Missing Link: Knotty Privacy – Interview With Steven Bellovin
Steven Bellovin, Professor at Columbia’s University of Computer Science, on privacy and the revived fight about back-doors to encrypted traffic.
(Bild: pixabay.com)
Dies ist die englische Originalfassung eines Interviews mit Steven Bellovin – Missing Link: Vertrackte Vertraulichkeit – Steven Bellovin über Crypto Wars und Privatsphäre
Steven Bellovin has coded for NetBSD. He has created the Usenet, co-authored the first book about firewalls only to declare firewalls won’t save us five years later. That made him a frontrunner in the recommendation to put up monitoring at the endpoints, instead of adding boxes and firewalls for it in 1999. Teaching as Professor at Columbia’s University of Computer Science, awarded with a number of prizes, Bellovin came back to his former colleagues at the Internet Engineering Task Force for an invited talk at the meeting in Montreal (July 22-26) he sat down for a talk with heise on privacy and the revived fight about back-doors to encrypted traffic.
heise online: William Barr yesterday at cybersecurity conference in New York said, that that time was running out for Facebook Inc. and other technology companies to provide back-doors to law enforcement officials. Is this just another wave in the fight over encryption – we have seen several in the years before. Is this different?
(Bild: columbia.edu)
Steven Bellovin: It is partly another wave. But it is also reverting to an earlier phase of it with one significant change. For the last several years all we heard was about encrypted devices and Barr was talking about encrypted communication as well. And that is a very different problem. A much harder problem. Actually not solvable because of the diplomatic issues. If the United States has the keys well how can there not be keys for the Uk, our closest intelligence partner, the other five eyes countries, NATO, China, Russia, Israel, and so on and so on. And when you do it, which governments‘ key should a conversation be encrypted to, under what circumstances?
If the Chinese government comes to the US government and says, here is an encrypted conversation, please decrypt it for us. Is this really a terrorist that the US would like to see prosecuted or is it a Uighur from the Northwest? Or is it a democratic protester in Hong Kong? Or is it an American Business traveller? How do you know? How do you solve this diplomatic issue. I don‘t think this is solvable. If we are going back to communications then that is an escalation.
heise online: You spoke of another difference in Barr‘s comments...
Steven Bellovin: The other interesting statement that he made was basically boiled down to ‚your systems aren‘t that secure anyway, what does a little bit more insecurity matter?‘ Well this is one of the few mechanisms we have that really does work. Why do we want to weaken it? Especially when there is a threat of sophisticated threat from criminals. Most of them don‘t go after communications yet, but they will. 20 or so years ago, or a bit more, i was talking with someone who used to be a US Federal Narcotics prosecutor and her comment was that she was terrified of the clipperchip in those days.
Because she thought that the South American drug gangs had enough money and enough willingness to use violence so that they were going to be able to get into that database. That they would pressure law enforcement or they would bribe someone or extort something and they would get into this and it would be a huge vulnerability that they would be able to exploit. And these are the people you are really trying to get at, because these are your sophisticated high-end criminals. She was terrified of it. You would not think that a US assistant attorney would be one of the proponent of this scheme. And now we are coming back to that. We got security mechanisms sure. Most of the time the attackers are not trying to break the crypto, because they can‘t. But you get the sophisticated ones and maybe they can. Maybe the government of IRAN?
heise online: Each time these requests were made, they were pushed back. Do you expect a different result this time?
Steven Bellovin: I have a lousy track record as a prophet. I am not going to try to make predictions. Do i think that Barr‘s ideas are wrong? Yes, absolutely. Will I continue to oppose them? Yes absolutely. Who is going to win? It is not a fight that you win or lose for all time. You continue. We thought that the fight over crypto was settled in 2000 when the United State gave up on export congrol and gave up on key escrow. And ten years later the FBI complaining of goingdark. And a few years later encrypted Iphones brought it back and now it is a very hot issue again. It doesn’t go away. I would actually trace the fight over crypto back to the 1970es when there was a case when I think it was when Diffie and Hellman were going around speaking, an NSA employee supposedly on his own time, his own initiative sent a threatening letter that this talk was going to violate the export laws. There was a voluntary censorship program established by the NSA. That academics could if they wished submit their papers to it. It never got very far. There were few people who did. There were secrecy orders on patents. That was in the 1970s. It‘s not new. One side does not win for all times.
heise online: Is the question virulent becaue of the uncertainty about the current administration. From the outside it has been acting wild...
Steven Bellovin: From the inside, too. I think the antics of the current administration makes this an even more problematic time. But this is not a partisan issue. As i said it goes back to the 1970s. The letter i mentioned would be Gerald Ford. Secrecy orders under Jimmy Carter.
heise online: Clipperchip was Clinton...
