NSA

Feds Twist Tech Companies' Arms for Backdoor Access to Encryption

|

Reason 24/7
Reason

With all of the recent revelations about government snooping on phone calls and Internet activity, the natural reaction of the tech savvy has been to turn to encryption to put their communications beyond the reach of snoopy officials. For people less willing or able to master encryption software, many Internet companies are easing the process by building electronic security into their services. As it turns out, this concerns government officials to such an extent that they're demanding the keys to the store from companies great and small, so that they can peruse files, posts and emails at their leisure.

From CNet:

The U.S. government has attempted to obtain the master encryption keys that Internet companies use to shield millions of users' private Web communications from eavesdropping.

These demands for master encryption keys, which have not been disclosed previously, represent a technological escalation in the clandestine methods that the FBI and the National Security Agency employ when conducting electronic surveillance against Internet users.

If the government obtains a company's master encryption key, agents could decrypt the contents of communications intercepted through a wiretap or by invoking the potent surveillance authorities of the Foreign Intelligence Surveillance Act. Web encryption—which often appears in a browser with a HTTPS lock icon when enabled—uses a technique called SSL, or Secure Sockets Layer.

"The government is definitely demanding SSL keys from providers," said one person who has responded to government attempts to obtain encryption keys. The source spoke with CNET on condition of anonymity.

If you're saying to yourself, "Wow, I didn't know the law let the feds do that," well, you're in good company. The law doesn't seem to let the feds demand that people build holes into their encryption (although this is a new and unclear area). But really, what's a lack of legal authority when you have the ability to strong-arm companies into compliance?

The person said that large Internet companies have resisted the requests on the grounds that they go beyond what the law permits, but voiced concern that smaller companies without well-staffed legal departments might be less willing to put up a fight. "I believe the government is beating up on the little guys," the person said. "The government's view is that anything we can think of, we can compel you to do."

It's good to be king. Especially if you're nosy.

Follow this story and more at Reason 24/7.

Spice up your blog or Website with Reason 24/7 news and Reason articles. You can get the widgets here. If you have a story that would be of interest to Reason's readers please let us know by emailing the 24/7 crew at 24_7@reason.com, or tweet us stories at @reason247.

Advertisement

NEXT: Oath Keepers Group Places Massive Pro-Snowden Ad Inside Pentagon Metro Station

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Only way to protect us all from terrorism, don’t you know?

  2. I believe the government is beating up on the little guys

    That seems to be their favorite thing to do. They have to beat down the little guys so that their favored cronies can prosper.

    1. And they’re going after the low-hanging fruit first.

  3. Only Nixon could go to China, and only Obama could burn the entire fucking bill of rights in two terms.

    1. With no media or partisan Congress to take him to task, there really isn’t anything Obama can’t do. It really is terrifying when you think about it. The guy sicked the IRS on his enemies, ordered the assassination of two American citizens who were both in an obsessively allied country nowhere near a combat zone, and sent thousands of guns to Mexico for the purpose of using their presence there as a justification for domestic gun control. And those are just the more notable things. There are hundreds of other things he has done that would have been at least major distractions for any other President but were never really noted or outright defended for this one.

      1. I stopped saying “I can’t believe this” about a year ago.

        I’ve reached the point where I would believe news reports that said he watched crush videos while being serviced by his daughters.

        1. His defenders will defend anything. When it came out that he met with the Chief Counsel of the IRS two days before the very same chief counsel issued the guidelines that targeted the Tea Party, his defenders said there was nothing suspicious about that. This is just creating a controversy where there is none there. They still claim Fast and Furious was an honest mistake even though there is no way the program could have ever resulted in anything but thousands of guns going to Mexico.

          If such a video as you describe were released, they would first claim it was a fake, second claim the real issue is how the evil Republicans violated Obama’s privacy and then finally just call it old news and a non-scandal that no one cares about anyway.

  4. http://www.foreignpolicy.com/a….._profiling

    It is striking to compare Obama’s deliberate and thoughtful commentary about the tragic killing of Trayvon Martin with the military tactic that will forever characterize his presidency: killing people with drones. The president posits that it is wrong to profile individuals based upon their appearance, associations, or statistical propensity to violence. By extension, he believes that, just because those characteristics may seem threatening to some, the use of lethal force cannot be justified as self-defense unless there are reasonable grounds to fear imminent bodily harm. But that very kind of profiling and a broad interpretation of what constitutes a threat are the foundational principles of U.S. ‘signature strikes’ ? the targeted killings of unidentified military-age males.”

