UK Government Wants a Backdoor Into Windows

REBloomfield writes "The BBC is reporting that the British Government is working with Microsoft in order to gain backdoor access to hard drives encrypted by the forthcoming Windows Vista file system. Professor Anderson, professor of security engineering at Cambridge University, urged the Government to contact Microsoft over fears that evidence could be lost by suspects claiming to have forgotten their encryption key."

Not "lost"

[ajs]

This is that definition of "lost" that appeared in the late 20th century. It's akin to the money that the music industry is "losing" due to file sharing. The evidence is not lost, it is as yet, undiscovered, and in any civilized country, we would not assert that there WAS any evidence unless we could actually see it. In the U.K., however, they actually have a law that says that you have to reveal your secret keys to the authorities with no provision for simply not knowing them. You can be convicted of the crime of having white-noise on your disk that authorities assert is encrypted data to which you are refusing to reveal the key. Heck, you could be convicted of a crime for not divulging the key to /dev/random, which is clearly some secret message channel from an unknown party, since messages arrive from it in small bursts!

Re:Pfff

[elrous0]

What bad guy would be stupid enough to trust any encryption or security scheme introduced by a major corporation to begin with? If you want encryption, you go with open source. With any corp that has to answer to the government, you'd might as well assume there WILL be a backdoor.

In the end, the bad guys will use real encryption and the backdoor won' effect them. It will only serve as a security risk for legitimate users.

-Eric

Contempt of court

[springbox]

I often see arguments like this one. What's the point for some people to encrypt their files (other than temporary privacy) if you're going to get in trouble later in court anyway for not revealing your keys? Now this might actually be unlikely, but what if average windows user genuinely forgets their password? Seems kind of unfair.

Re:Contempt of court

[geoffspear]

One would hope that you're not going to be forced to reveal your password unless the Government establishes probable cause that you've committed a crime.

It's kind of silly to think that an average user with no incriminating evidence encrypted is going to be randomly ordered to turn over a password, and thrown in jail for legitimately forgetting it. It's a disturbing thought that the law, as written, could lead to that, but it's not a compelling argument against using encryption if you're not a criminal.

Using this sort of hypothetical scenario to argue against routine use of encryption is a bit like arguing against keeping sharp knives in your kitchen, because you're afraid the police might claim you stabbed someone with one of them and cleverly removed all forensic evidence of the stabbing from the knife.

keyloggers

[Barbarian]

How about making governments install a keylogger before they seize the computer? Hardware or software, it would go in the old tradition of installing a telephone tap. It's not that hard either. Did the government demand that paper notebook makers supply a backdoor so they could decipher drug accounts written in code?

Re:China & PGP

[iagreewithmichael]

seems we may see the fragmenting of the OS market with each local government insisting that only a domestic version be sold within its borders all in the name of security.

Re:China & PGP

[OhHellWithIt]

You may remember the "clipper chip". The idea, proposed during the first Bush administration, was that encryption technologies would have to include a back door for U.S. intelligence agencies and law enforcement. I forget whether this was just for export, or whether it included domestic products as well. The argument "pro" was that we could trust the U.S. government not to misuse the key; the argument "con" was that it would inhibit exports of U.S. products, because while Americans might trust their government with keys to their back door, why would anyone else? And there was also the issue that foreigners might be smart enough to come up with something that the NSA couldn't crack. I was disappointed to see the Clinton administration follow through on the idea. Ultimately, export controls were relaxed somewhat, but I'd be surprised if there weren't back doors and/or key cracking algorithms available in Fort Meade. (sp?)

It'll be interesting to watch this play out. I'm sure any resolution will disappear deep within the inner pages of the paper, if it is discussed at all.

Time to switch!

[caveat]

OS X FileVault...AES128 encryption of your home directory with no backdoors! (At least not that I know of). Ain't nobody reading your files without your key.

Re:What is the point of filesystem encryption?

[Gadzinka]

Why in the world would they have to boot your computer simply to read your hard drive?

Because all the sectors on my hard drive are encrypted on the fly. When you read it directly in other computer all you get is nearly random gibberish. There's not even a proper filesystem on it. Only after you mount it giving my long and convoluted passphrase the OS decrypts the sectors on the fly, so you can read the files. Switch the power off, reboot my machine or unmount the partition and there is no way to access my data again.

Is that easier to grok?

Robert

Plausible deniability ... and continued access

It's worth noting that harm can come not only from data being revealed under coercion, but also from data becoming unavailable.

If terrorists or an oppressive government take your computer and hard drives away, anyone who depends on that data is very much out of luck.

For this reason, local encrypted filestores and plausible deniability are only part of the puzzle. Quite a lot more is required, in particular cryptographic online distribution.