Steven Bellovin: Clipperchip was Clinton. But it was developed in 1993, so it was under Bush or Reagan. We had all the FBI complaints under Obama. So it is not a partisan issue.
heise online: Was the rise of stronger encryption protocols like TLS 1.3 a trigger for the revival of the debate?
Steven Bellovin: I don‘t know. I suspect that it is not TLS 1.3. The US Government is not a monolithic entity. There was a comment made a US Senate hearing a few years ago that the NSA cares about communications, the local police cares about devices and the FBI cares about both.
So when Barr talks about communications he is talking about the FBI interests. I do not think it is specifically TLS 1.3. The NSA, they don’t like the crypto. But my own guess is that they don‘t think that any of the back-door solutions are going to solve their problems. Because their real targets are not goign to use this back-doored crypto. They try to look at the Russians, the Chinese, isis what have you. They are all to sophisticated and to aware to use US government endorsed crypto. So they have to be able to do their job without the benefit of this. If its exits they use it and they can use it, sure, they‘ll use it. But for the most part at this point, i don‘t think they rely on it.
heise online: What does Barr want?
Steven Bellovin: The assorted terrorist groups and assorted drug trafficers do use encrypted communication. The FBI sometimes can intercept this with wiretap court orders. He wants to be able to read these things. Just administratively he can#tt talk about the NSA. The NSA is in the defence department and that is not his bailiwick. Do they all talk, sure. My own personal guess based on no inside knowledge at all is that the NSA says, yeah would be nice to have, but they have to develop techniques to go around the crypto. Long time saying of mine, you don‘t go through strong security you go around it. That is why they like to hack into computers these days. There has also been very interesting news, like the new Cyber security directorate. You know the NSA traditionally had two operational directorates at the NSA...
heise online: Offensive and defensive...
Steven Bellovin: Signal intelligence and information assurance, beause those are the two missions of the NSA. Information assurance are the defensive side and they give us such things as Security Enhanced Linux, SE Linux, SHA256 which is best anyone can tell. Good solid stuff. The Sigint people like to spy on people that is their job. Every country has that. But the Cyber realm is different, because the same hole that you exploit, the opposition can exploit. As opposed to say Crypto – one party is using an encryption algorithm the other party tries to break it. You not all using the same algorithm. So there is no decision what do you do with it. The Cyber side is more integrated, so they set up a new directorate to try to integrate the offense and defense of computers in one spot. That will be interesting to see how this plays out. Because you now will not have defensive stuff coming out of ID anymore. It is going to come out of the cyber directorate and that has got two missions so it will have a much bigger question mark attached to it.
heise online: With the switch to more encryption through the protocol stack, starting from TLS 1.3, are we as users more secure today than, let’s say 20 years ago?
Steven Bellovin: You can‘t talk about security without saying who is the enemy. If you talk about an ordinary criminal or teenage hacker stealing your credit card numbers, TLS 1.3 does not matter. Because they don’t have the ability to break it. But they can do an SQL injection on the website or a cross-site-scripting attack or a phishing attack, going around the crypto. The important thing about TLS 1.3 is the mandatory perfect forward secrecy. And that is going to protect people more against intelligence agencies or possibly law enforcement. Because it means that if they recorded the conversation and then seize the computer or hack into a computer there is no keying material that is going to break it. And you know, intelligence agencies have learned: ‚keep everything‘. One of the interesting stories about that goes back during World War 2 the US allied with the Soviet Union was picking up encrypted Soviet communication from within the US, quite clearly Soviet espionage during he war against its ally. They recorded all this even though they could not break it and a few year later with project Venona they managed to break a lot of this stuff. So, we have 75 or 80 years of history of intelligence agencies ‚we keep everything, it might be useful in the future‘. Forward secrecy, that is not gonna help you. They might keep it anyway, but...
heise online: Would you say that is the reason that intelligence agencies fight for eTLS?
Steven Bellovin: There are also enterprises who don’t like it, because they think they have to watch their employee traffic. I understand their view. I think they are doing it wrong. I co-authored the first book on firewalls in 1994. By 1999 i realized that the firewall was not going to save us any more. There was too much connectivity by that point. So i said, put all of your policy enforcement at the end-point and use cryptography to distinguish inside from outside. So you put your intrusion detection you put your firewall policy on every computer so that your laptop sitting here is as much of the inside of your organization as if you would be sitting inside of your office. And that is the only way we can do this.
heise online: Lets look at a related topic, the triumphal march of https, the trend to go web for all things. Is Https the new TCP/IP? And what does it mean?
Steven Bellovin: There are two parts to that question. One is, http 10 year ago, people calling it the univeral solvent for firewalls. Because it looked like web and every firewall had to support web traffic. It was useful, it was standardized, but also broke certain kind of firewalls till they started go to the deep packet inspection. Which again is now why you want to put the enforcement at the endpoint where you see which application is trying to talk. That is one piece. Today given the threat model of open Wifi, because there are too many people using public WIFI which is good, but so trivial to intercept. This is a real world threat. You have to be able to encrypt this traffic.
heise online: Do you see downsides to the shift to https, for example with DNS over HTTPS? Is concentration an issue, as at least some implementations seem to involve considerable concentration of traffic in a few points?
