Compromised Trust

I remember back in the 90’s and early 2000’s when people all over the world were asking themselves if it was “safe” to put their credit card number on this internet thing. A few years later, this fear was forgotten. Now it has returned, as people are understanding how the fundamental technologies and most trusted names of the internet have been compromised for the sake of unlimited surveillance.

Last week’s Guardian disclosure that the NSA has broken internet encryption should not come as a surprise. We have a few academic experts like Bruce Schneier who speak publicly about these issues. In contrast, the NSA has budgets and personnel that outstrip anything in the public cryptography space. According to Schneier:

It’s very probable that the NSA has newer techniques that remain undiscovered in academia.

In spite of this, Schneier and others are advocating that people rely on encryption to stay ahead of this pervasive spying. I would say that is next to worthless, except in the short run, The NSA documents on the “Bullrun” program suggest they had a major breakthrough around 2010:

Cryptanalytic capabilities are now coming on line. Vast amounts of encrypted internet data which have up till now been discarded are now exploitable.

There have been a few cryptographic standards in use on the internet – DES, md5, AES. But basically, people use AES, for internet security, and it was widely adopted after the US government (the NSA, of course) recommended it for securing top secret government information. Just looking at the timeline, it is very likely that AES has been compromised by either brute force, or new mathematical algorithms that render most people’s assumptions about how hard it is to crack meaningless. Even the wikipedia article on AES refers to several attacks that have been public for years. It is highly likely that the NSA is far ahead of the public on this.

That still doesn’t mean that breaking into encrypted data is going to be computationally easy. It still might be an easier, more scalable route to compromise Certificate Authorities, put backdoors into hardware and basic operating systems- anything to grab the data before it is encrypted. Regardless of whether or not the NSA has broken AES, these other techniques may be easier.

So who can you trust? Open source is the best bet. If it’s open source, then everybody gets to look at it. Programmers all over the world can independently evaluate the source code, and presumably discover any backdoors or built-in compromises to security. But unfortunately, the problem goes deeper – you can’t really trust your hardware either. This post by Steve Blank discusses how the NSA has likely compromised intel hardware.

If the basic hardware that we all use is compromised, it would be easy to insert a keylogger at a level that is not detectable to the operating system, and send it out under the guise of the computer communicating with a server in the process of updating the cpu microcode. I’m sure there are diligent engineers clocking hours on wireshark right now trying to determine if and when suspicious information is leaving the computer.

We’ll get to the bottom of this. But it needs to happen now. It’s very important to understand that whatever the motives of the NSA and the current administration, these can change. Also, other intelligence agencies around the world can’t be far behind. What happens when governments with less noble intentions have this same kind of capability? We will need both legal and technological solutions on a global scale.

Our basic trust has been compromised, and it would be a sad thing, and an economic catastrophe, if we were to go back to the days where people feel they can’t trust this internet thing with their credit card information.

 

Leave a Reply

Your email address will not be published. Required fields are marked *