    BURN!!!

    1. nice!

  5. I distinctly recall this being debated and largely defeated back when the Clinton administration was trying to shove it down our throats, along with most of what eventually was passed in USA Patriot.

    The idea that either party, when in power, gives a shit about limited government or civil liberties is a hoot.

      1. Yeppers. My law review article was on that lovely disaster they tried to impose on civil liberties and security best practices.

        A known backdoor is a known place to focus your exploit efforts.

  6. I dunno that I’d call this asking for a “backdoor”. Having the encryption key seems like going through a front door, to me.

    And as mentioned near the end of the article, this is why more sites need to implement perfect forward secrecy, but Google is the only major firm that has done so.

    1. Yeah, it’s kind of like, “Oh, here’s my passwords and shit – come right in.”

      But the government does love “the back door”, if ya know what I’m sayin’…

    2. PFS is really only good for ACCIDENTAL release of the private keys in an encryption scheme.

      If one of the parties is intentionally creating its keys in a manner that allows the government to recreate them, then the government can still record your conversation, identify the key and decrypt it. It is more work, yes, but we have seen that the government is up to the task.

      The simple fact is that if a company can be compelled to hand over its private key for standard RSA, they can be compelled to hand over the key-generation details (or compromise key generation) such that the government can sneak that data in.

      1. Fair enough

        1. The problem is that two way encryption depends on you and the other party trusting that the other is doing the right thing.

          With basic RSA (run o the mill HTTPS) you are trusting that the other company will keep its private keys safe. With PFS, you are trusting that the temporary keys they issue for each transaction are not generated in a way that someone else could recreate. There is no way for you to verify they are doing the right thing, just as there is no way to verify that they are putting your

          By the way. Recently, there was a big hooplah when a big RSA token manufacturer publicized that their tokens may have been compromised and everyone needed to re-issue. If I were a government that was annoyed about all the VPN activity going on around the country, I would certainly be working with that company to deploy a more…accessible…communications stream.

          1. Grrrr…
            ^There is no way for you to verify they are doing the right thing, just as there is no way to verify that they are putting your data in a secure place once it reaches their network.

  7. The U.S. government has attempted to obtain the master encryption keys that Internet companies use to shield millions of users’ private Web communications from eavesdropping.

    Is this just bad journalism, or are these companies using a type of encryption with which I’m unfamiliar?

    True encryption doesn’t have a “master key”. Even the creator of the encryption scheme can’t read your data. So the one option these companies have is to provide them with data or access prior to the stream– which the company itself may not have control over.

    The other option is to start using non-true encryption schemes which actually do have back doors.

    1. True encryption doesn’t have a “master key”. Even the creator of the encryption scheme can’t read your data.

      This is about SSL. It would be pointless if the other end couldn’t read it.

      1. Oops, you’re probably talking about decrypting archived data after-the-fact. Nevermind.

        1. See below, I was talking about all of it, but I’m apparently misinformed about the ways an SSL session is formed. I have my required reading.

    2. When you generate an SSL certificate, it’s a public key and a private key pair. The webserver serves out the public key, and the browser uses that to encrypt the first request to the server. The server uses it’s private key to decrypt that request, and the server and browser negotiate a one-time-key for symmetric encryption, that only they know.

      The browser decides whether to trust the public key it receives based on who it was signed by — if it was signed by one of the authorities it trusts (Verisign, Thawte, DOD, etc.), then it makes the connection and tells you it is safe. If it doesn’t trust who signed it (SweatingGin’s Totally Not Fraud Certifying Authority), it warns you with a red screen or error message, and the user clicks ‘trust it anyway’ and goes on with his day.

      If you’ve got the private key, you can toss up your own server between the user and the server (called a man-in-the-middle attack). It’s simple. Get the request from user, decrypt it to read/modify/store, re-encrypt, pass it on to server. Repeat in the other direction as well. Neither knows they are being surveiled.

      1. It just occurred to me that perhaps Paul is talking about decrypting archived communications.

        1. This thread scares the shit out of me, so I figure anyone still reading it can benefit from a brief high-level view of the attack, maybe get as scared as me on it.

