Meet Bob, Alice and Grace … The Ghost in the Machine

Let The Greatest Digital Debate of the 21st Century Begin

Meet Bob, Alice and Grace … The Ghost in the Machine

Let The Greatest Digital Debate of the 21st Century Begin

The security of the Internet is basically a shambles. It is the main reason that Cybercrime thrives — there’s no authentication placed on email and there’s little in the way of security placed on the data. It was never really designed with security in mind, and is just a bunch of cobbled-together protocols. When it was found that there was a problem in that someone could read our communications, we basically just stuck an encryption tunnel from one machine to the other — and that was it. Protocols such as PGP failed because the lacked a real drive to properly secure email.

And so we are nearing the end game for security, with — end-to-end encryption and encryption-by-default. But for the first time in human history, our security forces are left with a way to conduct surveillance. And so the greatest digital debate of the 21st Century involves the rights to privacy against the rights for society to protect itself. For some, we need ways to mass harvest data, in case we need it in the future against someone who is a threat to our society.

It is end-to-end encryption which worries law enforcement the most, in that it is almost completely unbreakable. An agency such as GCHQ has a bit of a dilemma. One the one hand it must protocol the UK against those who may do its citizens harm. On the other hand, it must protect UK citizens from the harms they face within an on-line environment. GCHQ have generally promoted the usage of strong encryption, and have rained against weakening the methods used (such as limiting the key size or supporting a weak implementation).

In an outline proposal on encryption — published in Nov 2018 — Ian Levy and Crispin Robinson outlined a number of principles for encryption [here]:

  1. Privacy and security protections are critical to public confidence. Therefore, we will only seek exceptional access to data where there’s a legitimate need, that access is the least intrusive way of proceeding and there is appropriate legal authorisation.
  2. Investigative tradecraft has to evolve with technology.
  3. Even when we have a legitimate need, we can’t expect 100 percent access 100 percent of the time.
  4. Targeted exceptional access capabilities should not give governments unfettered access to user data.
  5. Any exceptional access solution should not fundamentally change the trust relationship between a service provider and its users.
  6. Transparency is essential

And here in lies the Catch-22 situation. How does law enforcement gain access to secret communications, without breaking these principles, and providing a back-door into the Internet? For many politicians, the answer is simple … “ban it”. Amber Rudd — for example — was one politician who failed to understand the core issues involved:

And so the possible solution is for a “ghost protocol”, and which is a way for law enforcement to be added as a blind party within encrypted messenger applications — the “ghost in the machine”.

The Ghost in the Machine

With the ghost protocol an additional end-to-end tunnel will be created for Grace (a government agent). For this Bob and Alice would negotiate a secure encryption key based on Bob and Alice’s long term public key. Bob would also create another key for Grace, using Grace’s long-term public key.

Unfortunately, the actual implementation of this is a great deal more complex than it might seem for some politicians.

While sensible in its usage where there are high-risk investigations — and where there was a warrant — this approach would require a back-door to be placed in the messaging protocol, and which could be compromised by malicious third parties. It may also reduce human trust within services. Imagine if a foreign agent was able to break the backdoor, and then listen to all the conversations of a nation?

And what would happen to the laws applied in each country? Would a different version of the software be used for those in the UK — with the ghost protocol — and another in Canada. Under GDPR, too, citizens have a right to privacy, and a ghost protocol would thus breach that right if it were applied on a large-scale basis.

And, so, 47 signatories delivered an open letter to GCHQ which outline their concerns [here]:

Within the open letter the signatories praise the six principles, but outline that the ghost protocol could cause serious cybersecurity risks and threaten fundamental human rights:

Although the GCHQ officials claim that “you don’t even have to touch the encryption” to implement their plan, the “ghost” proposal would pose serious threats to cybersecurity and thereby also threaten fundamental human rights, including privacy and free expression. In particular, as outlined below, the ghost proposal would create digital security risks by undermining authentication systems, by introducing potential unintentional vulnerabilities, and by creating new risks of abuse or misuse of systems. Importantly, it also would undermine the 2 GCHQ principles on user trust and transparency set forth in the piece.

The debate now seems to echo some of the previous calls for backdoors in cryptography:

Keys Under The Mat: NOBUS, Key Escrow, or a Crumple Zone?
Breaking Crytomedium.com

Conclusions

I have no solutions in this article.

It is truly the greatest digital debate of the 21st Century.

Every person on the planet should have human rights for their on-line presence, and society has a right to protect itself. The whole debate around our legal systems is now starting, and whether a country can really apply its own laws within an interconnected world.

Whatever happens, the principle of ‘Transparency is essential” is likely to make sure that whatever is implemented is known about. Very little can remain secret on the Internet.