-
rC3 preroll music
-
Herald: This is Ross Anderson, and he's
giving a talk to us today, and the title
-
is What Price the Upload Filter? From Cold
War to Crypto Wars and Back Again. And
-
we're very happy that he's here today. And
and for our non-English speaking public,
-
we have translations.
speaks german
-
Dieser Talk wird auf Deutsch übersetzt.
speaks french
-
Cette conférence est traduit en
français aussi.
-
Yeah. Um. Ross, ready to start? Let's go.
Have a good time. Enjoy.
-
Ross: Yes, ready to go. Thanks. OK. As has
been said, I'm Ross Anderson and I'm in
-
the position of being one of the old guys
of this field and that I've been involved
-
in the crypto wars right from the start.
And in fact, even since before the clipper
-
chip actually came out. If we could go to
the slides, please.
-
Right, can we see the slides?
-
silence
-
surprised the U.S. armed
forces. And guess what happened? Well, in
-
the 1950s, Boris Hagelin had set up that
company, secretly sold it to the NSA and
-
for a number of years, quite a lot of years,
countries as diverse as Latin America and
-
India and even NATO countries such as
Italy were buying machines from Crypto AG,
-
which the NSA could decipher. And this had
all sorts of consequences. For example,
-
it's been revealed fairly recently that
Britain's success against Argentina in the
-
Falklands War in 1982 was to a large
extent due to signals intelligence that
-
came from these machines. So, next slide,
please. And in this prehistory of the
-
crypto wars, almost all the play was
between governments. There was very little
-
role for civil society. There was one or
two journalists who were engaged in trying
-
to map what the NSA and friends were up to.
As far as industry was concerned, well, at
-
that time, I was working in banking and we
found that encryption for confidentiality
-
was discouraged. If we tried to use line
encryption, then false mysteriously
-
appeared on the line. But authentication
was OK. We were allowed to encrypt PIN
-
pad, PIN blocks. We were allowed to put
MACs on messages. There was some minor
-
harassment. For example, when Rivest,
Shamir and Adleman came up with their
-
encryption algorithm, the NSA tried to
make it classified. But the Provost of
-
MIT, Jerome Wiesner, persuaded them not to
make that fight. The big debate in the
-
1970s still, was whether the NSA affected
the design of the data encryption standard
-
algorithm, and we know now that this was
the case. It was designed to be only just
-
strong enough and Whit Diffie predicted
back in the 1970s that 2 to the power of
-
56 key search would eventually be
feasible. The EFF built a machine in 1998
-
and now of course that's fairly easy
because each bitcoin block costs 2 to
-
the power of 68 calculations. Next slide,
please. So where things get interesting is
-
that the NSA persuaded Bill Clinton in one
of his first cabinet meetings in 1993 to
-
introduce key escrow, the idea that the
NSA should have a copy of every of these
-
keys. And one of the people at that
meeting admitted later that President Bush,
-
the elder, had been asked and had refused,
but Clinton when he goes into office was
-
naive and thought that this was an
opportunity to fix the world. Now, the
-
clipper chip which we can see here, was
tamper resistant and had of secret block
-
cipher with an NSA backdoor key. And the
launch product was an AT&T secure phone.
-
Next slide, please. Now the Clipper protocol
was an interesting one in that each chip
-
had a unique secret key KU and a global
secret family key kNSA burned in. And in
-
order to, say, send data to Bob, Alice had
to send her clipper chip a working key kW,
-
which is generated by some external means,
such as a Diffie Hellman Key exchange. And
-
it makes a law enforcement access field,
which was basically Alice and Bob's names
-
with the working key encrypted under the
unit key and then a hash of the working
-
key encrypted under the NSA key. And that
was sent along with the cipher text to make
-
authorized wiretapping easy. And the idea
with the hash was that this would stop
-
cheating. Bob's Clipper Chip wouldn't use
a working key unless it came with a valid
-
LEAF. And I can remember, a few of us can
still remember, the enormous outcry that
-
this caused at the time. American
companies in particular didn't like it
-
because they started losing business to
foreign firms. And in fact, a couple of
-
our students here at Cambridge started a
company nCipher, that grew to be quite
-
large because they could sell worldwide,
unlike US firms. People said, why don't we
-
use encryption software? Well, that's easy
to write, but it's hard to deploy at
-
scale, as Phil Zimmermann found with PGP.
And the big concern was whether key escrow
-
would kill electronic commerce. A
secondary concern was whether, how on earth,
-
will we know if government designs are
secure? Why on earth should you trust the
-
NSA? Next slide, please. Well, the first
serious fight back in the crypto wars came
-
when Matt Blaze at Bell Labs found an
attack on Clipper. He found that Alice
-
could just try lots of these until one of
them works, because the tag was only 16
-
Bits long and it turned out that 2 to the
power of 112 of the 2 to the power of
-
128 possibilities work. And this meant
that Alice could generate a bogus LEAF
-
that would pass inspection, but which
wouldn't decrypt the traffic, and Bob
-
could also generate a new LEAF on the fly.
