Some people have always found it valuable to hide the contents of messages from others. A common method is Cryptography, or Crypto for short. Crypto methods date back to the ancient Romans and probably even further back than that. And for a long time writing was good enough in most cases. Most people couldn't read so whatever you wrote was safe from the prying eyes of a large percentage of the population. Only the elite members of society could read so only members of the elites figured into your calculations.
And the two elite groups who were most interested in Crypto were the military and the diplomats. Both were interested in communicating reliably with their friends while keeping their enemies in the dark. And this led to a variety of systems. Simple systems just scrambled the order of the letters or substituted one letter for another. But by the middle ages the most common method was the Nomenclator. It consisted of a long list of words or phrases organized into two columns. The word or phrase in one column replaced the corresponding word or phrase in the other column. The system was clunky so it was mostly used by diplomats who had embassies that employed code clerks. The military, who needed systems they could use in the field under combat conditions, pretty much stuck with letter substitution schemes.
The population of people who found Crypto a part of their life got wider with the introduction of the telegraph. Traveling representatives of companies needed to communicate over long distances and they didn't want competing companies to know what they were up to. So Nomenclators morphed into Telegraphic Codes. And there was another reason Telegraphic Codes became popular. They could save money. The coded message was cheaper to send then the "plain text", the term of art for the original message, because it was shorter. This got to be a hassle for the telegraph companies so they ended up restricting people to using one of a small number of approved "Commercial Codes". The telephone eventually doomed all this.
And up to this point all the work was being done by people. This restricted the options to things people could reliably do in a reasonable amount of time and with a reasonable amount of effort. That all changed with the introduction of Crypto machines in the 1930's. The most famous of these is the Enigma machine used by the Nazis during World War II. Mechanical Crypto machines quickly evolved to become computer based Crypto machines. But for a long time the use of Crypto was, with the exception of the Telegraphic Commercial codes, restricted to the elites in general and the military and the diplomatic corps in particular.
That all changed when the general public got access to the Internet. By this time computers were very powerful and capable of implementing very powerful Crypto systems. And all of a sudden pretty much everybody used Crypto whether they knew it or not. You care whether your credit card transactions are secure and reliable or not. And that security and reliability depends critically on Crypto. Thus endeth the history lesson.
And so far I haven't said a word about the ostensible subject of this post. Here's where I start.
I am using the words "offensive" and "defensive" the way a military person would use them. If you are attacking the enemy you have gone on the offensive. If you are implementing measures to make it more difficult for the enemy to attack you, or for the attack to succeed, you are on the defensive.
So how does this translate into the world of Crypto? Well, if you are encrypting your messages you are making an attempt to protect them from the other guys. That is a defensive move. If you are attempting to decode the other guy's encrypted messages that is an offensive move. And there is a war going on here. One side may make a defensive move by deploying a new and hopefully improved Crypto system. The other side tries to counter this by upping their offensive game. One side typically has the advantage at any given point. But the "move - countermove" game goes on and on. It is commonly referred to in other contexts as an arms race.
I want to get at the question of whether we are striking the appropriate balance between offense and defense. And this question has been around for a long time. How much time and effort do you put into developing or enhancing the Crypto systems you use versus attempting to crack the other guy's Crypto systems? This question was important to ordinary people only at one remove before. You usually had some investment in some army or another or in some government or another. So Crypto success for those people you were invested in was a good thing and crypto failure was a bad thing. Now the impact is more direct.
Recently we had a new computer virus outbreak. This was different. It was a "ransomware" attack. Just like other arms races virus attacks change over time. Originally a virus attack would wipe out data on your computer. Then virus attacks evolved into ones that stole data. Your credit card information (or military and diplomatic secrets) is very valuable if it can be gotten into the right hands. The value to the attackers of a successful ransomware attack is very direct. You pay them money.