          I’d almost managed to forget about this little device.

        2. I was talking about all of it.

          Again, if the NSA can to outside the stream, encryption doesn’t matter. If BofA lets the NSA sit on its servers, then ‘master keys’ are not important– my misunderstanding of the fact that SSL seems to use symmetric encryption not withstanding.

          For instance, in theory (knowing nothing about Skype’s particular encryption methodology) if two users connect with skype, if Skype has done the right kind of encryption, even if a skype conversation goes THROUGH a Microsoft Server, Microsoft would be unaware of the content of that stream. Now, if MS is using SSL encryption, then yes, MS is the man in the middle, and they can do whatever they want.

          1. From what I understand, Skype originally “couldn’t” read the data going through them. After they got bought by MS…

            Today, though, they certainly can and do:

            Microsoft computer accesses webpage mentioned only in encrypted Skype chat.

            1. been going on for a while (hence TOR exists) but was bound to come out.

              To quote Rip Torn in MiB:

              Sucks doesn’t it?

      2. I guess I’m slightly misinformed about SSL encryption. I thought that the certificates set up a trust layer– ie, you are who you say you are, but then the keys were randomly generated for the session. I did some reading and I guess SSL does use symmetric encryption, but asymmetric authorization. Huh.

        1. The initial connection is asymmetric, and used to agree on a new randomly generated key for the rest of the connection. After that it uses symmetric with that shared key, yea. It would be a huge CPU/performance hit to do asymmetric for all of the connection.

          You’re correct about the randomly generated sessions key.

          1. You’re correct about the randomly generated sessions key.

            I’ll have to do some more reading about exactly how SSL works. Am I not understanding that with randomly generated session keys, that there is no master key if you’re the ‘man in the middle’?

            1. master key is probably a bad choice of terms, I assume they were meaning private key. I guess it goes back to your first question: bad journalism, as well.

              Either way, interesting/scary stuff.

            2. Here is the crux. There is no need to be MitM if you strong arm the company you are conversing with. This has always been the case. SSL provides reasonable crypto on “untrusted connections”, that prevents to a large degree MitM attacks i.e. the other party is not “helping” the third party. PFS is an improvement sense the likelihood of compromising a single key per user is much higher than a key per session or even multiple per session.

              This of it this way, You can talk to bob in a secret room in code, but if bob agreed to wear a wire (absent your knowledge of course) then your speaking in code isn’t going to stop him sharing that code with the people who gave him the wire.

              1. This = Think and that last paragraph is to demonstrate that this would NOT be a man in the middle attack. This would be collusion.

                1. This would be collusion.

                  Progressives call it a public/private partnership. And the word ‘invest’ is usually in the sentence somewhere.

                  1. Both collusion and public/private partnership are nice ways to describe it.

              2. Here is the crux. There is no need to be MitM if you strong arm the company you are conversing with

                Never underestimate the government’s ability to yadda yadda…

                This is my primary concern. That if your communication is two-way, between you and the company, technical details about master-keys aside, if BofA lets the government on their server, none of it matters.

                1. correct, and NOT a mitm attack. BUT, just as reprehensible. At least this way there is a chance the company (Nachio at Qwest for example) not cooperating or even blowing the whistle. With a true MitM, the whole point is NO ONE KNOWS IT IS HAPPENING!

                2. “This is my primary concern. That if your communication is two-way, between you and the company, technical details about master-keys aside, if BofA lets the government on their server, none of it matters.”

                  Well, it is pretty clear that the government can require gmail give a complete dump of your account for them to peruse. The problem is they need to request this DETAILED, PERSONAL data on a case by case basis.

                  On the other hand, if they can decrypt your communications to gmail, they can get anything that you view in that session…And with most online mail, that includes the first 20 – 50 email message subjects, senders and maybe a sentence or two from the top of the email. Now imagine that they have been recording your connections to gmail for the past month…they basically know what emails you have been receiving for the past month.

                  Of course, email is a bad example, since they already have your emails from when they transited the internet to reach Google. All of them. But the point is valid for other communications- banks, chat sessions, searches, etc.

            3. This isn’t a man in the middle.

              The government is recording everything that transits the internet. Everything. Now how long they hold this is subject to how many billions of dollars they can throw at cheap storage farms and hadoop clusters to parse and organize the data.