So you could write non-interoperable rogue
-
applications that the NSA has no access
to. And with a bit more work, you could
-
make rogue applications interoperate with
official ones. This was only the first of
-
many dumb ideas. Next slide, please. OK,
so why don't people just use software?
-
Well, at that time, the US had export
controls on intangible goods such as
-
software, although European countries
generally didn't. And this meant that US
-
academics couldn't put crypto code online,
although we Europeans could and we
-
did. And so Phil Zimmermann achieved fame
by exporting PGP, pretty good privacy, some
-
encryption software he had written for
America as a paper book. And this was
-
protected by the First Amendment. They
sent it across the border to Canada. They
-
fed it into an optical character
recognition scanner. They recompiled it
-
and the code had escaped. For this Phil
was subjected to a grand jury
-
investigation. There was also the
Bernstein case around code as free speech
-
and Bruce Schneier rose to fame with his
book "Applying Cryptography", which had
-
protocols, algorithms and source code in C,
which you could type in in order to get
-
cryptographic algorithms anywhere. And we
saw export-controlled clothing. This
-
t-shirt was something that many people wore
at the time. I've actually got one and I
-
planned to wear it for this. But
unfortunately, I came into the lab in
-
order to get better connectivity and I
left it at home. So this t-shirt was an
-
implementation of RSA written in perl,
plus a barcode so that you can scan it in.
-
And in theory, you should not walk across
the border wearing this t-shirt. Or if
-
you're a US citizen, you shouldn't even
let a non-US citizen look at it. So by
-
these means, people probed the outskirts of
what was possible and, you know an awful
-
lot of fun was had. It was a good laugh to
tweak the Tyrannosaur's tail. Next slide.
-
But this wasn't just something that was
limited to the USA. The big and obvious
-
problem, if you try and do key escrow in
Europe, is that there's dozens of
-
countries in Europe and what happens if
someone from Britain, for example, has got
-
a mobile phone that they bought in France
or a German SIM card and they're standing
-
on the streets in Stockholm and they phone
somebody who's in Budapest, who's got a
-
Hungarian phone with the Spanish SIM card
in it. Then which of these countries'
-
secret police forces should be able to
listen to the call. And this was something
-
that stalled the progress of key escrow,
that's a good way to describe it, in Europe.
-
And in 1996 GCHQ got academic colleagues
at Royal Holloway to come up with a
-
proposal for public sector email, which
they believe would fix this. Now, at the
-
time after clipper had fallen into
disrepute, the NSA's proposal was that
-
also the certification authority should have
to be licensed, and that this would enforce
-
a condition that all private keys would be
escrows, so you would only be able to get a
-
signature on your public key if the
private key was was held by the CA. And
-
the idea is that you'd have one CA for
each government department and civilians
-
would use trusted firms like Barclays Bank
or the post office, which would keep our
-
keys safe. And it would also work across
other EU member states, so that somebody in
-
Britain calling somebody in Germany would
end up in a situation where a trustworthy
-
CA, from the NSA's point of view, that is
an untrustworthy CA from our point of view,
-
in Britain would be prepared to make a key
and so would one in Germany. This, at
-
least, was the idea. So how do we do this,
next slide, on the GCHQ protocol. So here's
-
how it was designed to work in the UK
government. If Alice at the Department of
-
Agriculture wants to talk to Bob at the
Department of Business, she asks her
-
Departmental Security Officer DA for a send
key for herself and a receive key for Bob.
-
And DA and DB get a top level
interoperability key KTAB from GCHQ and DA
-
calculates a secret send key of the day as
a hash of KTAB and Alice's name and the
-
DA's own Identity for Alice which he gives
to Alice and similarly a public receive
-
key of the day for Bob and Alice sends Bob
her public send key along with the
-
encrypted message and Bob can go
to his DSO and get his secret receive
-
key of the day. Now this is slightly
complicated and there's all sorts of other
-
things wrong with it once you start to
look at it. Next slide, please. The first
-
is that from the point of view of the
overall effect, you could just as easily
-
have used Kerberos because you've
basically got a key distribution center at
-
both ends, which knows everybody's keys. So
you've not actually gained very much by
-
using complicated public key mechanisms,
and the next problem is what's the law
-
enforcement access need for centrally
generated signing keys? If this is
-
actually for law enforcement rather than
intelligence? Well, the police want to be
-
able to read things, not forge things. A
third problem is that keys involve hashing
-
department names and governments are
changing the name of the departments all
-
the time, as the prime minister of the day
moves his ministers around and they chop
-
and change departments. And this means, of
course, that everybody has to get new
-
cryptographic keys and suddenly the old
cryptographic keys don't work anymore. And
-
those are horrendous complexity comes from
this. Now, there are about 10 other things
-
wrong with this protocol, but curiously
enough, it's still used by the UK
-
government for the top secret stuff. It
went through a number of iterations. It's
-
now called Mikey Sakke, there's details in
my security engineering book. And it
-
turned out to be such a pain that the
stuff below top secret now is just used as
-
a branded version of G suite. So if what
you want to do is to figure out what
-
speech Boris Johnson will be making
tomorrow, we just have to guess the
-
password recovery questions for his
private secretaries and officials. Next
-
slide, the global Internet Trust Register.