A comprehensive solution will need to use a large population of fixed size raw dataspaces spread across the net, instead of local disks. Quite likely, it would be stored steganographically 1:<large-N>:1 so that (for example) changing webcam images could be used as repositories. And it will need cryptographically-random access for site selection and dataspace selection and to individual bits in the dataspaces. And it'll need huge redundancy since the online storage will be inherently unreliable, yet without laying the scheme open to pretty simple differential cryptoanalysis.

That's a very tall order.

Re:Pfff

[Kadin2048]

In addition, you'd want a system whereby you could enter a distress password, and unlock one level of security, while at the same time transparently destroying data, from the most secure level on upwards. So let's say you had three levels of encrypted data. The first layer is just some dodgy pictures of you and your wife. The second contains some emails showing you were evading taxes. The third is whatever you really want to protect.

For each level there are two passwords, one which will unlock it as normal, and another which will unlock it, and also begin a routine which will start securely erasing the third level data, then the second level, and then the first level + OS, and maybe trigger a lump of thermite sitting on top of the RAM for good measure. Or maybe it would be better just to get rid of the third level silently, so that it's as if it never existed. That's probably healthier, on second thought.

So that after you provide a good show of resisting giving out the password, you hand over the 'distress' one and let them have fun getting through the first level of junk data, while at the same time the system is slowly eating away at the stuff you really don't want, down on the third level.

You could even set it up so that the mal-effects caused by the distress passwords increase as you move through the levels of security. The distress password on the first level of security just starts the "silent erase" mechanism. The distress password on the second level speeds it up at the cost of less subtlety (because obviously they're getting closer to the actual data, so you need it gone faster). The distress password on the third level physically destroys the system in some sort of obvious (but quick) fashion. That way you're almost guaranteed not to compromise the data, but you also don't have to necessarily compromise yourself, unless they're really close to getting the stuff.

Keyloggers

[Kadin2048]

Worth pointing out that keyloggers are exactly the route that the FBI here in the US has taken:
http://www.epic.org/crypto/scarfo.html

That's US v. Scarfo; basically a mobster was using PGP to encrypt his communications and rather than breaking the encryption the hard way, the investigators got a warrant to install a keylogger. I'm not sure exactly how they did it, but I'm pretty certain that it was a hardware device implanted in the keyboard, rather than software. (The warrant they got was pretty much a blanket thing, approval for 'hardware, software, and firmware as necessary...') However they didn't divulge the exact methodology in the trial, because they successfully claimed an exemption under the Classified Information Procedures Act.

Private Disk

[gr8dude]

Well, TrueCrypt is freeware and open-source, but there is also another aspect that has to be taken into account - it is NOT a certified product.

Institutions such as NIST test the implementations of the algorithms, then the program either gets certified or not.

The problem is that without certification, we do not know whether what they've implemented is what they think they've implemented*.

The point is that they might use some obscure algorithm nobody knows - which has no guaranteed strength; thus one cannot rely on it. They can also implement standard algorithms such as AES or DES - but were they correctly implemented?

Sure - "why don't you take the sources and look at them yourself?" some might say, but is everybody competent enough to do that?

On the other hand, implementing something and then certifying it, means that:
[a] it was done right
[b] it is as strong as the standard says


In the case of encryption, the strength is in the key itself and in the mathematical basis of the algorithm, NOT in the obscurity of the mechanisms applied within the software.

One minor thing - NIST certification is expensive, I doubt TrueCrypt will pass it, unless some company pays for this. Commercial encryption software is a different thing, if they want to be treated seriously, they must go for it. An example is Private Disk.

* an old saying:

"The problem with computer programs and programmers is that the program does what the programmer wrote, not what he thought he wrote".

USA & 5th amendment

[SnprBoB86]

I'm not sure about the UK, but in the USA, wouldn't this be a 5th amendment rights issue?

The summary states that this black hole is desirable for "fears that evidence could be lost by suspects claiming to have forgotten their encryption key", but why would a suspect have to say they lost their encryption key? Why not just plead the 5th?

The 5th amendment states: "No person shall [...] nor shall be compelled in any criminal case to be a witness against himself [...]"

I honestly do not believe that the contents of a person's hard drive falls into the same category of evidence as eye witnesses or DNA. A personal computer's hard drive, particularly one with an encrypted file system, is effectively an extension of that person's memory and hence any data extracted from it seems very much like testifying against oneself.

oh please, yes please

[lkcl]

He said: "From later this year, the encryption landscape is going to change with the release of Microsoft Vista." The system uses BitLocker Drive Encryption through a chip called TPM (Trusted Platform Module) in the computer's motherboard. It is partly aimed at preventing people from downloading unlicensed films or media.

oh please, yes please. switch on encryption that uses TPM. then all it takes is a virus to overwrite the TPM keys in the BIOS memory and that's it - game over: your entire hard drive rendered useless. mwhahahahah