And the core of the ransomware attack is Crypto. Your files get encrypted. Now if this was a movie or TV show at this point we would cut to a shot of one or more people frantically typing, typically onto laptops. This might be intercut with shots of photogenic arrays of computer screens or of worried people. All the while dramatic music would be thumping so we would know that something VERY IMPORTANT AND DRAMATIC was happening. But never fear. After not very long (we audience members get bored quickly) someone would shout something equivalent to "Eureka". The Crypto had been cracked and we were all saved. Happy endings all around.
But in the real world things didn't and don't go that way. Nobody cracked the virus. If you didn't send the ransom payment you never would be able to read the files that had been encrypted again. In short, the offense won and the defense lost. Why?
Looked at from another perspective this ransomware attack contains some good news. And the good news is "Crypto works". (That's something I have noted previously. See: http://sigma5.blogspot.com/2016/02/digital-privacy.html). So if Crypto works and (being the pedantic kind of guy I am I feel the need to repeat myself) it does, then why isn't it used more widely? And the answer to that question feeds directly into my thesis.
For a very long time the arms of the US government that deal in Crypto have chosen to invest a lot of effort in offensive Crypto and have criminally neglected defensive Crypto. Governments, including ours, keep deciding it's more fun to crack the other guy's systems than it is to make sure the other guy can't crack their own systems. They have convinced themselves that their own Crypto systems were unbreakable but that with the proper amount of effort the other guy's systems weren't. And more and more the arms of the US government have decided that literally any system that is not a US government system is an "other guy" system.
And there is a direct connection between the two. If everybody is using poor Crypto systems then it is much easier to crack them. Crypto systems have been cracked going all the way back to the Romans (and probably before). But somehow the fact that we have succeeded in cracking the other guy's systems (at least some of the time) does not lead to the obvious action of looking hard at our own systems.
There is a trap that governments have been falling into for millennia. "Our systems can't be cracked". And there is usually a good reason to believe this. There is a universal system for cracking Crypto systems. It is called the "brute force" approach and it consists of trying all the possibilities. Let's say that it takes a minute to try a possibility, a reasonable figure during the middle ages. Then if a person lives to be a hundred years old and never stops to eat or sleep they can try about fifty million possibilities in a lifetime. But let's say our system has a billion possibilities. Then it can't be cracked using a brute force approach. It was easy, even a thousand years ago, to come up with a Crypto system that allowed for a billion possibilities. So these systems were completely secure, right? Obviously not.
So what's the secret? The secret is what the British called a "crib", something a student would do to cheat on a test. The most obvious crib in the Crypto world is to steal the key. You now have not a billion possibilities to try but one. But cribs come in lots of different flavors. Let's say you could find something out or figure something out that reduces the possibilities from a billion to a thousand. Then the system can be cracked after less than 24 hours' worth of effort. Cribs that powerful are hard to come by. But cribs can be combined. And maybe they only reduce the list to ten thousand or a hundred thousand possibilities. That's still a big improvement. Governments tend to assume that they are crib-proof. But they rarely are. And the fact that they succeed in developing cribs with which to attack the other guy tends to not have the obvious effect, namely a thorough and careful review of their own Crypto systems.
And the whole Enigma business with Bletchley Park and Magic and all the rest of it is a classic example of this. Lacking the appropriate cribs it turns out the Enigma machine couldn't be cracked. Enigma was used by many branches of the Nazi government. But messages were never cracked for many of those branches. There is a thing called "Cypher discipline". This is where you religiously follow all the proper procedures and protocols. Some Nazi departments were very careful and other departments were sloppy. But wait, there's more.
Bletchley was a British show but the Americans were heavily involved. And the Americans ran a parallel operation against the Japanese with considerable success. Again, some departments of the Japanese government were softer targets than others due in large measure to the degree of adherence to Cypher discipline. And one of the big beneficiaries of what was cracked was the US Navy. So did the Navy learn the obvious lesson and make sure they were using good Crypto and good Cypher discipline? Nope! The Japanese had a great deal of success cracking US Naval codes and using what they learned effectively.
