Australia’s New Encryption Legislation – Major Changes Required
Australia passed its disastrous “Access and Assistance” legislation – a political farce with terrible consequences for society and the technology industry – and I firmly believe that this legislation is attempting the impossible. Partly because the topic is technically-challenging, what’s left out of the media discussion is feasibility. Can this legislation achieve the stated aim of giving law enforcement access to messages exchanged by “criminals and terrorists”?
I believe not. The most significant part of the legislation creates a system of Technical Assistance Requests (TARs) via voluntary assistance, Technical Assistance Notices (TANs) via a legally binding direction for a communications provider to use some existing capability or capabilities to assist a law enforcement or national security agency, and – most controversially – Technical Capability Notices (TCNs) via a direction from the government to create an entirely new capability – all of which can be issued to communications providers and devices manufacturers, in Australia and around the world.
The technology industry has many concerns – including risks of agencies creating back-doors into devices such as smartphones or corporate / government VPNs, or powers to order that surveillance software be installed in devices or services – and in the process, putting national cybersecurity at greater risk.
Members of the Australian technology industry have warned that the Government’s encryption bill would devastate their reputation, triggering job losses and a reduction in exports.
The government has repeatedly stated that it is not interested in “inserting backdoors” in encryption software, or otherwise undermining encryption.
The legislation does, however, give agencies the power to do just that. In Section 317E, “removing one or more forms of electronic protection” is listed as one of the activities that can be the subject of law enforcement requests.
However, the government is wise to downplay any specific interest in this approach, because it’s the least plausible attack.
Weakening the encryption ciphers was once feasible. The NSA persuaded technologists to adopt a compromised cipher called DES (the Data Encryption Standard), but cryptanalysts discovered its weakness and replaced it.
That didn’t stop the NSA from inserting a backdoor in the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG), which permitted the theft of keys. As this Wikipedia history explains, doubts had been expressed over the design of Dual_EC_DRBG even before Edward Snowden’s leaks in 2014 made it clear the standard was compromised. As a result, it was withdrawn.
Since then, suspicion of NSA-authored cryptography remains so high that this year, the agency’s “Simon” and “Speck” encryption algorithms were excised from ISO standards.
So, it’s impossible to get a “breakable” cipher into a standard, but what if the Australian government instead persuaded a vendor to push a weak cipher only for a specific user?
Keeping that secret from a moderately-capable victim is implausible because it would change the checksum of the application. Anyone can test the authenticity of software by seeing if what’s installed on their computers matches what was published by the vendor. If it doesn’t match, that moderately-capable victim would re-install the original, tamper-free version of their software.
There’s another way in which tampering with the cipher would risk exposure. In a scheme such as SSL (Secure Sockets Layer), the first message a client sends to establish an encrypted session is the “client hello”, which among other things, lists the ciphers the client wants the server to use. The client hello is also sent as plain text – you need only capture packets from your own machine to see whether it’s asking for the “standard” list of SSL-supported ciphers.
There’s one last rabbit-hole to quickly explore here – the provider is persuaded to give the compromised cipher a canonical name, like AES-128. This would, once again, change the package, and even if the changes are too subtle for our “moderately-capable” target to spot, their encryption libraries will change, and their checksums won’t match the official packages.
In any case, the legislation also forbids agencies from asking a provider to do anything that would create a “systemic weakness”, that would affect users outside the scope of an investigation.
Under any reasonable definition of “systemic weakness”, undermining the cryptosystem is forbidden. However, as the legislation now stands, we don’t know how reasonable or specific that definition will be.
Attack the client instead
Let’s attack the client instead. This is an idea put forward as “capturing the information law enforcement wants”, without “breaking encryption”.
There are two common scenarios put forward under this heading. They include capturing screenshots or keystrokes, either by planting malware on the target or one step back in the toolchain to force a vendor to craft a “one-off” firmware image for a smartphone or similar.
I strongly believe that both approaches should fail a reasonable “systemic weakness” test.
If an attack is made via malware, it is certain to be revealed at some point, putting people at risk far beyond a law enforcement agency’s investigation.
The same, I would argue, applies to creating a firmware update specific to an investigation. At the very least, the difference between two firmware versions is detectable, and if the “evil” firmware ends up in the hands of someone with advanced skills and evil intent, it will certainly be analysed.
“Virtual crocodile clip”
A favourite of Britain’s General Communications Headquarters (GCHQ) is to be “silently” added to an encrypted chat. In other words, rather than breaking the cipher, the law enforcement official is added to an encrypted chat, without alerting the users.
National Cyber Security Centre technical director Ian Levy, and Technical Director for Cryptanalysis at GCHQ, Crispin Robinson, explained their thinking in this essay at the Lawfare blog.
“The proposal offer looks safe, doesn’t it? For example, it doesn’t involve altering code on an end user’s device, where it’s bound to be noticed. Instead, the spies get silently added to the conversation. That is, they’re added to the group chat, complete with proper authentication, and their participation in the chat is also encrypted.”
Because the “exploit” is held by the provider – a telecommunications carrier for example – it’s not likely to escape.
We have evidence that carriers have been subverted in the past, however, most notably in the ways Signalling System 7 (SS7) has been attacked over the years. Carriers always assumed the SS7 network was immune to an attack because all its connections were “in the club”, so to speak.
Some carriers, it turned out, were less trustworthy than others, and SS7 attacks went from theoretical to exploit last year, when hackers started emptying the bank accounts of customers of German telco O2.
The idea also compromises one of the foundations of online safety – that we can reliably authenticate who we’re talking to.
And as far as the minimal protections offered in the legislation reach, destroying users’ ability to trust that they know who they’re speaking with, is surely a “systemic” weakness.
Encryption is more than a cipher
I can’t emphasise enough that there’s a reason politicians and law enforcement seek the narrowest possible definition of “breaking encryption” in the public debate, while leaving their legislative definitions as loose as possible. They wish to wave away concerns about the legislation by saying things like “we’re not inserting backdoors into encryption”.
Encryption is, however, a system of which the cipher is only one part. Authentication and key management are of equal importance, and undermining those is most emphatically a backdoor.
As I hope I’ve demonstrated, Australia will potentially suffer dire social and economic consequences, for laws that cannot achieve their stated outcomes. I’m not alone in my concern, the Commuications Alliance, Australia’s peak telco industry body, along with a range of other industry associations, is holding a forum on the “Assistance and Access Act 2018 (Encryption Bill)” in early February 2019.
About the author: Shara Evans is recognized as one of the world’s top female futurists. She’s a media commentator, strategy adviser, keynote speaker and thought leader, as well as the Founder and CEO of Market Clarity.
Looking For a Dynamic Speaker?
Get in touch now to check Shara’s availability to speak at your next event. Shara works closely with her clients to ensure all her presentations are tailored to your event – ensuring maximum impact for your business.