This was an interesting piece of fun we
-
had around the 1997 election when Tony
Blair took over and introduced the Labor
-
government before the election, Labor
promised to not seize crypto keys in bulk
-
without a warrant. And one of the
first things that happened to him once he
-
was in office is Vice President Al Gore
went to visit him and all of a sudden Tony
-
Blair decided that he wanted all
certification authorities to be licensed
-
and they were about to rush this through
parliament. So we put all the important
-
public keys in a paper book and we took it
to the cultural secretary, Chris Smith,
-
and we said, you're the minister for books
why are you passing a law to ban this
-
book. And if you'll switch to the video
shot, I've got the initial copy of the
-
book that we just put together on the
photocopying machine in the department.
-
And then we sent the PDF off to MIT and
they produced it as a proper book. And
-
this means that we had a book which is
supposedly protected and this enabled us
-
to get the the topic onto the agenda for
cabinet discussion. So this at least
-
precipitous action, we ended up with the
Regulation of Investigatory Powers Bill in
-
2000. That was far from perfect, but that
was a longer story. So what happened back
-
then is that we set up an NGO, a digital
rights organization, the Foundation for
-
Information Policy Research. And the
climate at the time was such that we had
-
no difficulty raising a couple of hundred
thousand pounds from Microsoft and Hewlett
-
Packard and Redbus and other tech players.
So we were able to hire Casper Bowden for
-
three years to basically be the director
of FIPR and to lobby the government hard
-
on this. And if we can go back to the
slides, please, and go to the next slide,
-
the slide on bringing it all together. So
in 1997, a number of us, Hal Abelson and I
-
and Steve Bellovin and Josh Benaloh from
Microsoft and Matt Blaze who had broken
-
Clipper and Whit Diffie, who invented
digital signatures, and John Gilmore of
-
EFF, Peter Neumann of SRI, Ron Rivest,
Jeff Schiller of MIT and Bruce Schneier
-
who had written applied cryptography and
got together and wrote a paper on the
-
risks of key recovery, key escrow and
trust in third party encryption, where we
-
discussed the system consequences of
giving third party or government access to
-
both traffic data and content without user
notice or consent deployed internationally
-
and available around the clock. We came to
the conclusion that this was not really
-
doable. It was simply too many
vulnerabilities and too many complexities.
-
So how did it end? Well, if we go to the
next slide, the victory in Europe wasn't
-
as a result of academic arguments. It was
a result of industry pressure. And we owe
-
a debt to Commissioner Martin Bangemann
and also to the German government who
-
backed him. And in 1994, Martin had put
together a group of European CEOs to
-
advise him on internet policy. And they
advised them to keep your hands off until
-
we can see which way it's going. That's
just wrong with this thing and see what we
-
can do with it. And the thing that he
developed in order to drive a stake
-
through the heart of key escrow was the
Electronic Signatures Directive in 1999.
-
And this gave a rebuttable presumption of
validity to qualifying electronic
-
signatures, but subject to a number of
conditions. And one of these was that the
-
signing key must never be known to anybody
else other than the signer and this killed
-
the idea of licensing CAs in such a way
that the the NSA had access to all the
-
private key material. The agencies had
argued that without controlling
-
signatures, you couldn't control
encryption. But of course, as intelligence
-
agencies, they were as much interested in
manipulating information as they were in
-
listening into it. And this created a
really sharp conflict with businesses. In
-
the U.K., with the Regulation of
Investigatory Powers Bill went through the
-
following year. And there we got strong
support from the banks who did not want
-
the possibility of intelligence and law
enforcement personnel either getting hold
-
of bank keys or forging banking
transactions. And so we managed to, with
-
their help to insert a number of
conditions into the bill, which meant that
-
if a court or chief constable, for
example, demands a key from a company,
-
they've got to demand it from somebody at
the level of a director of the company.
-
And it's got to be signed by someone
really senior such as the chief constable.
-
So there was some controls that we managed
to get in there. Next slide! What did
-
victory in the USA look like? Well, in the
middle of 2000 as a number of people had
-
predicted, Al Gore decided that he wanted
to stop fighting the tech industry in
-
order to get elected president. And there
was a deal done at the time which was
-
secret. It was done at the FBI
headquarters at Quantico by US law
-
enforcement would rely on naturally
occurring vulnerabilities rather than
-
compelling their insertion by companies
like Intel or Microsoft. This was secret
-
at the time, and I happen to know about it
because I was consulting for Intel and the
-
NDA I was under had a four year time
limits on it. So after 2004, I was at the
-
ability to talk about this. And so this
basically gave the NSA access to the CERT
-
feed. And so as part of this deal, the
export rules were liberalized a bit, but
-
with various hooks and gotchas left so
that the authorities could bully companies
-
who got too difficult. And in 2002, Robert
Morris, senior, who had been the chief
-
scientist at the NSA at much of this
period, admitted that the real policy goal
-
was to ensure that the many systems
developed during the dot com boom were
-
deployed with weak protection or none. And
there's a huge, long list of these. Next
-
slide, please. So what was the collateral
damage from crypto war one? This is the
-
first knuckle pass of this talk, which
I've got together as a result of spending
-
the last academic year writing the third
edition of my book on security engineering
-
as I've gone through and updated all the
chapters on car security, the role of
-
security and web security and so on and so
forth, we find everywhere. But there are
-
still very serious costs remaining from
crypto war one, for example, almost all of
-
the remote key entry systems for cars use
inadequate cryptography for random
-
number generators and so on and so forth.