So has anything changed since World War II? Yes! Things have gotten worse. Various Crypto responsibilities can be found in many parts of the US government. The NSA, officially the National Security Agency and unofficially "No Such Agency", is a big player in all this. And the NSA is all offense and no defense. It turns out that the basic code for the ransomware attack was stolen from the NSA. It us unclear whether the NSA developed it or just obtained it from elsewhere. But what they definitely did not do was notify Microsoft of the vulnerability the attack exploited so that a fix could be issued. Microsoft found out about the vulnerability when leakers posted an NSA list of vulnerabilities and the code that could be used to exploit them on the Internet. Microsoft immediately issued a fix but a lot of computers were left unprotected for one reason or another.
But wait, there's more. As I indicated above, there are lots of ways to do Crypto. For decades the NSA has seen it as their right to decide which systems people can use. And they want those systems to be easy for them to crack. Then some civilians came up with a system called RSA, which turns out to be completely secure if no cribs are handy. And this was a Crypto system that the NSA could not control. This forced the NSA to respond by issuing a pretty good Crypto system called DES. But we wouldn't have DES if we hadn't had RSA first.
And this policy of doing their best to keep good Crypto out of the hands of anybody but the US government has been a long standing policy of the US government with the NSA often taking the lead. A couple of decades ago the "Clipper" computer chip was announced. All computes were supposed to use a Clipper chip to do their Crypto. But the Clipper came with a back door that the NSA, the FBI, and other government agencies could use. Fortunately, that proposal died quickly.
9/11 produced the USA Patriot Act. It in turn produced the most complete gag order in history. Agencies like the NSA and the FBI can ask you for any kind of data they want and you are forbidden from even disclosing that a request had been made. Companies like Google and the mobile phone companies were ordered to disgorge vast amounts of data about literally everyone. At the same time they were forbidden from even telling anyone about the existence of the order let alone its contents. This was all revealed by Edward Snowden. The Snowden revelations have caused these kinds of provisions to be dialed back but only to a modest extent. The main provisions are still in effect.
The FBI was in the news a few months back because they were asking Apple to hack their own phones. This is because newer versions of the iPhone use better and better Crypto to effectively keep the data on them private. Various government agencies, including but not limited to the FBI and the NSA, have repeatedly asked for legislation mandating back doors into consumer devices like phones. They have also asked for back doors into data centers run by Google, mobile phone companies, and others.
There is an obvious value in letting the appropriate agencies in the appropriate circumstances get access to the appropriate data. But it's the whole "appropriate" thing that is the problem. It turns out that you can't draw a bright line indicating where the boundary between appropriate and inappropriate should be. And even if you could the boundary is not a real boundary. If the appropriate agencies can get appropriate access then inappropriate agencies will also be able to get inappropriate access.
The news has been littered with these stories for the past few years. Credit card data gets stolen so routinely that it now hardly qualifies as news. And if the NSA can get into Iranian computers the North Koreans can get into the computes at Sony Pictures studio. And Russian hackers can get into the computers of the US State Department, campaign committees belonging to both the Democrats and the Republicans, and so on. Apparently the only place they couldn't get into was Hillary Clinton's home email server.
These systems could be much more secure. But various US government agencies have been doing what they can to keep them insecure. It is beneficial to these agencies for them to be able to get into the systems of other countries. But the cost is great because it means that our systems are vulnerable to other governments like Russia, China, and even the likes of Iran and North Korea. They are also vulnerable to criminals both domestic and international. It even means that our systems are vulnerable to amateurs interested in celebrity sex tapes, gossip, and the like. It's gotten to the point where even some kid who wants to cyberstalk another kid can break into a surprising number of places.
All of this is the cost of the policy pursued by so many in the government of keeping our online systems vulnerable. And the big problem is it is an unacknowledged cost. It affects us all in ways we notice and ways we don't. Is the benefit really worth the cost? I don't think so. Reasonable people may disagree with me. But the big problem is that almost nobody knows that this tradeoff is being made on out behalf. So they don't even know that it is a question that needs to be investigated.
No comments:
Post a Comment