Obama Administration Explored Ways To Bypass Smartphone Encryption

An anonymous reader writes: According to a story at The Washington Post, an Obama Administration working group considered four backdoors that tech companies could adopt to allow the government to break encrypted communications stored on phones of suspected terrorists or criminals. The group concluded that the solutions were "technically feasible," but they group feared blowback. "Any proposed solution almost certainly would quickly become a focal point for attacks. Rather than sparking more discussion, government-proposed technical approaches would almost certainly be perceived as proposals to introduce 'backdoors' or vulnerabilities in technology products and services and increase tensions rather [than] build cooperation," said the unclassified memo. You can read the draft paper on technical options here.

If they can break it, ANYONE can break it

[kheldan]

..and at that point it's useless. By all means, try to break it; if you can then that means it needs to be improved.

Re:If they can break it, ANYONE can break it

If they can break it, ANYONE can break it

It's even worse than that.

Obviously the bad guys could break it, or steal the backdoor keys, or whatever.

But the worst part is that we don't know if any bad guys have broken it yet, so -- starting on day one -- we have to assume they have.

This is true even if the bad guys haven't actually broken it yet.

This means that backdoors are a failure up front, by design -- and not just if they break.

Re:If they can break it, ANYONE can break it

[AmiMoJo]

TFA mentions a few ways that they were considering implementing this.

1. Special government controlled keys in addition to user controlled keys. Obviously loss of the government controlled key would allow anyone to decrypt those messages.

2. A split private key, with half held by the manufacturer and the other half by the government. Only by bringing the two together can the user's messages be decrypted.

3. Abuse of automatic forced updates. Make device manufacturers send government malware using their update system. Would require a court order, and doesn't appear to be any more open to abuse than current update systems. Presumably the user would lose the ability to disable these updates.

4. Forced cloud backups of unencrypted data.

Why only say Obama?

Saying it's Obama's Administration that did it is just as honest as saying it's Bush's Administration that allowed "enhanced interrogation" and detention facilities - it sure as hell didn't stop (or probably even start) with Bush, just like how breaking encryption sure as hell didn't begin with Obama. The problem is with the entire system, not just one political sports team or another.

Re: Why only say Obama?

[bill_mcgonigle]

They didn't abandon it - the FBI Director is out there insisting on it every day. Obama could reign him in with one phone call.

This is classic "political cover". Why do people still take politicians at their word? Can no amount of evidence change that?

Re:Why only say Obama?

[jafiwam]

I have a problem with the reasons they abandoned it. They abandoned it because they thought it would stir up too much trouble. Any good administration would have never explored the idea at all because it's a shitty thing to do and unconstitutional.

There is a great frustration with the Constitution by our leaders.

They have been trying in earnest for years, to find a way to make the tools they already use for "parallel construction" (look it up) to allow for circumvention of the 4th and 5th Amendments. See, they get the data illicitly, then they need a way they can use a court order to say they got it legitimately. The actual back door doesn't need to work, people just need to believe it is there.

The problem is, people are getting just as pissed about the appearance of a back door as they were finding out the ramblings of paranoid tinfoil hat wearers about government listening to everything were TRUE when Saint Snowden showed this fact to the world.

It IS a backdoor

[phantomfive]

would almost certainly be perceived as proposals to introduce 'backdoors'

Yes, that is exactly the definition of a backdoor: a way to bypass the owner's security measures. Any suggestion that it isn't would mean that the government is the owner of the device, not you or me.

Obama is All About Transparency!

[Irate+Engineer]

Unfortunately he was thinking of one-way glass with the ability to look into our affairs.

Re: Obama is All About Transparency!

It was the black guy who promised "change". He knew he would not deliver but still acts like he's got the moral high ground. He does not. If you tell me you're going to something, you ask my backing on that condition and that renege, you broke your promise and I can call you a liar. I don't care if you're white, black, yellow or purple with green dots.

The backdoors are already in place

Transceivers are often hooked directly into sensors such as microphones, and run very complex proprietary firmware that is given undue privileged access to the rest of the system's resources.

Furthermore, for nearly 15 years, Intel as been quietly introducing an entire, higher-priority computing system within your consumer laptops and desktops and probably now your tablets and smartphones: This is known as the Intel Management Engine, specifically the Intel Active Management Technology. If your computer's Intel sticker lists "vPro", then you've probably got it!

It's frightening stuff.

These systems involve their own little processors, memory, storage, network interfaces, and proprietary operating systems; as long as the machine is plugged into a power source and wired network—even if the user thinks that it's switched "off"—that little computer within "your" computer can be contacted and used to access the rest of the machine, including your storage drives (hard disks, SSDs, etc.), RAM, main CPU, GPU, etc. It has higher priority than "your" system, can take control of the display and keyboard/mouse/touchpad input so that Intel's AMT can provide VNC access from the moment the main system's boot process begins. It can do all of this while your system is running, including reading your private encryption keys from your RAM or twiddling bits on your hard disk.

Any attempt to remove or alter the proprietary software and hardware that composes the AMT can be made to and likely will be made to brick your system or make it otherwise unusable.