And car theft has almost doubled in the
-
past five years. This is not all due to
weak crypto, but it's substantially due to
-
a wrong culture that was started off in
the context of the crypto wars. Second,
-
there are millions of door locks still
using Mifare classic, even the building
-
where I work. For example, the University
of Cambridge changed its door locks around
-
2000. So we've still got a whole lot of
mifare classic around. And it's very
-
difficult when you've got 100 buildings to
change all the locks on them. And this is
-
the case with thousands of organizations
worldwide, with universities, with banks,
-
with all sorts of people, simply because
changing all the locks at once and dozens
-
of buildings is just too expensive. Then,
of course, there's the CA in your
-
browser, most nations own or control
certification authorities that your
-
browser trusts and the few nations that
weren't allowed to own such CAs, such as
-
Iran, get up to mischief, as we find in
the case of the DigiNotar hack a few years
-
ago. And this means that most nations have
got a more or less guaranteed ability to
-
do man in the middle attacks on your Web
log ons. Some companies like Google, of
-
course, started to fix that with various
mechanisms such as certificate pinning.
-
But that was a deliberate vulnerability
that was there for a long, long time and
-
is still very widespread. Phones. 2G is
insecure. That actually goes back to the
-
Cold War rather than the crypto war. But
thanks to the crypto wars 4G and 5G are
-
not very much better. The details are
slightly complicated and again, they're
-
described in the book, Bluetooth is easy
to hack. That's another piece of legacy.
-
And as I mentioned, the agencies own the
CERT's responsible disclosure pipeline,
-
which means that they got a free fire hose
of zero days that they can exploit
-
for perhaps a month or three before these
end up being patched. So next slide,
-
please. Last year when I talked at Chaos
Communication Congress, the audience chose
-
this as the cover for my security
engineering book, and that's now out. And
-
it's the process of writing this that
brought home to me the scale of the damage
-
that we still suffered as a result of
crypto war one. So let's move on to the
-
next slide and the next period of history,
which we might call the war on terror. And
-
I've arbitrarily put this down as 2000 to
2013 although some countries stoped using
-
the phrase war on terror in about 2008
once we have got rid of George W. Bush and
-
Tony Blair. But as a historical
convenience, this is, if you like, the
-
central period in our tale. And it starts
off with a lot of harassment around the
-
edges of security and cryptography. For
example, in 2000, Tony Blair promoted the
-
EU dual use regulation number 1334 to
extend export controls from tangible goods
-
such as rifles and tanks to intangibles
such as crypto software. Despite the fact
-
that he has basically declared peace on
the tech industry. Two years later, in
-
2002, the UK parliament balked at an
export control bill that was going to
-
transpose this because it added controls
on scientific speech, not just crypto
-
code, but even papers on cryptanalysis and
even electron microscope scripts and
-
so parliament started the research
exemption clause at the arguments of the
-
then president of the Royal Society, Sir
Robert May. But what then happened is that
-
GCHQ used EU regulations to frustrate
Parliament and this pattern of extralegal
-
behavior was to continue. Next slide!
Because after export control, the place
-
shifted to traffic data retention, another
bad thing that I'm afraid to say, the UK
-
exported to Europe back in the days when
we were, in effect, the Americans
-
consigliere on the European Council. Sorry
about that, folks, but all I can say is at
-
least we helped start EDRI a year after
that. So one of the interesting aspects of
-
this was that our then home secretary,
Jacqui Smith, started talking about the
-
need for a common database of all the
metadata of who had phoned whom when, who
-
had sent an email to whom when, so that
the police could continue to use the
-
traditional contact tracing techniques
online. And the line that we got hammered
-
home to us again and again and again was
if you got nothing to hide, you've got
-
nothing to fear. What then happened in
2008, is that a very bad person went into
-
Parliament and went to the PC where the
expense claims of MPs were kept and they
-
copied all the expense claims onto a DVD
and they sold it around Fleet Street. And
-
so The Daily Telegraph bought it from them
for 400˙000£. And then for the best
-
part of a year, the Daily Telegraph was
telling scandalous things about what
-
various members of parliament had claimed
from the taxpayer. But it turned out that
-
also Jacqui Smith may have been innocent.
Her husband had been downloading
-
pornography and charging it to our
parliamentary expenses. So she lost her
-
job as home secretary and she lost her
seat in parliament and the communications
-
data bill was lost. So was this a victory?