Steven Bellovin: I do see that as a problem. I am not a fan over DNS over HTTPS or over TLS, partly because it creates this central point of failure. And whether it is intelligence agencies or law enforcement or just simple failures – that is regarded a serious risk. DNS is inherently not an end-to-end protocol. That makes confidentiality a very hard thing. What you‘re doing is you‘re shifting it. Let me give you an example. You sit in a hotel room and do a dns query for a porn site. The hotel knows know who is looking for the porn side because they run the local resolver. But their ISP does not. Or ordinary residents. The queries are coming out from this one IP address. The ISP does not know who in that residence is doing the DNS query. If it goes over https to a central point. That is identifying a computer not a residence. So in that sense it is more privacy violating.
And it is not end to end. If your threat model is law enforcement, they are going to get a warrent. With all due process and proper protections they get a warrant and go to DNS over TLS provider and say ‚give me that person’s traffic‘. So in that sense it is less privacy protecting. I don‘t really understand the threat model, unless they are trying to stick it to the NSA. And the NSA can also go to Cloudflare with a FISA Warrent. I think it is a security mechanism without a clear threat model.
heise online: And if you have a lot of traffic sitting in one place it makes it easier...
Steven Bellovin: Yeah. It makes a wonderful target. There is already DNS query data available. There was this story in the New Yorker about the Trump organization and Alpha Bank. Being published last fall, someone got a hold o DNS query data that was offered to researchers and looked at and found mysterious patterns of queries from the Trump organisation to Alpha Bank and so on. But that DNS query data was linked to the to the Trump Campaign. So some of that data is already out there and now you try to tie it more closely to an individual computers. I don‘t know that this is an advantage from a privacy perspective.
heise online: Is there a good solution for better privacy in the DNS?
Steven Bellovin: I would call that a research question, i don’t know.
heise online: You were invited to the IETF to talk about privacy. What is your message to developers?
Steven Bellovin: The privacy paradigm we are using world wide goes back more than 50 years, when a bunch of academics and lawyers started worrying about privacy and they were saying things we basically had forgotten for 50 years. They warned about aggregation of data, they warned about inferences, they warned about hackers, warned about multi-factor authentication, they warned about insiders, they warned about encryption. And the solution that was adopted basically boils down to notice and consent. A website tells you what they are going to do and their privayy policy and by using the website you are agreeing to it. The GDPR‘s got better enforement mechanisms. But until Facebook and Google and so on in Europe develop a different business model, it still boils down to notice and consent – and it doesn‘t work.
There are far too many parties out there. No one reads the privacy policies, and there are plenty of people collecting things that you dont get a chance to consent too. Or the Data Brokers like Equifax. There the EU does much better. So tremendous amount of data that is collected and notice and consent doesn’t work. And this has been the paradigm we have been following for about 50 years. So what do we do? And part of the answer is a research question. We need a new paradigm for privacy. The other part of it, until we come up with the research answer, is, i think, use controls rather than collection controls. Use controls have their own very large set of complicated issues. How do you define what a use is in ways that ordinary people are going to understand? What if people are not following the rules? If i change my mind now about a permission i granted 30 years ago. How do I make that known. In the US there are arguably constitutional restrictions to use controls. But the current mechanism is not working. And we have to stop pretending that it is. We have to find a better way. Use control is the best thing that is out there today. But it is not very good.
heise online: Having done it all, developing, researching, and also consulting in government during the Obama administration, where should we turn for privacy, to legislators, to activists and NGOs or to standards making bodies that could help us with privacy by design?
Steven Bellovin: There is no one answer. The internet is part of society. If we are going to have governments in our society – i think that governments general are a god thing to have. I look at those parts of the world that have no effective governments and i don’t find that attractive places to live. When you dont have governments you get warlords and thugs, because that is the only thing to provide physical protection. If the internet is part of society government is charged with regulating society. There are challenges because of the borderless nature of the internet. But i dont think one can or should try to exclude governments. By the same token governments need to understand this is way the technology really works. The last eight or so years a high percentage of my professional effort has been on the law and policy side. Yes, i am a a computer scientist professor and i have been programming for more than fifty fears, but i am also affiliate faculty at Columbia Law school now. Because i want to make ure that lawyers, and judges and legislators understand the technology and the technical implications and how the rules and policies for the older world doesn’t necessarily work for the internet because the inherent design of the internet. On the same token, the internet engineers need to accommodate government issues like privacy for example. When i think the technology gives one clear answer like on encryption, i am happy to say that to governments. When i think that there is a serious governmental interest like privacy i am happy to say this to the engineers of the world. (tiw)
