In 2018, the Australian government enacted a new law aimed at accessing the content of encrypted communication among its citizens. More precisely, the law mandated that communication companies and application developers create a technical function (backdoor) that would allow for law enforcement to access content of end-to-end encrypted messages.
Echoing this relatively new legislative landmark in Australia, two senior officials from the Government Communication Headquarter (GCHQ) in the United Kingdom have publicly proposed an alternative option in 2019: A ghost protocol on every end-to-end encrypted message. In other words, it proposed to deploy a program that would “blind copy” the government on all encrypted messages.
These bold and unprecedented steps have been implemented to address a significant challenge in terms of electronic surveillance: Encrypted communication leaves them in the dark when comes the time to monitor persons of interest or discover possible plots.
According to the Federal Bureau of Investigation, the expression “Going Dark” refers to “digital communication that cannot be monitored because of strong encryption. Mobile apps that use end-to-end encryption (E2EE) are designed to protect data at rest and in motion and keep the end user's text messages, emails, and video chats private and secure.” This situation poses two specific sets of challenges for government agencies:
- First, communication—phone calls, emails, and live chat sessions—done through encrypted platforms prevent the interception of “data in motion,” in this case, the content of the message.
- Second, encrypted devices prevent the access to “data at rest,” in this case, the content of messages stored in a smartphone, for example.
To address the challenges of going dark, law enforcement can explore at least four options that can help to circumvent the encryption of communication in order to conduct effective electronic surveillance operations.
The backdoor option is the one the Australian government has chosen to implement in 2018. The catch is that backdoor creates a security vulnerability by weakening encryption and making it exploitable by malicious actors. In other words, it may create more problems than solutions. In the United States in 1994, the government enacted the Communications Assistance for Law Enforcement Act (CALEA), which requires that telecommunications carriers and manufacturers modify and design their equipment, facilities, and services to ensure that they have built-in capabilities for targeted surveillance by law enforcement agencies. However, thousands of companies, devices, and software currently escape CALEA. Some industry experts are advocating for the revamping of CALEA to allow the deployment of programs that would not degrade encryption, but would allow law enforcement agencies to intercept and access both encrypted data in motion and at rest.
2. Brute Force Attacks
Another option that law enforcement agencies can use is a brute force attack. This consists of an “attacker” submitting many passwords or passphrases with the hopes of eventually guessing correctly. However, it is important to mention that many devices and software are set in ways that the encryption key is erased if someone makes too many attempts to break the password, ensuring no one can access that data. Moreover, modern algorithms with suitable key lengths (e.g. AES-128, RSA-2048, ECDSA-256, etc.) are not vulnerable to brute force attacks.
3. Decryption Through Quantum Computing
A third option emerges from advanced computing. Quantum computers could spur the development of new breakthroughs in cybersecurity and encryption. For instance, current asymmetric algorithms like RSA and ECDSA will be rendered essentially useless once quantum computers reach a certain scale. However, symmetric algorithms used for encryption, like AES, are still thought to be safe (with sufficient key length—e.g., AES-256 or larger). Another limitation is the fact that quantum computers have only been tested at small scale, as proof of concept and pilots. Larger deployment and usage is not for tomorrow, and therefore does not constitute an immediate solution for law enforcement agencies.
4. Traffic Analysis
Traffic analysis is used in cybersecurity to detect malicious activities within a network. Here, the idea is to make sense of communication patterns (frequency, direction, size, location, etc.) through the analysis of metadata associated with encrypted communication. Every network transaction, even those that are encrypted, has data that describes it (metadata): originating IP address, destination IP address, the network protocol being used (HTTPS), the number of packets sent, and the byte count, among potentially hundreds of other attributes.
This metadata can be used and turned into relevant intelligence that would allow law enforcement agencies to decipher patterns of behavior, similar to how cryptologists interpret communication signals. For instance:
- Frequent communication can denote a planning phase.
- Rapid or short communication can be interpreted as negotiations.
- A lack of communication can indicate a lack of activity, or completion of a finalized plan.
- Frequent communication to specific individuals from a central individual can highlight a chain of command. Who talks to whom can indicate which individuals are “in charge” of a particular network. This further implies something about the role associated with each individual.
- Who talks when can indicate which individuals are active in connection with events, which implies something about the information being passed, and perhaps something about the personnel/access of those associated with some key individuals involved in the communication.
- Who changes from communication medium to medium can indicate fear of interception.
If the analysis of such intelligence demonstrates probable cause for search and seizure, law enforcement and intelligence agencies could get a warrant from a proper court (Foreign Intelligence Surveillance Court or Criminal Courts) and intercept the content of encrypted data in motion or access encrypted data at rest stored in the devices of persons of interests.
Where This Leaves Us
The massive interception of and access to encrypted message content not only represents concerns for privacy, but also could potentially generate a massive information-overload problem for law enforcement and intelligence agencies. Just imagine the sheer quantity of unstructured content included in the 274 billion encrypted messages sent every day: texts, videos and photos. It would create a nightmare in terms of analytical processes.
So, what does all this mean looking forward?
To think that collecting more data would allow security agencies to unveil invisible plots is unrealistic—technology is not a crystal ball. Instead, government agencies should focus on getting more ingenious with the design of analytical methods involving big data, which they already have access to (including metadata from encrypted communication). Additionally, law enforcement and intelligence agencies should focus on investing in a talented workforce (intelligence analysts, data scientists), which would leave them far better off than spending the money on technological solutions that only deliver half of what is usually promised.