
Note that even under a direct device access model there is the complication that many applications (including Signal, Facebook Messenger, iMessage and WhatsApp) allow manual or automatic deletion of messages, so compromising the device may not yield a full message history. Furthermore, users may deploy methods—such as disconnecting devices from the network and then transferring encrypted messages in one direction only to those machines—to protect from all remote access attempts.
Exceptional access versus backdoors
A key point of debate is whether exceptional access methods are synonymous with backdoors. In the technology community, ‘backdoors’ are known to facilitate—either accidentally or deliberately—access to unencrypted data, bypassing encryption. The Australian Government stated explicitly in the Bill and Explanatory Memorandum that systemic weaknesses/‘backdoors’ will not be required even in the case of the issuing of a ‘technical capability notice’ (see Division 7), which requires providers to assist authorities by building capabilities to access information. However, commitments of this kind may still come down to a matter of definition. For example, officials in the United States, when arguing for ‘responsible encryption’, have previously stated that ‘exceptional access’ measures are not backdoors. Many in the cryptography community disagree. A recent article on the US Lawfare blogsite argues:
[t]he encryption debate is about not privacy versus security, but rather, the efficiency of law enforcement investigations versus personal, business, and national security. In other words, it is a debate over security versus security. The wide public availability of strong encryption must be understood as critically necessary for security.
With the ‘Five Eyes’ countries of the US, UK, Canada, NZ and Australia issuing a Statement of Principles on Access to Evidence and Encryption, it seems likely that the debate in Australia will be the beginning of a much wider international consideration of this complex issue.