CAT | Cryptography
In the article below Attorney General Eric Holder said ““It is fully possible to permit law enforcement to do its job while still adequately protecting personal privacy”
This is simply not true, and harkens back to the discredited arguments made by the FBI in the 1990’s about the Clipper Chip. It is hard enough to make secure computing systems, and we are not very good at it as all the breaches demonstrate. Intentionally introducing a vulnerability, which is the essential nature of back door or law enforcement access, is madness. If there is a back door, then keys exist, and can be compromised or reverse engineered. It is an added complexity to the system, which is almost certain to introduce other vulnerabilities. Its use would not be restricted to the US. Once it exists every government will demand access.
Social media and the cloud have tilted the balance of power absurdly towards law enforcement. This argument that they must retain access to encrypted cell phones is fatuous.
Since it was introduced, Apple has had the ability to decrypt the contents if iPhones and other iOS devices when asked to do so (with a warrant).
Apple recently announced that with iOS 8 Apple will no longer be able to do so. Predictably, there has been a roar of outrage from many in law enforcement. [[Insert my usual rant about how recent trends in technology have been massively in favor of law enforcement here]].
This is really about much more than keeping out law enforcement, and I applaud Apple for (finally) taking this step. They have realized what was for Anonymizer a foundational truth. If data is stored and available, it will get out. If Apple has the ability to decrypt phones, then the keys are available within Apple. They could be taken, compromised, compelled, or simply brute forced by opponents unknown. This is why Anonymizer has never kept data on user activity.
Only by ensuring that they can not do so can Apple provide actual security to it customers against the full range of threats, potentially least of which is US law enforcement.
The Massachusetts High Court recently ruled that a suspect can be compelled to decrypt disks, files, and devices which have been seized by law enforcement. The crux of the question before the court was whether compelling the password for decryption is forbidden by the Fifth Amendment protection against self incrimination.
The analogy one most often sees is to being compelled to provide the combination to a safe, the contents of which are subject to a search warrant. That is well settled law, you can be compelled to do so.
The court said:
We now conclude that the answer
to the reported question is, “Yes, where the defendant’s compelled decryption would not
communicate facts of a testimonial nature to the Commonwealth beyond what the defendant
already had admitted to investigators.” Accordingly, we reverse the judge’s denial of the
Commonwealth’s motion to compel decryption.
In this case, there was nothing testimonial about decrypting the files because the defendant has already admitted to owning the computers and devices, and to being able to decrypt them.
The much more interesting situation will come in a case where the defendants say they never had, or have forgotten, the password. One can not be compelled to do something impossible, but generally the proof of the impossibility falls on the defendant. In this case one would have to prove a negative. How could you prove that you don’t have the password? The only thing that can be proved is that you do, and that only by doing so.
This ruling is only binding in the sate of Massachusetts, but is likely to be influential in cases in other areas.
Steve Gibson shares recent messages exchanges with some of the developers of TrueCrypt. These further suggest a boring explanation of the shutdown, as opposed to more nefarious explanations.
For years, TrueCrypt has been the gold standard open source whole disk encryption solution. Now there is a disturbing announcement on the TrueCrypt website. Right at the top it says “WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues”.
The rest of the page has been changed to a notice that development on TrueCrypt stopped this May, and directions for migrating from TrueCrypt to BitLocker, the disk encryption tool built in to Windows. Of course, this is of little help to anyone using TrueCrypt on Mac or Linux. It is still possible to download TrueCrypt from the site, but the code now will not create new vaults, and warns users to migrate to a new platform.
There are certainly alternatives, but this is a real shock. On Mac, one could always use the built in FileVault tool. Linux users may have a harder time finding a good replacement.
The big question is, what the heck is actually going on here. This is all far too cryptic, with no where near enough actual information to draw intelligent conclusions.
A recent independent audit of TrueCrypt discovered “no evidence of backdoors or otherwise intentionally malicious code in the assessed areas.”
There are a number of theories about what is going on ranging from credulous to paranoid.
- Like Lavabit, they received a National Security Letter requiring compromise of the code. This is their way of resisting without violating the gag order.
- They have been taken over by the government, and they are trying to force everyone to move to a less secure / more compromised solution.
- There really is a gigantic hole in the code. Releasing a fix would tell attackers the exact nature of the vulnerability, which most people would take a very long time to address. Having everyone migrate is the safest solution.
- Some personal conflict within the TrueCrypt developers is leading to a “take my ball and go home” action.
- The developers only cared about protecting windows users with XP or earlier, which did not have the built in disk encryption. Now that XP support has ended, they don’t feel it is valuable any more. This is suggested by the full wording of the announcement.
- The website or one of the developer’s computers was compromised, and this is a hack / hoax.
The whole thing is really odd, and it is not yet obvious what the best course of action might be.
The safest option appears to be to remove TrueCrypt, and replace it with some other solution, either one that is built in to the OS, or from a third party.