Schneier on NSA's encryption defeating efforts: Trust no one
- — 06 September, 2013 20:06
Bruce Schneier, security expert and author of 'Liars and Outliers': 'More security isn’t necessarily better. First, security is a always a trade-off,and sometimes security costs more than it’s worth. For example, it’s not worth spending $100,000 to protect a donut.'
The U.S. National Security Agency's efforts to defeat encrypted Internet communications, detailed in news stories this week, are an attack on the security of the Internet and on users' trust in the network, some security experts said.
The NSA and intelligence agencies in allied countries have found ways to circumvent much of the encryption used on the Internet, according to stories published by The New York Times, ProPublica and the Guardian. The NSA, the British GCHQ and other spy agencies have used a variety of means to defeat encryption, including supercomputers, court orders and behind-the-scenes agreements with technology companies, according to the news reports.
The reports, relying on documents provided by former NSA contractor Edward Snowden, show that many tech companies are collaborating with the spy agencies to "destroy privacy," said cryptographer and security specialist Bruce Schneier. "The fundamental fabric of the Internet has been destroyed."
The new revelations should raise major concerns from Internet users over who they can trust, Schneier added. "I assume that all big companies are now in cahoots with the NSA, cannot be trusted, are lying to us constantly," he said. "You cannot trust any company that makes any claims of the security of their products. Not one cloud provider, not one software provider, not one hardware manufacturer."
It doesn't appear that the NSA is defeating encryption by brute force but by "cheating" by attempting to build backdoors into systems and strong-arm companies into giving it information, Schneier said.
Digital rights group the Center for Democracy and Technology echoed some of Schneier's concerns, with CDT senior staff technologist Joseph Lorenzo Hall calling the NSA's encryption circumvention efforts "a fundamental attack on the way the Internet works."
The NSA has been working for years to build backdoor vulnerabilities into encryption standards and technology products, the stories said. A representative of the NSA didn't respond to a request for comment on the stories.
Hall criticized those efforts. "In an era in which businesses, as well as the average consumer, trust secure networks and technologies for sensitive transactions and private communications online, it's incredibly destructive for the NSA to add flaws to such critical infrastructure," he said in an email. "The NSA seems to be operating on the fantastically naïve assumption that any vulnerabilities it builds into core Internet technologies can only be exploited by itself and its global partners."
The New York Times story this week, citing a Guardian report from July, said Microsoft has worked with the NSA to provide the agency with pre-encryption access to Outlook, Skype and other products.
Microsoft has repeatedly denied helping the NSA break encryption on its products. The company complies with legal court orders for information on its customers and will provide agencies with unencrypted customer information residing on its servers if ordered by a court to do so, a spokeswoman said.
Microsoft General Counsel Brad Smith, in a July blog post, detailed the way Microsoft responds to court surveillance orders.
"We do not provide any government with direct access to emails or instant messages," Smith wrote then. "Full stop."
CDT's Hall defended Microsoft's approach. "It seems pretty clear that Microsoft is legally compelled to do this and would not otherwise do it voluntarily," he said.
But Matthew Green, a cryptographer and research professor at Johns Hopkins University, suggested Microsoft is due for scrutiny on encryption security, if encryption has been compromised, as the recent news stories suggest. Most commercial encryption code uses a small number of libraries, with Microsoft CryptoAPI being among the most common, he wrote in a blog post.
"While Microsoft employs good (and paranoid!) people to vet their algorithms, their ecosystem is obviously deeply closed-source," Green wrote. "You can view Microsoft's code (if you sign enough licensing agreements) but you'll never build it yourself. Moreover they have the market share. If any commercial vendor is weakening encryption systems, Microsoft is probably the most likely suspect."
Microsoft IIS runs on about 20 percent of the Internet's Web servers, and nearly 40 percent of the SSL servers, while third-party encryption programs running on Windows depend on Microsoft APIs (application programming interfaces), Green noted.
"That makes these programs somewhat dependent on Microsoft's honesty," he said.
The good news for privacy-minded Internet users is that security researchers questioned whether the foundations of cryptography itself have been compromised. Some encryption protocols are vulnerable, but it's likely that the NSA is attacking the software that encryption is implemented with or relying on human mistakes, Green wrote.
"Software is a disaster," he added. "Hardware isn't that much better. Unfortunately active software exploits only work if you have a target in mind. If your goal is mass surveillance, you need to build insecurity in from the start. That means working with vendors to add backdoors."
Any compromises are unlikely to be related to weakness in the underlying cryptography, added Dave Anderson, a senior director at Voltage Security.
"It seems likely that any possible way that the NSA might have bypassed encryption was almost certainly due to a flaw in the key management processes that support the use of encryption, rather than through the cryptography itself," he said by email. "So, is it possible that the NSA can decrypt financial and shopping accounts? Perhaps, but only if the cryptography that was used to protect the sensitive transactions was improperly implemented through faulty, incomplete or invalid key management processes or simple human error."
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is firstname.lastname@example.org.