Is it time to ban encryption?by Flash Wilson, October 4th 2001
Click here to hear Flash read this article.
Since the events of September 11th in the USA
there have been many discussions and newspaper columns suggesting that
the encryption of internet traffic should be banned or moderated.
this editorial in The Observer says
"We object to proposals to intercept every email, bank transaction and
mobile phone call. Generalised surveillance of this type is typified by
its uselessness as an effective line of defence, but enormously and
unnecessarily increases the power of the state." The author suggests
that encryption should be banned, apart from with legitimate
users whose keys should be escrowed.
Security Focus has a good column against this, and there are people in many forums making educated arguments; the basis being that there is no way to police it, and terrorists will continue to use encryption and generally do as they please. I am unsure whether other columnists avoid the technical arguments through lack of understanding or inability to convey them to their readership. Well ok, lets ride with them and see how their ideas might work.
Firstly let's look at how this might work - an example of how my daily life as a system administrator might be, after legislation against encryption has been brought in.
After that, a look at the practical challenges of implementing and defending this potential legislation.
I go to work, fire up the PC, and read my email. I work for an Internet Service Provider. Ive got a request to change the mailserver record for a customer's domain. It will only take a minute to do, so I login to the DNS server to make the change. To login, I use secure shell (ssh) because other methods send my login details across the net in plaintext, and we can't risk a hacker snooping them - they would then have access to affect all of our customers! The software has been changed to allow me to access the key used to encrypt the connection. They havent managed to change it to use one key per user, so it still generates a new key every time I login. I get the key and dutifully upload it to the government database. Finally I connect to the server and make the change - my quick task has just taken twice as long as it used to. Its also the 143rd key Ive uploaded this week. I wonder how much diskspace the government has to hold its database.
A bit later, a customer wants to register a new domain. I need to email Nominet, and sign with my PGP private key so that they know the request came from my company. At least there is only one key for that!
At lunchtime, I decide to buy my mother a book for her birthday. If I buy online I can get it delivered to her house directly, so I open my browser and hunt for the book. The website I usually use is down. They were hacked when they didnt have time to test new, but compliant, encryption software, so they reverted to insecure methods. Their website now reads that "s1l4s 0Wn J00". I find another booksite and order with them, although as I havent used their site before I have to spend a while setting up an account, only to find I have to come back when the key that will encrypt my bank details has been lodged with the government database. They say to allow an hour for the registration process, but my lunchtime will be over before then. I give up and go to the bookstore, observing that the government is murdering e-commerce.
Then it dawns on me. What is to stop me using my old software? How will the government know? Well, they can monitor all my traffic, and then try to decrypt traffic with all known keys, and then when they eventually find traffic that is encrypted with an unknown key, try to prosecute the company or owner of the originating computer. Could take months, if it ever happens. They still havent managed to catch the thief who took my wallet in a pub, so the chances of the traffic being noticed is slim. And how can they pin it on ME? Im pretty confident that no organisation can have the means to monitor all internet traffic, and I dont see why I should be a target for their observations.
Suppose that my machine is at a university. It's used by hundreds of people. It could have been anyone who connected out to another server. We can't attach keys to specific machines, they have to attach to individuals or organisations. Yet I dont know who sat down and connected out from the machine in those five minutes. Yes, we have logs but as new users passwords are distributed in plaintext they are not hard to steal. Criminals are not going to put their keys into escrow. They ARE going to find ways to stay hidden as long as possible.
Simply, there is no way that the government can police the banning of encryption or the escrow of keys. Responsible users will remain responsible, and criminals will remain criminal.
Apart from making my life a whole lot messier, encryption isnt going to catch the real criminals at all.
To prove this lets try a calculation for a minute. 25% of all IPv4 space is advertised on the internet. Put simply, this means that 25% of all possible internet addresses are answered by a computer. This is about 100,000,000 addresses. A few of these will be answered by the same machine, for example a commercial server hosting different websites, each with its own address. However this is easily outweighed by NAT, where several machines are used internally but all traffic going out to the internet is seen as coming from just one IP. For example the Department of Health has about 6000 computers and all that traffic appears to come from just one address. If you want to know which actual computer it came from, you will have to rely on the competence of the system administrators at that company to find out, assuming their software makes it possible to do so. So as a minimum, 100,000,000 computers are on the internet. Many of these are in the UK. Traffic from others may be routed through the UK. Some will be making encrypted connections to a computer in the UK.
All of these will be sending traffic out. Lots and lots of traffic. For example a server that I do not use very much at all, and which has no other users, sent out 37 packets of information in a second while I watched. There is going to be no way that the government, or even combined governments of the world will be able to monitor all of that traffic. The traffic will not all be encrypted, but the government will have to monitor it all to find what it wants.
Even if it manages to log a sample of the traffic, the data sent must now be examined and an attempt made to decrypt the data with all known keys. Possibly this could be reduced to "all known keys registered to be used on the originating computer" - although I might send encrypted mail from firstname.lastname@example.org from any one of several machines. At a university or large institution, there will be a large number of users who may use the machines, so there are a few thousand possible keys which may have encrypted the traffic. This may or may not be done for "legitimate" reasons, but the government will still have to decrypt the data to make checks.
If they cannot decrypt the data, the government will now have to go to the organisation or owner of the computer. Supposing, as I mentioned before, there are 6000 users, all of whose traffic appears to come from the same address. The government now requires the system administrator to check firewall logs and hopefully identify the computer from which this encrypted data originated. Maybe a contractor was in that day and he plugged his laptop in on their network to send an email. Of course, his key wasnt registered under that company. And you cant expect the government to test encrypted data with all known keys, surely? There will be thousands of those, too.
When the government has found some encrypted data that it cannot read, what will it do? Send a speeding ticket type fine, with 30 days to appeal and say it wasn't you driving at the time? Send armed police to surround the originator? (As I can login to an account on a machine in another country and send my encrypted email from there, that will be impractical, even if the police from both countries could agree on how to proceed.)
There are other issues we have not even touched on. How will the government manage to be able to monitor any/all internet traffic? It could monitor traffic passing through the London Internet Exchange (LINX) and potentially catch MUCH of it... How will they handle traffic that appears to be passing between two machines in different countries and just routing through the UK to get to its destination? How will they deal with traffic traversing an encrypted connection between the UK and one other country? How can they be certain that when they have the ability to snoop and decrypt traffic, that hackers will not be able to? Can we even trust the government to keep our keys - and all information of ours that they have snooped - secure?
Meanwhile, while you have been reading this, a terrorist could have left a message under a keyboard in a web cafe, and nobody else have noticed.
Have a nice day.
This page last updated: 24 July 2004
If you have a comment, please leave it in the guestbook. To contact Flash directly, complete this form. Like this site? Buy me a drink!
This site moved from a fixed width to the current layout in 2009. Some older content such as photo sets may still have a fixed width. However if you notice any pages which are actually broken, please be kind enough to let me know via this form.
© Flash Wilson 1999-2010. I charge a fee for use of my photos.