Well, in June 2013, we learned from Ed
-
Snowden that they just built it anyway,
despite parliament. So maybe the victory
-
in parliament wasn't what it seemed to be
at the time. But I'm getting ahead of
-
myself; anyway. Next slide, please. The
other thing that we did in the 2000s is
-
that we spent, I spent maybe a third of my
time and about another hundred people
-
joined and we developed the economics of
security as a discipline. We began to
-
realize that many of the things that went
wrong happened because Alice was guarding
-
a system and Bob was paying the cost of
failure. For example, if you got a payment
-
system, then in order to prevent fraud,
what you basically have to do is to get
-
the merchants and the bank to buy
transactions from them, to take care of
-
the costs of fraud, follow the cardholder
of the banks that issue them with cards.
-
And the two aren't the same. But it's this
that causes the governance tensions and
-
causes governments to break down and makes
fraud harder than it should be. Now after
-
that, one of the early topics was
patching and responsible disclosure. And
-
we worked through all the issues of
whether you should not patch at all, which
-
some people in industry wanted to do, or
whether you should just put all the bugs
-
on bug trackers which some hackers wanted
to do or whether you would go through the
-
CERT system despite the NSA compromise,
because they at least would give you legal
-
cover. And, you know, bully Microsoft into
catching the bug the next patch Tuesday
-
and then the disclosure after 90 days. And
we eventually came to the conclusion as an
-
industry followed that responsible
disclosure was the way to go. Now, one of
-
the problems that arises here is the
equities issue. Suppose you're the
-
director of the NSA and somebody comes to
you with some super new innovative bug.
-
You say they have rediscovered Spectre,
for example. And so you've got a bug which
-
can be used to penetrate any crypto
software that's out there. Do you report
-
the bug to Microsoft and Intel to defend
300 million Americans, or do you keep it
-
quiet so you can exploit 450 million
Europeans and a thousand billion Chinese
-
and so on and so forth? Well, once you put
it that way, it's fairly obvious that the
-
NSA will favor attack over defense. And
there are multiple models of attack and
-
defense. You can think of institutional
factors and politics, for example, if you
-
are director of the NSA, and you defend
300 million Americans. You defend the
-
White House against the Chinese hacking
it. You know, the president will never
-
know if he's hacked or not because the
Chinese will keep it quiet if they do. But
-
if, on the other hand, you manage to hack
the Politburo land in Peking, you can put
-
some juicy intelligence every morning with
the president's breakfast cereal. So
-
that's an even stronger argument of why
you should do attack rather than defense.
-
And all the thing that I mentioned in
passing is that throughout the 2000s,
-
governments also scrambled to get more
data of the citizens, for example, in
-
Britain with a long debate about whether
medical records should be centralized. In
-
the beginning, we said if you were to
centralize all medical records, that would
-
be such a large target that the database
should be top secret and it would be too
-
inconvenient for doctors to use. Well,
Blair decided in 2001 to do it anyway. We
-
wrote a report in 2009 saying that this
was a red line and that this was a serious
-
hazard and then in 2014 we discovered that
Cameron's buddy, who was the transparency
-
czar and the NHS had sold the database to
1200 researchers, including drug companies
-
in China. So that meant that all the
sensitive personal health information
-
about one billion patients episodes had
been sold around the world and was
-
available to not just to medical
researchers, but to foreign intelligence
-
services. This brings us on to Snowden. In
June 2013. We had one of those game
-
changing moments when Ed Snowden leaked a
whole bunch of papers showing that the NSA
-
had been breaking the law in America and
GCHQ had been breaking the law in Britain,
-
that we have been lied to, the parliament
had been misled, and a whole lot of
-
collection and interception was going on,
which supposedly shouldn't have been going
-
on. Now, one of the things that got
industry attention was a system called
-
PRISM, which was in fact legal because
this was done as a result of warrants
-
being served on the major Internet service
providers. And if we could move to the
-
next slide, we can see that this started
off with Microsoft in 2007. Yahoo! in
-
2008, they fought in court for a year they
lost and then Google and Facebook and so on
-
got added. This basically enabled the NSA
to go to someone like Google and say
-
rossjanderson@gmail.com is a foreign
national, we're therefore entitled to read
-
his traffic, kindly give us his Gmail. And
Google would say, yes, sir. For Americans,
-
you have to show probable cause that
they've committed a crime for foreigners
-
you simply have to show probable cause
that they're a foreigner. The next slide.
-
This disclosure from Snowden disclosed
that PRISM, despite the fact that it only
-
costs about 20 million dollars a year, was
generating something like half of all the
-
intelligence that the NSA was using. By
the end of financial year 2012, but that
-
was not all. Next slide, please. The thing
that really annoyed Google was this slide
-
on the deck from a presentation at GCHQ
showing how the NSA was not merely
-
collecting stuff through the front door by
serving warrants on Google in Mountain
-
View, it was collecting stuff through the
backdoor as well, because they were
-
harvesting the plaintext copies of Gmail
and maps and docs and so on, which were
-
being sent backwards and forwards between
Google's different data centers. And the
-
little smiley face, which you can see on
the sticky, got Sergei and Friends really,
-
really uptight. And they just decided,
right, you know, we're not going to allow
-
this. They will have to knock and show
warrants in the future. And there was a
-
crash program and all the major Internet
service providers to encrypt all the
-
traffic so that in future things could
only be got by means of a warrant. Next
-
slide, please. The EU was really annoyed
by what was called Operation Socialist.