              With public/private encryption both parties have the ability to encrypt a conversation but only the holder of the Private key can decrypt it. You could encrypt anything you post to the Host web server, but what about the data that the server sends to you? You could generate another Private/Public pair and send the host YOUR public key to encrypt, but this is computationally expensive. (On the order of 10 – 30% increase in overhead).

              Instead, in HTTPS, your browser sends a SHARED SECRET encrypted by the public key. Both sides of that connection will then use that secret to encrypt the rest of the conversation.

              The problem is, if the government knows the initial Private key used to share the initial secret, they can decrypt the entire communication.

  8. “The government’s view is that anything we can think of, we can compel you to do.”

    Uhm, yes and there’s supreme court precedent for that as well. Welcome to the Affordable Care Act.

    And people don’t think there’s a link between Stop-n-Frisk and a sugary drink ban. They’re absolutely connected.

  9. “The government is definitely demanding SSL keys from providers,” said one person who has responded to government attempts to obtain encryption keys.

    If they’re getting SSL private keys, that’s a Big Fucking Deal. And really no way to defend against that. There are commercial boxes that do a MITM attack, just toss a cert on it.

    Of course, even without the private key, realize that your browser almost certainly trusts the DOD’s root CA, and tons of other ones, and plenty of those may be willing to issue a cert for, say, “google.com” to the NSA with a little arm twisting. Those would be detectable, though (when you see a cert for google issued by a different provider than you expect, or issued by the DOD, etc.)

    1. You don’t even need a MITM attack. You just tap the network and suck the data in. Tons of the Internet’s backbone links are vulnerable to this. Hell- a significant number of them are OWNED AND OPERATED by the US government.

      Once you have the private keys, its as simple as parsing the packet data and assembling it into a “session” (i.e. during a period of time, this host was talking to gmail.com) then you decrypt the initial connect negotiation with your private key, and then you have the entire conversation. And basically, the government has the subject, sender and first few sentences at the top of your email box. This isn’t enough for them to really fuck with you, but they now have enough to find some reason to get an NSA letter to google, who will then expeditiously dump your entire mailbox onto an FTP site for them.

      1. That’s true, yea, if you have the start of the connection, and the private key, you can see the whole thing. They probably even have tools to replay a session (ie, so they can view what you did in a “browser” window)

  10. Twisting arms for backdoor access, I didn’t know that Steve Smith was working for the NSA

  11. Oh, yeah. I have lots of confidence that big companies (you know, like Microsoft and Google) are going to put up a big fight when it comes to push back against government surveillance. Yeah, lots and lots of confidence.

    1. In those companies’ defense, they have done quite a bit to fight this. Google is passively resisting and publishing what statistics it hasn’t been compelled to hide.

      It was revealed that Yahoo basically took the government to court (in secret) and fought through multiple appeals, ultimately losing the battle and being compelled to hand over information to the government. (This was not regarding private keys, but regarding setting up a faster mechanism for responding to NSA letters and other demands for information).

      I’m sure it is on a company by company basis, but most companies know that privacy is one of the products they sell to customers. And they really don’t want to be on record as loose with those customers’ data.

      1. Your last paragraph nails it.

        While they may be under court order to not divulge secrets about data requests, I seriously doubt that they were forced by court order to brag about how well they protect their customers’ privacy which is what they did.

        Now that we know that the government can keep them from informing their customers about the mass surveillance of their networks, then nothing they can say from now on can be trusted.

  12. You need to make sure the sites you are visiting that are “secure” are using PFS (perfect forward secrecy). There are a number of cryptographic algorithms for this and the ssl cert is not sufficient to decrypt traffic. I refer you to and you can verify withthis one.

    1. there are two links there:

      1)netcraft

      2)ssl-labs

      1. As I said above, this is not accurate.

        PFS basically uses some added computation for both the browser and host to agree on a secret. That secret MUST be computed by the host (and browser) somehow.

        Instead of the government demanding the Host company send its private key, the government can as easily compel the company to share its secret generation algorithm or adopt one that they can reproduce.

        Don’t get me wrong, there is still value to PFS, but if the government is (successfully) compelling a company to give their private key, they can compel them to implement PFS in a way that allows them to eavesdrop.

        The only way a company can legitimately refuse government compulsion is if they CAN’T read your stuff either.

Please to post comments

Comments are closed.