Combined software and services and wiretapping

| Comments (6) | COMSEC SYSSEC
For obvious reasons, law enforcement and investigative agencies aren't incredibly fond of encrypted communications. The most popular responses to this difficulty have generally been one or more of:

  • Forbid strong crypto entirely.
  • Require "key escrow" where a copy of the keying material somehow goes to the LEA.
  • Get a copy of the keying material after the fact.
  • Use keyloggers or other invasive measures.

None of these have been particularly successful: the strong crypto cat is out of the bag, users have overwhelming rejected key escrow, and although people do sometimes have their keys subpenad (the UK has a law requiring complaince), there are standard cryptographic techniques that provide "perfect forward secrecy" so that even if your keys are disclosed after the fact your communications aren't readable. The government in the US has had some success with keyloggers, spyware, etc., but they either require physical access or compromise of the system in question.

The popularity of combined software/service operations like Hushmail and Skype opens up a new avenue, however. It's recently come out that Hushmail has in the past handed over keys to the government for users who used their online encryption system. This was made easier by Hushmails "software as a service" type architecture, where they do the encryption and decryption on their site. Hushmail also provides an option where you can download a Java applet, but it should be clear that under the right legal constraints, they could theoretically put a backdoor in the applet you downloaded, too.

Similarly, the German police have recently complained that they can't monitor Skype calls. They say they're not asking for the encryption keys, but because of Skype's architecture and the fact that Skype is involved in authenticating each call, it should be clear that Skype could mount a man-in-the-middle attack on your phone call and hand over the keys. They could also just give you an "upgraded" software version with a back door.

Combined software/service systems like Skype and Hushmail are uniquely susceptible to this kind of lawful intercept attack (or for that matter to cheating by the vendor of any kind.) If you use third party software than you don't have to worry about your ISP cheating you because they can't—they don't have the keys. And while your software vendor could potentially cheat you, they don't have the kind of constant contact with you that Skype or Hushmail does, so they would generally need to put a back door in every copy of the software, which carries a much higher risk of discovery and of users switching software. Who wants to run software with a deliberate back door?

6 Comments

I don't think you are fairly representing what happened with Hushmail. They had a warning that you are not secure if you don't use the Applet. Since some users weren't running client-side code, Hushmail servers by necessity had the keys, and therefore were subject to lawful access production orders.

When you speculate that hushmail or Skype could backdoor their software, you are saying they could be screwing their customers by unethical and illegal means. There is no lawful access legislation that would permit, never mind require, such an action. How would this be in their own best interest?

You're right that the risk of discovery is lower if a service provider backdoors code than if a traditional software vendor does it, but the risk is still significant. Given the consequences of discovery, and the limited motivations for implementing such an attack, this reduces to considering the chances that the service provider is a cover for organized crime.

I don't see how your characterization of what happened with Hushmail differs from mine.

As for Skype, as far as I know, they they actively participate in the authentication for each transaction, so they could MITM whenever they wanted to. It's not at all clear to me that they couldn't be subject to a subpena which would require them to do this.

As for the issue of a back door: I'm not as confident as you that the government couldn't force the providers to insert one for individual users, and Hushmail's applet architecture and Skype's closed system make them more vulnerable to this sort of attack than software that's completely under the user's control.

I don't think you are fairly representing what happened with Hushmail. They had a warning that you are not secure if you don't use the Applet. Since some users weren't running client-side code, Hushmail servers by necessity had the keys, and therefore were subject to lawful access production orders.

When you speculate that hushmail or Skype could backdoor their software, you are saying they could be screwing their customers by unethical and illegal means. There is no lawful access legislation that would permit, never mind require, such an action. How would this be in their own best interest?

You're right that the risk of discovery is lower if a service provider backdoors code than if a traditional software vendor does it, but the risk is still significant. Given the consequences of discovery, and the limited motivations for implementing such an attack, this reduces to considering the chances that the service provider is a cover for organized crime.

Sorry about the dup post.

With Skype you might be right, though it's not clear what capabilities and information the design naturally has because the system and protocols are both opaque.

If we are talking about law enforcement, and not criminal activity, then we have to look at two questions: what are service providers permitted to do, and what are they required to do?

Backdooring applications without your users' knowledge is not generally legal. I have not yet seen any legislation that gives law enforcement the power to sanction such an action. I'm fairly certain CALEA doesn't go nearly this far.

Access legislation generally provides rules around how and when service providers can or must give information to LE. An agency or police force must provide a production order to the SP in accordance with said legislation. If you're a service provider, you're incentive is to cooperate at the minimum level required by law. Sometimes telecoms get production orders that would literally cost millions of dollars to fulfill (they fight these).

So as an SP, you would want to consider two things. First, what is the minimum of information you have to collect for business requirements or by law. Second, what is the minimum subset of this you have to produce when asked.

Telecom providers have lawyers on retainer who specialize in this and can advise on how and when production orders may be fought. This may be different for companies like hushmail, though, who may not be able to afford such advice and may cooperate more than they strictly have to - or worse, cooperate more than they are legally allowed.

I suspect this may be the case because the hushmail production orders would have been international, which is bureaucratically difficult to do properly. A better resourced organization may have been less open with those keys.

What would prevent law enforcement from reverse engineering the client, building a "tapped" version of the client with a backdoor, and then getting a wiretap warrant to force the provider to give the target the tapped client?

This doesn't seem any different than going onto a target's property to install a wiretap, which I gather is permissible. Do you know some case law that establishes such a difference?

"Backdooring applications without your users' knowledge is not generally legal. I have not yet seen any legislation that gives law enforcement the power to sanction such an action."

Governmental agencies requesting AT&T to turn over bulk information about its users without a warrant isn't generally legal either, but it doesn't mean that they didn't comply. I'm not a paranoid person by nature, but I consider it well within the realm of possibility that Skype (and other closed-source, proprietary-protocol clients like Yahoo Messenger, AIM, and iChat) already has these kinds of backdoors in place.

It's hard to keep mold out of code that the sun can't shine in on.

Leave a comment