-
Operation Socialist was basically, the
hack of Belgacom and the idea was that
-
GCHQ spearfished some technical staff at
Belgacom and this enabled them to wiretap
-
all the traffic at the European Commission
in Brussels and as well as mobile phone
-
traffic to and from various countries in
Africa. And this is rather amazing. It's
-
as if Nicola Sturgeon, the first minister
of Scotland, had tasked Police Scotland
-
with hacking BT so that she could watch
out what was going on with the parliament
-
in London. So this annoyed a number of
people. With the next slide, we can see.
-
That the the Operation Bull Run, an
operation Edgehill, as GCHQ called their
-
version of it, have an aggressive,
multipronged efforts to break widely used
-
Internet encryption technologies. And we
learned an awful lot about what was being
-
done to break VPNs worldwide and what had
been done in terms of inserting
-
vulnerabilities and protocols, getting
people to use vulnerable prime numbers for
-
Diffie Hellman key exchange and so on and
so forth. Next slide, first slide and
-
Bullrun and Edgehill SIGINT enabling
projects actively engages the US and
-
foreign IT industries to covertly
influence and/or overtly leverage their
-
commercial products' designs. These design
changes make the systems in question
-
exploitable through SIGINT collection
endpoint midpoints, et cetera, with
-
foreknowledge of the modification, the
consumer and other adversaries however the
-
system security remains intact. Next
slide, so the insert vulnerabilities into
-
commercial systems, I.T. systems, networks
and point communication devices used by
-
targets. Next slide. They also influence
policy standards and specifications for
-
commercial public key technologies, and
this was the smoking gun that
-
crypto war 1 had not actually ended. It had
just gone undercover. And so with this,
-
things come out into the open next slide
so we could perhaps date crypto war 2 to
-
the Snowden disclosures in their aftermath
in America. It must be said that all three
-
arms of the US government showed at least
mild remarks. Obama set up the NSA review
-
group and adopted most of what it said
except on the equities issue. Congress got
-
data retention, renewed the Patriot Act
and the FISA court introduced an advocate
-
for Targets. Tech companies as I
mentioned, started encrypting all their
-
traffic. In the UK on the other hand,
governments expressed no remorse at all,
-
and they passed the Investigatory Powers
Act to legalize all the unlawful things
-
they've already been doing. And they could
now order firms secretly do anything they
-
physically can. However, data retention
was nixed by the European courts. The
-
academic response in the next slide, keys
under doormats, much the same authors as
-
before. We analyzed the new situation and
came to much of the same conclusions. Next
-
slide, the 2018 GCHQ
proposals from Ian Levy and Crispin
-
Robinson proposed to add ghost users to
WhatsApp and FaceTime calls in response to
-
warrants. The idea is that you've got an
FBI key on your device hearing. You still
-
have end to end, so you just have an extra
end. And this, of course, fills the keys
-
on the doormats tests. Your software would
abandon best practice. It would create
-
targets and increase complexity and it
would also have to lie about trust. Next
-
slide, please. This brings us to the
upload filters which were proposed over
-
the past six months, they first surfaced
in early 2020 to a Stanford think tank and
-
they were adopted by Commissioner Ylva
Johansson on June the 9th at the start of
-
the German presidency. On the 20th of
September we got a leaked tech paper whose
-
authors include our GCHQ friends Ian Levie
and Crispin Robinson. The top options are
-
that you filter in client software
assisted by a server, as client side only
-
filtering is too constrained and easy to
compromise. The excuse is that you want to
-
stop illegal material such as child sex
abuse images being shared over end to end
-
messaging system such as WhatsApp. Various
NGOs objected, and we had a meeting with
-
the commission, which was a little bit
like a Stockholm Syndrome event. We had
-
one official there on the child protection
front fax by half a dozen officials from
-
various security bodies, departments and
agencies who seemed to be clearly driving
-
the thing with child protection merely
being an excuse to promote this lead.
-
Well, the obvious things to worry about
are as a similar language in the new
-
terror regulation, you can expect the
filter to extend from child sex abuse
-
material to terror. And static filtering
won't work because if there's a bad list
-
of 100˙000 forbidden images, then the bad
people will just go out and make another
-
100˙000 child sex abuse images. So the
filtering will have to become dynamic. And
-
then the question is whether your form
will block it or report it. And there's an
-
existing legal duty in a number of
countries and in the UK to although
-
obviously no longer a member state, the
existing duty to report terror stuff. And
-
the question is, who will be in charge of
updating the filters? What's going to
-
happen then? Next slide. Well, we've seen
an illustration during the lockdown in
-
April, the French and Dutch government
sent an update to all Encrochat mobile
-
phones with a rootkit which copied
messages, crypto keys and lock screen
-
passwords. The Encrochat was a brand of
mobile phone that was sold through
-
underground channels to various criminal
groups and others. And since this was
-
largely used by criminals of various
kinds, the U.K. government justify bulk
-
intercepts by passing its office targets
and equipment interference. In other
-
words, they brought a targeted warrant for
all forty five thousand Encrochat handsets
-
and of ten thousand users in the U.K.,
eight hundred were arrested in June when
-
the wire tapping exercise was completed.