Re:The backdoors are already in place

[Kjella]

True we can't know everything it can or can't do without a full read on the capabilities from Intel but I trust that if it were capable of offline access by anyone as you claim it would be public knowledge and wouldn't have made it very far.

Part of AMT is remote management, including being able to boot a server that lost power, reboot a frozen machine, wake machines for nightly patching and so on. Obviously it can't reach a machine that doesn't have power, but from the moment you plug in a vPro machine it's live even when it's "off". Maybe it's not public knowledge but you only need to read the advertisement:

Find It. Fix It. Anywhere
Intel(R) Active Management Technology provides remote management over wired or wireless networks across devices. Access clients through a secure channel irrespective of power or OS state, address issues while user is online, patch, repair, and upgrade operating systems and applications, and inventory client-side software and hardware.

Of course it's only supposed to talk to your puppet master inside your enterprise and only when it's enabled. But if you had a secret knock backdoor to access AMT on any computer, even when it is allegedly disabled - and perhaps even on CPUs that don't advertise the feature since it's probably there in silicon - that would be the mother of all back doors.

Re:The backdoors are already in place

Oh, well, if the proprietary system says it's disabled, then it must be disabled!

Unfortunately, you are wrong.

No license is required, and there's good evidence that disabling AMT in the BIOS does not really disable it. Exploits for AMT have been published and only fixed very slowly by Intel.

It's not hidden from the public; as with all encroachments by Big Brother, it's marketed as being useful and convenient. Here, have some fun. Any fool could follow those instructions.

Re:The backdoors are already in place

Sorry, but this is just pure FUD and you apparently don't know anything about AMT, or you have your own agenda.

Yes, there's typically an additional cost for vPro systems vs non-vPro equivalents - but that's because vPro only works if you have Intel Wifi, Intel NIC, and a Core i5 or better processor - generally, more expensive than, say, Atheros WiFi, Broadcom NIC and a Core i3. And because the PCs are targetted at business users, the manufacturer might choose to charge a premium.

Beyond that there is no additional cost for vPro - no "licensing" or "activation" costs. Once you have the PC, you can start using AMT - the remote management part of vPro - immediately.

But in contrast to the tinfoilhattery expressed above, it's not a hidden backdoor, or a terrifying way for The Man to take control of your PC. It's not even available until you've taken conscious steps to enable it - which involves setting a strong password at a very minimum. Not something that can be done by accident, or by malware; either you go into a special page of the BIOS, or you install a provisioning certificate that matches your DNS domain and then configure it down-the-wire using software (which is free) from Intel. If anything, it's TOO hard to enable it - I really wish it were a little easier, cos more customers might be using it and reaping the benefits, but security was baked in from the outset.

Anyway, once all that has been done, your PC can be silently compromised at any time by the NSA.... *rolls eyes*. No, actually. You can "discover" the PC across the local network over Ethernet if it's switched off; power it on remotely as long as it's connected to AC; or initiate a remote control session to the built-in VNC-alike server. Super handy for IT Helpdesk. And while the remote control is in session, there's a non-disable-able flashing banner all round the edges of the screen, and a flashing glyph in the corner, and even a "Do you want to allow someone to take control of this PC? If so tell them this randomly-generated 6-digit passcode" overlay sprite, if the owner of the PC chooses the latter.

Yes, I work for Intel. And yes, I get fed up with these alarmist "OMG it's teh evilllz" FUD posts. Why not talk about DASH, which is an open industry standard, pretty much identical to Intel AMT, and is present on any number of non-Intel PC systems?

Re:The backdoors are already in place

Well, why didn't you say so?! You heard it here folks: "Security was baked in from the outset." If only every other exploited system had been so careful...

AMT has been compromised before, and it took Intel years to fix the published exploit, and that was after stonewalling the researcher who found it.

It doesn't matter that the system tells the user something is disabled; the underlying system is entirely proprietary and can say whatever the hell it wants. Sure, hardware is always going to be virtually proprietary, because nobody can really check it, but the ME system of which AMT is part (or on which AMT is based) is powerful enough to run software like a Java virtual machine, and Intel provides an SDK for people to develop "apps"(!) to run on this thing—it's a robust computing platform embedded within what the user thinks is the "real" computer, and the user probably doesn't even realize it's there.

I mean, as you point out, it can generate overlay sprites; AMT has the user's "real" computer so compromised that it can manipulate what the user sees on screen, can access all aspects of the computer, can generate input as though it were the user, etc., and it's all based on an entirely proprietary set of hardware and software, the latter of which is so robust that people can develop apps for it. Worse yet, Intel has made this system so integral, that it's required to function in order for the whole machine to function (or at least can be made as such by an OEM).

Is the network connection to the AMT encrypted? You bet! However, even the widely used open source software for handling TLS/SSL connections has been compromised, so why shouldn't Intel's private implementation have exploitable faults? Hell, as mentioned, the AMT has already been compromised before!

