COMMENTARY <\/p>\n
This article first appeared on The Conversation. <\/p>\n
The Australian government wants the ability to read messages kept secret by encryption in the name of aiding criminal investigations. But just how it proposes to do this is unclear. <\/p>\n
As Australian Attorney-General George Brandis recentlytold Fairfax Media, \"[a]t one point or more of that process, access to the encrypted communication is essential for intelligence and law enforcement.\" <\/p>\n
Inan interviewwith Sky News, he spoke favorably of controversial U.K.legal powersthat seek to impose on device makers and social media companies a greater obligation to work with authorities where a notice is given to them to assist in breaking a communication. <\/p>\n
Brandis has insisted the government doesnt want a backdoor in secure messaging apps. How, then, he expects companies to break them is unclear. <\/p>\n
As many havepointed out, its hard to see any tool that gives law enforcement privileged access to otherwise encrypted messages as anything else but a backdoor. <\/p>\n
How end-to-end encryption works <\/p>\n
Backdoor or not, its worth being skeptical of any mechanism aimed at accessing encrypted messages on platforms like WhatsApp. To explain why, you need to understand how end-to-end encrypted messaging services work. <\/p>\n
Encrypted messaging servers scramble the original message, the plaintext, into something that looks like random gibberish, the cyphertext. <\/p>\n
Translating it back to plaintext on the receivers phone depends on a key -- a short string of text or numbers. Without access to the key, it isnt feasible to get the plaintext back. <\/p>\n
Keys are generated in pairs, a public key and a private key, of which only the private key must be kept secure. The sender of the secure message has the receivers public key, which is used to encrypt the plaintext. The public key cannot be used to unscramble the cyphertext, nor does possessing the public key help in obtaining the private key. <\/p>\n
End-to-end encryption simply keeps the private key securely stored on the phones themselves, and converts the cyphertext to plaintext directly on the phone. Neither the private keys nor the plaintext are ever available to the operator of the messaging service. <\/p>\n
Compromising security <\/p>\n
An encrypted messaging app could hypothetically be modified in a number of ways to make it easier for authorities to access. <\/p>\n
One would be to restrict the range of keys that the app can generate. That would make it possible for the government to check all possibilities. <\/p>\n
The U.S. government, which imposedregulations to this effectfor a brief period in the 1990s, may have once had computing resources far in excess of any other entity, but this is no longer the case. In fact, these old rules are themselves still causing security problems, as some applications can be tricked into reverting to the insecure export mode encryption that is trivially crackable today. <\/p>\n
Other national governments and well-funded private bodies would find brute force checking of all the possible keys well within their capabilities, compromising the security of legitimate users. <\/p>\n
And while governments might believe they can keep their backdoor secure, such secrets have a nasty habit of leaking out, as did hacking techniques used by theCIAandNSA. <\/p>\n
Nor can governments simply make possessing encryption software a criminal offence. <\/p>\n
Take the application Pretty Good Privacy (PGP) -- or, more precisely, its open-source equivalent GNU Privacy Guard (GPG). <\/p>\n
Once used for securing email messages, its now more often used to ensure software updates on Linux systems are from the original authors and have not been tampered with. For instance, thesystem update tool in Ubuntu Linuxuses the GPG machinery for this. Without it, the Linux servers that run much of the internet would become much more vulnerable to hackers. <\/p>\n
Similar mechanisms are used in Windows, iOS and Android to prevent tampered applications from being installed. As such, banning or undermining end-to-end encryption would seriously affect internet security. <\/p>\n
Endless workarounds <\/p>\n
In any case, creating backdoors in end-to-end encrypted messaging services would not achieve its goals. Once messaging app backdoors became known, savvy users would simply switch to another service, or make their own. <\/p>\n
<\/p>\n