Now, again, this appears to ignore the
-
laws that we have on the books because
even our Investigatory Powers Act rules
-
out all interception of U.K.
residents. And those who follow such
-
matters will know that there was a trial
at Liverpool Crown Court, a hearing of
-
whether this stuff was admissible. And we
should have a first verdict on that early
-
in the new year. And that will no doubt go
to appeal. And if the material is held to
-
be admissible, then there will be a whole
series of trials. So this brings me to my
-
final point. What can we expect going
forward? China is emerging as a full-stack
-
competitor to the West, not like Russia in
Cold War one, because Russia only ever
-
produced things like primary goods, like
oil and weapons in trouble, of course. But
-
China is trying to compete all the way up
and down the stack from chips, through
-
software, up through services and
everything else. And developments in China
-
don't exactly fill one with much
confidence, because in March 2018,
-
President Xi declared himself to be ruler
for life, basically tearing up the Chinese
-
constitution. There are large-scale state
crimes being committed in Tibet and
-
Xiniang and elsewhere. Just last week,
Britain's chief rabbi described the
-
treatment of Uyghurs as an unfathomable
mass atrocity. In my book, I describe
-
escalating cyber conflict and various
hacks, such as the hack of the Office of
-
Personnel Management, which had clearance
files on all Americans who work for the
-
federal governments, the hack of Equifax,
which got credit ratings and credit
-
histories of all Americans. And there are
also growing tussles and standards. For
-
example, the draft ISO 27553 on biometric
authentication for mobile phones is
-
introducing at the insistence of Chinese
delegates, a central database option. So
-
in future, your phone might not verify
your faceprint or your fingerprint
-
locally. It might do it with a central
database. Next slide, how could Cold War
-
2.0 be different? Well, there's a number
of interesting things here, and the
-
purpose of this talk is to try and kick
off a discussion of these issues. China
-
makes electronics, not just guns, the way
the old USSR did. Can you have a separate
-
supply chain for China and one for
everybody else? But hang on a minute,
-
consider the fact that China has now
collected very substantial personal data
-
sets on the Office of Personnel
Management, the US government employees,
-
by forcing Apple to set up its own data
centers in China for iPhone users in
-
China, they get access to all the data
for Chinese users of iPhones that America
-
gets for American users of iPhones, plus
maybe more as well. If the Chinese can
-
break the HSMs in Chinese data centers as
we expect them to be able to, Equifax got
-
them data on all economically active
people in the USA. care.data gave them
-
medical records of everybody in the UK.
And this bulk personal data is already
-
being targeted in intelligence use when
Western countries, for example, send
-
diplomats to countries in Africa or Latin
America or local Chinese counter-
-
intelligence, people know whether they're
bona fide diplomats or whether they're
-
intelligence agents, undercover, all
from exploitation of all this personal
-
information. Now, given that this
information's already in efficient targeted
-
use, the next question we have to ask is
when will it be used at scale? And this is
-
the point at which we say that the
equities issue now needs a serious rethink
-
and the whole structure of the conflict is
going to have to move from more offensive
-
to more defensive because we depend on
supply chains to which the Chinese have
-
access more than they depend on supply
chains to which we have access. Now, it's
-
dreadful that we're headed towards a new
Cold War, but as we head there, we have to
-
ask also the respective roles of
governments, industry and civil society,
-
academia. Next slide, please. And so
looking for my point is this. That is Cold
-
War 2.0 does happen. I hope it doesn't.
But we appear to be headed that way
-
despite the change of governments in the
White House. Then we need to be able to
-
defend everybody, not just the elites. No,
it's not going to be easy because there
-
are more state players, the USA is a big
block, the EU is a big block. There are
-
other players, other democracies that are
other non democracies. Those other failing
-
democracies. This is going to be complex
and messy. It isn't going to be a
-
situation like last time where big tech
reaches out to civil society and academia
-
and we could see a united front against
the agencies. And even in that case, of
-
course, the victory that we got was only
an apparent victory, a superficial victory
-
that's only lasted for a while. So what
could we do? Well, at this point, I think
-
we need to remind all the players to
listen. But it's not just about strategy
-
and tactics, but it's about values, too.
And so we need to be firmly on the side of
-
freedom, privacy and the rule of law. Now,
for the old timers, you may remember that
-
there was a product called Tom-Skype,
which was introduced in 2011 in China. The
-
Chinese wanted the citizens to be able to
use Skype, but they wanted to be able to
-
wiretap as well, despite the fact that
Skype at the time had end to end
-
encryption. And so people in China were
compelled to download a client for Skype
-
called Tom-Skype. Tom was the company that
distributed Skype in China and it
-
basically had built in wire tapping. So
you had end to end encryption using Skype
-
in those days. But in China, you ended up
having a Trojan client, which you had to
-
use. And what we are doing at the moment
is basically the EU is trying to copy Tom-
-
Skype and saying that we should be doing
what China was doing eight years ago. And
-
I say we should reject that. We can't
challenge President Xi by going down that
-
route. Instead, we've got to reset our
values and we've got to think through the
-
equities issue and we've got to figure out
how it is that we're going to deal with
-
the challenges of dealing with non-
democratic countries when there is serious
-
conflict in a globalized world where we're
sharing the same technology. Thanks. And
-
perhaps the last slide for my book can
come now and I'm happy to take questions.