It is not tinfoilhattery to be wary of a PC within a PC that has higher priority, is essentially always on, makes local access non-obvious or impossible, runs its own proprietary operating system, provides a web server for web access, and sports its own goddamn VNC server based on complete hardware-level pwnage of user input and GPU input/output.

It's Insane!

I predict the future of a government API

[DigiShaman]

So what will happen is this: The US Government will mandate all phones be PRISM compliant, or at the least have the master encryption key to the data. Apple, and perhaps Google if I recall, took an engineering route to make it physically impossible to respond to an FBI request. Primarily because Apple doesn't want the liability, and secondly it costs money to staff an entire department of warm bodies to fulfill said requests.

Now comes the fun part. China is basically mandating that the top Silicon Valley CEOs fly to China and agree working with the government at backdoor access to all user accounts and data with regards to its own citizens. The US, as does EU and Australia want something similar. At some point, there will be a treaty among all major nations to mandate a Government API written into all software and cloud based services. This way, each Government can plug right into the application layer and pull data upon request.

Welcome to a period of darkness!!!!!

Re:I predict the future of a government API

[rahvin112]

The paper covers this with a caveat that most encryption software is open source, freely available and has no central authority that can be compelled. The result of this is that even is some key recovery system is mandated users could simply encrypt their own data underneath the compromised encryption and render the device inaccessible and defeat the entire purpose of the law and international accords.

This caveat is actually on the first page of the document as a "technological limitation".

Re:I predict the future of a government API

[Attila+Dimedici]

You seem to be missing the same thing the idiots trying to get this in place miss. If this gets implemented, it won't just be the governments with access...and because the people trying to implement this will want to be able to spy on people in government, it will be on government computers. If this gets implemented (and it may already be partially implemented), the world will get very ugly indeed, including for the people proposing it.

One of the "example" solutions

[rahvin112]

One of the example solutions in the document is to force the device provider to update the device with a malicious update the decrypts the device. Talk about a way to encourage people to allow the device update to run! They even acknowledge this. It's quite humorous, people should read it. The paper discusses how even if a solution is implemented device owners could simply layer their own encryption on and make all data inaccessible. So if that's the case, exactly what is the point in the paper or the working group? They acknowledge right at the start that whatever you propose could easily be defeated by the consumer simply encrypting things themselves. So if the entire thing is technologically unfeasible why on earth would you even study it?

The one thing I haven't seen covered in the paper at all is that IF the US were to implement these requirements that all business involved in encryption would simply move off shore and destroy a thriving US business ecosystem. The paper's assumption is that any US developed protocol would then be exported world wide. This is profoundly illogical on many fronts. There would be numerous countries that would simply not participate in some US encryption compromising ring.

practically true. Interesting theory $10 million b

[raymorris]

For purposes of making policy, we should absolutely assume that if the government can get in, so can the bad guys. (Ignoring the fact that sometimes the government IS the bad guys).

Having said that, it's an interesting intellectual exercise to consider that's not NECESSARILY true. For example, each year the encryption could be increased with a longer key, such that at any given time it costs about $1 million in computer time to decrypt a phone. The government could easily spend a million, or ten million, to decrypt Bin Laden's laptop, but nobody is going to spend a million or ten million to decrypt yours or mine.

I'm not suggesting that's actually a good idea in terms of policy , just an interesting puzzle to think about.

Also, years ago we thought it was impossible for you and, who have never met before, to publicly post messages to each other in such a way that nobody else could decrypt them - without ever talking privately to share an encryption key. Now, we use Diffie-Hellman every day to do exactly that, as part of https. We thought it was impossible to share a secret on a public forum (or network) without everyone else on the forum being able to read the secret, but we were wrong. Diffie and Hellman invented a way. Theoretically, it's entirely possible to invent something that allows access only to authorized individuals, with a public audit trail. We haven't invented it yet. Block chains like Bitcoin uses suggest that encryption can be tied to a publicly accessible log, so we know whose data they decrypted, or at least how many they did.

Re:practically true. Interesting theory $10 millio

[erikkemperman]

Now, we use Diffie-Hellman every day to do exactly that, as part of https. We thought it was impossible to share a secret on a public forum (or network) without everyone else on the forum being able to read the secret, but we were wrong. Diffie and Hellman invented a way.

Just thought I'd mention Ralph Merkle, the guy gets nowhere near fair credit for having co-invented public key cryptography. In fact, Hellman argues we should talk about Diffie-Hellman-Merkle key exchange.

And there were some guys at GCHQ who independently did pretty much the same. But I credit them less because it was all kept secret and they work for, you know, evil.

cert isn't required for secrecy, only authenticati

[raymorris]

No trusted root certificate is required in order to have a secret, encrypted conversation over a public medium. We could post secret messages to each other using Diffie-Hellman right here on Slashdot.

Root certificates are for authentication- knowing my real name rather than just my Slashdot userid raymorris.

And the 50s were worse than the 30s.

[Brannon]

There were no big racial protests in the 30s, I guess that means that everyone was super happy. Also, the 1890s were even quieter, and the 1840s quieter still.

A wise robot once said, "I think you're confusing peace with quiet". The racial divide isn't created by rabble rousers, it's exposed by them.