3 March 2020

If We Build It (They Will Break In)

By Susan Landau

Attorney General William Barr has staked his ground in the long-running debate over law enforcement access to encrypted communications. Last fall, Barr decried end-to-end encryption as “enabling dangerous criminals to cloak their communications and activities behind an essentially impenetrable digital shield.” As the debate continues, commentators and policymakers often overlook a historical example of the problems with law enforcement access.

Barr’s position is hardly novel. For more than two decades, law enforcement has argued that end-to-end encrypted communications present an extreme public safety risk and that tech companies must build in access in the form of some variation of escrowed keys, backdoors, front doors or exceptional access. During that time, many observers have argued that creating this access for law enforcement would decrease public security, not increase it. There’s a cautionary tale about wiretapping from the 1990s that has bearing on today’s encryption battles.


As new (primarily digital) telephone services emerged in the 1990s, old-style wiretapping couldn’t keep up. The old techniques weren’t equipped to handle new capabilities, such as call forwarding and other “advanced” features. Law enforcement was really worried. Then-FBI Director Louis Freeh called digital telephony “the number one law enforcement, public safety and national security issue facing us today.” After several years of pressing Congress—and an added sweetener for the telecom providers in the form of a half-billion in funds to the service providers for updating switches to accommodate the new requirements⁠—law enforcement got its way with the 1994 passage of the Communications Assistance for Law Enforcement Act (CALEA), which required service providers to build digitally switched telephone networks so that they were “wiretap enabled.” That meant that the phone switches, which connect telephone lines, were to be built in a way that enabled any call to have a silent third party—an eavesdropper—listening in. These “wiretap enabled” networks essentially put a security hole in the middle of a phone switch, creating serious risks. Although computer scientists raised that concern about the legislation, the law ultimately passed.

Nothing was simple about implementing CALEA. There were arguments over lots of different issues: how much surveillance capacity—both wiretaps and pen/traps metadata collection—had to be put into the switches; whether “post-cut-through-digits,” which have prompts that can vary from “press 1 to speak to a receptionist” to “please enter your credit card number now,” were considered content (and thus required a wiretap warrant in order to be collected); and whether location information should be included in information that the telephone companies provided law enforcement. And then there was a debate over funding—the half-billion dollars did not come close to covering the service providers’ expenses. Court battles over various aspects of CALEA implementation went on for more than a decade.

But fights over implementation were not CALEA’s most serious problem. Building a wiretapping interface for law enforcement into a telephone switch did, as predicted, enable others to listen in. The most well-known occurrence of this phenomenon is the Greek wiretapping case of 2004-2005. Unknown parties wiretapped the cellphones of 100 senior members of the Greek government for a period of 10 months using the law enforcement interface of an Ericsson phone switch built for Greek Telecom. The law enforcement wiretapping interface was built according to European Telecommunications Standards Institute (ETSI) specifications, which were modeled on the CALEA requirements. In another example, IBM researcher Tom Cross showed in 2010 that Cisco specifications for an IP network wiretapping architecture based on the ETSI standards had major security holes. Cross demonstrated that various service providers had implemented a flawed architecture and allowed unauthorized people to intercept communications.

Security problems were not limited to Europe. In 2011, Dickie George, the former technical director of the National Security Agency’s Information Assurance Division, told me that his agency had “found security problems with the CALEA-compliant implementation on every single switch submitted for testing.” In other words, required wiretapping capabilities built for law enforcement were insecure, and others, including nefarious actors, could potentially access them. And then, just this month, the Wall Street Journal reported that U.S. officials are now telling our allies that “Huawei Technologies Co. can covertly access mobile-phone networks around the world through ‘back doors’ designed for use by law enforcement.” Why were those backdoors put in? They are what is legally required by CALEA and the European laws based on the U.S. law.

Fast forward to today. Law enforcement’s line on encryption is that surely the smart people in Silicon Valley can figure out how to build systems that enable law enforcement, backed up with a court order, to access encrypted communications and encrypted data on phones. In reality, such surveillance systems are not easy to build—and not easy to build securely. If the CALEA story reveals anything, it shows that when companies build in backdoors, hackers, nation-states and criminals will come. That’s not the cybersecurity, national security or public safety solution we need.

No comments: