Opportunistic Encryption to Combat Dragnet Surveillance

Posted June 29, 2013 in crypto https

The world is in shock and anger over recent revelations that NSA and GCHQ are conducting suspiciounless spying on every human with an internet or phone network connection. One of the ways they’re spying on the entire internet is by tapping the underwater fiber-optic cables that connect the continents and parsing and logging the firehose of packets as they fly by.

If we want to keep what we do on the internet private, a good way to do that is to encrypt as much of our internet traffic as possible. End-to-end encryption is hard to do right for end users because identity verification is really, really hard to scale. It’s not practical for everyone who wants to visit an HTTPS website to meet in person and read out SHA1 fingerprints for SSL certs.

The only real-world scalable identity verification system in widespread use right now is the collection of browser-trusted certificate authorities and their intermediaries. But it suffers from the problem where individuals and organizations without much power or money cannot compromise it’s security, but powerful organizations like NSA and GCHQ can easily compromise it to mount man-in-the-middle attacks.

However, I think global adversaries like NSA and GCHQ are hesitant to mount dragnet active attacks against HTTPS certificates because they run the very real risk of getting caught. If you run HTTPS Everywhere and opt-in to the decentralized SSL Observatory, your browser will warn you when the Observatory has detected a known malicious certificate (admittedly we don’t know of many malicious certs yet, but the more users we get the more likely we’ll spot attacks in the wild and can warn other about them). If you use Chrome it’s certificate pinning feature will also warn you about attacks against Google SSL certs. There are other tools out there too that make this detection possible.

If NSA and GCHQ want to eavesdrop on encrypted communications, even ones that they can easily MITM without being detected, they have to do active attacks. It can’t just be passive eavesdropping, it has to actually be modifying traffic in transit and serving malicious public keys. If they start doing dragnet active MITM attacks on large swaths of the internet they will get caught, and it will be a worse public relations and diplomatic nightmare than they’re already facing. There would be no sensible way to claim that the US wasn’t “hacking the Chinese” or, for that matter, hacking the Germans, the Brazilians, the Israelis, the Australians, the Tunisians, the Mexicans, and everyone else in the world.

But right now the web, and many other services on the internet, are still largely unencrypted. We need to fix this.

Wouldn’t it be great if every single HTTP request had automatic, opportunistic end-to-end encryption between the browser and the server? Anyone could MITM it, but at least they would be forced to do an active attack. If just a small percentage of people manually verify crypto keys, active attacks run the risk of getting caught.

Why stop at HTTP requests? Wouldn’t it be great if all TCP connections had automatic opportunistic encryption? Obviously these are enormous engineering projects that will completely break lots of technologies that people rely on, like intrusion detection systems. But I think it would be a big step in the right direction to make the internet secure from spy agencies.

It’s time we encrypt all the things.