The NSA review panel says encryption back doors can't be exploited. Do we believe them?
The NSA's secret war on encryption has crypto experts up in arms, calling it a betrayal of the Internet and saying it weakens our security against foreign enemies. But Obama's NSA review panel, despite calling for an end to the anti-encryption campaign, says these weaknesses can't be exploited or discovered by outsiders.
Two of the most significant reforms recommended by the White House's 308-page review of NSA surveillance tactics published yesterday were that the agency discontinue its massive database of phone records, and that it refrain from deliberately weakening encryption standards and products. Last September, a joint investigation by ProPublica, the Guardian, and the New York Times found that the NSA has been conducting a secret campaign to undermine Internet security through a number of gambits, including installing "back doors" in commercial encryption software.
There's a lot that's troubling about the NSA's circumvention or dismantling of the encryption designed to protect our data. But what most worries crypto experts is the possibility that the NSA's back doors could be discovered and exploited by criminal hackers or foreign governments. In an open letter to the GCHQ, the NSA's analogue in the UK and its close collaborator, UK security researchers wrote, "We find it shocking that agencies of both the US and UK governments now stand accused of undermining the systems which protect us. By weakening all our security so that they can listen in to the communications of our enemies, they also weaken our security against our potential enemies."
President Obama's review board, however, in a bit of mealy-mouthed verbiage, severely downplays these concerns:
We are aware of recent allegations that the United States Government has intentionally introduced “backdoors” into commercially available software, enabling decryption of apparently secure software. We are also aware that some people have expressed concern that such “backdoors” could be discovered and used by criminal cartels and other governments, and hence that some commercially available software is not trustworthy today.
Upon review, however, we are unaware of any vulnerability created by the US Government in generally available commercial software that puts users at risk of criminal hackers or foreign governments decrypting their data. Moreover, it appears that in the vast majority of generally used, commercially available encryption software, there is no vulnerability, or "backdoor,” that makes it possible for the US Government or anyone else to achieve unauthorized access. So despite its strong recommendation against inserting back doors, the review panel assures us that only the NSA, not foreign spies or hackers, can exploit these weaknesses. It goes on to say that these weaknesses only exist in a small minority of commercial encryption tools. In other words: Move along, nothing to see here.
But crypto experts say the concerns can't be brushed off so lightly. Dr. Eerke Boiten, the Director of the Interdisciplinary Cyber Security Centre at the University of Kent, says, "The hedging matters. 'It appears' -- meaning this survey didn't have the time and/or expertise to establish with sufficient certainty. 'The vast majority' -- so a (possibly significant) minority of such software was confirmed to be compromised?"
There's also evidence to suggest these back doors are more widespread than the review board says they are. In one of the documents provided by Edward Snowden, the names of two compromised encryption chips were redacted by ProPublica, the New York Times, and the Guardian. When asked in a Reddit AMA why they were redacted, reporter and Snowden confidante Glenn Greenwald said,
There are hundreds of encryption standards compromised by the program the Guardian, NYT and PP all reported on. I have never seen any list of those standards and don't have it. If I did have it, I would publish it immediately. As a result, the reasoning went (as I understand it), publishing one or two examples would be unhelpful if not misleading as those are tiny fractions of the overall compromised standards.Even if the review board is right, and NSA-sponsored encryption weaknesses are rare and only exploitable by the agency itself, that they exist at all is a risk Boiten thinks we can't afford.
"It is no doubt true that the backdoors are massively easier to find by those who have put them in than by random expert strangers, but once they're there they can be found, and the knowledge of where they are needs to be extra protected -- a problem that wouldn't exist without the backdoors."
Yet as the past few months have shown, all the protection in the world may not be enough to protect these weaknesses from being exploited by outsiders.
"I think (back doors) would be generally hard to find, but their existence and precise nature appears to be an NSA secret, and NSA secrets appear to be less secret than they would like."