‘Breaking encryption is like trying to solve one problem by creating 1,000 more.’ Noelle de Guzman, Senior Policy Advisor in Asia-Pacific for US-based NGO Internet Society, is unambiguous on encryption and traceability in the Indian context. While India has proposed changes to the ‘Intermediary Guidelines’ in 2018, which add a traceability clause for messages, cyber-security experts are still skeptical about the changes, which are yet to be finalised.
The Internet Society’s new paper on ‘Traceability and Cybersecurity’ tries to answer whether it is possible to ensure ‘traceability’ without compromising user privacy and examines some of the possible methods, especially in relation to apps like WhatsApp. The Ministry of Electronics and Information Technology’s (MeITY) proposed a change to ‘Intermediary Rules’ is expected to impact apps like WhatsApp, Signal, Telegram and Wire that thrive on their end-to-end encryption capabilities.
In an email interview with indianexpress.com, Noelle de Guzman explained the challenges and risks around breaking this end-to-end encryption. Edited excerpts from the interaction.
Is traceability actually possible despite end-to-end encrypted apps like WhatsApp without compromising user protection?
Experts had significant concerns around the two technical methods often proposed to enable traceability: the use of digital signatures and the use of metadata. These methods were cited as threats to the privacy and security of users, and their ability to achieve traceability is not clear.
Instead, platforms could be forced to use methods to allow third parties to access the content of communications to comply with traceability requirements – drastically weakening the security and privacy of end-to-end encrypted communications which are fundamental to the protection of Internet users.
What are the risks associated with digital signature methods?
Digital signatures are vulnerable to impersonation, so there is concern that innocent users may be implicated in illegal conduct by cyber criminals that impersonate digital signatures. Experts doubted that digital signatures could be reliably used to attribute a message to its true originator – and achieve traceability.
Digital signatures are also a valuable target for criminals. If the digital signature system was compromised, criminals would have the potential to see when a particular user is sending a message – by receiving and decrypting the originator information. You could envision a scenario where criminals implicate public figures in the sending of illegal content and tailor their impersonation based on the victim’s use pattern of the service.
What are the shortfalls of sharing metadata to enforce traceability?
Digital attribution (or traceability) is not absolute, particularly through metadata, making criminal liability hard to establish. It is difficult to tie a user to a message, and criminals could use spoofed metadata to implicate innocent users when sending illegal content. This makes the use of metadata for traceability less useful.
Metadata retained to try to enable traceability is also a valuable target for bad actors. Criminals and foreign adversaries could use the stored metadata to develop social graphs of users or gather information that could enable attacks such as extortion, social engineering, or blackmail. Social graphs could also expose sensitive details of government and elected officials, journalists, activists, lawyers, and dissidents.
What are the major risks when it comes to breaking end-to-end encryption?
Breaking encryption is like trying to solve one problem by creating 1,000 more. The primary risk in breaking end-to-end encryption to access unencrypted data of anyone user is that it puts everyone on that service at risk. If the access method is abused by an employee, leaked, or discovered by bad actors, it can be used to access the data of everyone, undermining security for all. That’s why end-to-end encryption is so critical — according to technical experts there is no known way to provide targeted access without undermining security for all.
Authorities also argue that end-to-end encryption is interfering with their investigations. Is there any alternative for them to get the information without breaking encryption? Is that technically possible?
Law enforcement agencies around the world have found creative alternatives to get the information they need without needing to break end-to-end encryption. One method is using classic police work, like turning a key informant. In the investigation into the Mexican drug cartel boss El Chapo, law enforcement convinced the cartel’s IT director to help them gain access to the cartel’s encrypted communications. Through the informant’s cooperation, investigators received access to hundreds of encrypted calls among the crime syndicate.
Another is exploiting existing security vulnerabilities, or government hacking, to get access to encrypted communications. This can be very effective, like in the Encrochat case in Europe, where law enforcement was able to hack an encrypted phone network and make over 800 arrests related to organised crime. However, government hacking is still dangerous, as vulnerabilities could go unpatched and hacking tools can be stolen or escape into the wild. For example, the Petya/NotPetya ransomware was based on Eternal Blue, a US government hacking tool that became public.
Government hacking could have unintended consequences, undermining the confidentiality of the information being transmitted, and the trust that users have in the digital tools and services that they use. Encryption is central to trust and confidentiality, and for India, its efforts to transform into a digitally powered nation and society.
The Indian government should take a multi-stakeholder and whole-of-government approach to the issues at hand, to have a better understanding of what’s at stake relative to the threats that they think these proposals will help solve, and to come up with ways to effectively address the root causes behind these issues (misinformation, for instance, can be successfully countered with education, as in the Finland example).
Recently in India, private WhatsApp messages were leaked…
This definitely made headlines, but was not the result of an inherent weakness in WhatsApp or tools that can extract data from that service. Users have the option to store their message history on their local device or on cloud services in unencrypted form, where it is vulnerable to hacking just like any other data. To avoid this risk, users can choose not to store their message history, or store it in encrypted form, where even if it is breached it will be unintelligible. Also, as with any service, it is important for users to guard their credentials closely, since if someone gets the user’s credentials, they can access the user’s data directly.
Third-party access is often given to enable traceability. What are the repercussions of this?
Just as in breaking end-to-end encryption, the repercussions of access for traceability are the risks associated with exposing everyone on the service. Regardless of the technical method used, and the procedural controls surrounding its use, if that method is abused, leaked, or discovered, it can be used by bad actors to trace the communications of all users on that service, undermining the security for everyone.
Current mechanisms to intercept or monitor communications in India lack transparency and sufficient oversight when used (and their effectiveness has been poorly evaluated) — this is not a good precursor for expanding those powers to encrypted services that hundreds of millions of Indian citizens now rely on.
Isn’t client-side scanning a safe means of ensuring traceability?
While client-side scanning – which creates a “hash” of unencrypted content and compares it to known objectionable material – seems like a reasonable approach, it too has risks. In most cases, the hashes are sent to a central database for comparison. This is subject to hacking, where a bad actor could modify the database (for example by adding digital fingerprints) to flag material outside the scope of the government’s stated interest. This would allow them to track to whom, when, and where certain content was communicated. These fingerprints could include commonly used passwords or other information to enable attacks such as social engineering, extortion, or blackmail.
Additionally, in some client-side scanning proposals, an unencrypted version of flagged material is sent for human examination, increasing the risk of abuse or misinterpretation.
Whoever controls or has access to the database (which may include the platform/service provider itself) can also use it to screen for and gather any content of interest, such as information for advertising. Bad actors, including hostile governments, could block users from sending specific content, preventing legitimate content from being shared, and potentially impeding the communications of law enforcement, emergency response, and national security personnel.
Finally, client-side scanning is not a “silver bullet” – sophisticated criminals can manipulate content to change the digital fingerprint and avoid detection, while others can just switch to other services that don’t use client-side scanning to avoid getting caught.