-
Herald: Yeah, thanks a lot, Ross, for your
talk. It's a bit depressing to listen to
-
you. I have to admit let's have a look.
OK, so I have a question. I'm wondering if
-
the export controls at EU level became
worse than UK level export controls
-
because entities like GCHQ had more
influence there or because there's a harmful
-
Franco German security culture or what it
was. Do you have anything on that?
-
Ross: Well, the experience that we had
with these export controls, once they were
-
in place, was as follows. It was about
2015 I think, or 2016, It came to our
-
attention that a British company, Sophos,
was selling bulk surveillance equipment to
-
President al Assad of Syria, and he was
using it to basically wiretap his entire
-
population and decide who he was going to
arrest and kill the following day. And it
-
was sold by Sophos in fact, through a
German subsidiary. And so we went along to
-
the export control office in Victoria
Street. A number of NGOs, the open rights
-
group went along and Privacy International
and us and one or two others. And we said,
-
look, according to the EU dual use
regulation, bulk intercept equipment is
-
military equipment. It should be in the
military list. Therefore, you should be
-
demanding an export license for this
stuff. And they found every conceivable
-
excuse not to demand it. And it was the
lady from GCHQ there in the room who was
-
clearly calling the shots. And she was
absolutely determined that there should be
-
no export controls on the stuff being sold
to Syria. And eventually I said, look,
-
it's fairly obvious what's going on here.
If there's going to be black boxes and
-
President al-Assad's network, you want
them to be British black boxes or German
-
black boxes, not Ukrainian or Israeli
black boxes. And she said, I cannot
-
discuss classified matters in an open
meeting, which is as close as you get to
-
an admission. And a couple of months
later, Angela Merkel, to her great credit,
-
has actually come out in public and said
that allowing the equipment to be exported
-
from Utimaco to Syria was one of the
hardest decision she'd ever taken as
-
counselor. And that was a very difficult
tradeoff between maintaining intelligence
-
access, given the possibility that Western
troops would be involved in Syria and the
-
fact that the kit was being used for very
evil purposes. So that's an example of how
-
the export controls are used in practice.
They are not used to control the harms
-
that we as voters are told that they're
there to control. Right. They are used in
-
all sorts of dark and dismal games. And we
really have to tackle the issue of export
-
controls with our eyes open.
H: Yeah, yeah. There's a lot a lot to do.
-
And now Germany has left the EU, UN
Security Council. So let's see what
-
happens next. Yeah. We'll see, Ross.
Anything else you'd like to add? We don't
-
have any more questions. Oh, no, we have
another question. It's just come up
-
seconds ago. Do you think that refusal to
accept back doors will create large
-
uncensorable applications?
R: Well, if you get large applications
-
which are associated with significant
economic power, then low pressure gets
-
brought to bear on those economic players
to do their social duty. And... this is what
-
we have seen with the platforms that
intermediate content, that act as content
-
intermediaries such as Facebook and Google
and so on, that they do a certain amount
-
of filtering. But if, on the other hand,
you have wholesale surveillance before the
-
fact of End-To-End encrypted stuff, then
are we moving into an environment where
-
private speech from one person to another
is no longer permitted? You know, I don't
-
think that's the right trade off that we
should be taking, because we all know from
-
hard experience that when governments say,
think of the children, they're not
-
thinking of children at all. If they were
thinking of children, they would not be
-
selling weapons to Saudi Arabia and the
United Arab Emirates to kill children in
-
Yemen. And they say think about terrorism.
But the censorship that we are supposed to
-
use in universities around terrorism, the
so-called prevent duty is known to be
-
counterproductive. It makes Muslim
students feel alienated and marginalized.
-
So the arguments that governments use
around this are not in any way honest. And
-
we now have 20 years experience of these
dishonest arguments. And for goodness
-
sake, let's have a more grown up
conversation about these things.
-
H: Now, you're totally right, even if I
have to admit, it took me a couple of
-
years, not 20, but a lot to finally
understand, OK? This I think that's it, we
-
just have another comment and I'm thanking
you for your time and are you in an
-
assembly somewhere around hanging around
in the next hour or so? Maybe if someone
-
wants to talk to you, he can just pop by
if you ever if you have used this 2d world
-
already.
R: No, I haven't been using the 2d world.
-
I had some issues with my browser and
getting into it. But I've got my my
-
webpage and my email address is public and
anybody who wants to discuss these things
-
is welcome to get in touch with me.
Herald: All right. So thanks a lot.
-
R: Thank you for the invitation.
H: Yeah. Thanks a lot.
-
rC3 postroll music
-
Subtitles created by c3subtitles.de
in the year 2020. Join, and help us!
