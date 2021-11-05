from the not-an-actual-SCIF-in-any-case dept.
The cryptographer who blogs under the pseudonym Soatok has written an in depth discussion of the practical limitations of End-to-End Encryption on his blog. For some things, such as planning military strikes, Sensitive Compartmented Information Facility (SCIFs) are the right tool for the job, while smartphone apps of any stripe are not.
In the aftermath of this glorious fuck-up by the Trump administration, I have observed many poorly informed hot takes. Some of these were funny, but others are dangerous: they were trying to promote technologies that claim to be Signal alternatives, as if this whole story was somehow a failure of Signal’s security posture.
Not to put too fine a point on it: Switching to Threema or PGP would not have made a lick of difference. Switching to Matrix would have only helped if you consider “unable to decrypt message” helping.
To understand why, you need a clear understanding of what end-to-end encryption is, what it does, what it protects against, and what it doesn’t protect againt.
His prediction is that the White House will lash out at both The Atlantic and at Signal to distract from the catastrophic procedural failure which the administration demonstrated through this incident. He also observed that adding a journalist to the chat group would provide a good distraction from possibly compromised smartphones, devices which are notoriously insecure even when the stakes are much lower.
Previously:
(2025) Apple Pulls End-to-End Encryption From UK Rather Than Provide Government a Backdoor
(2024) U.S. Officials Urge Americans to Use Encrypted Apps Amid Unprecedented Cyberattack
(2024) Here's the Paper No One Read Before Declaring the Demise of Modern Cryptography
(2024) How I Got a Truly Anonymous Signal Account
Related Stories
How I Got a Truly Anonymous Signal Account
https://theintercept.com/2024/07/16/signal-app-privacy-phone-number/
The messaging app Signal is described by security professionals as utilizing the gold standard of cryptography. Unlike many competitors, its default is end-to-end encryption — and on top of that, the app minimizes the amount of information it stores about users. This makes it a powerful communication tool for those seeking a private and secure means of chatting, whether it's journalists and their sources, activists and human rights defenders, or just ordinary people who want to evade the rampant data-mining of Big Tech platforms.
Signal continues to introduce privacy-enhancing features such as usernames that can be used in lieu of phone numbers to chat with others — preventing others from finding you by searching for your phone number. But the app still requires users to provide a working phone number to be able to sign up in the first place.
For privacy-conscious individuals, this can be a problem.
In response to subpoena requests, Signal can reveal phone numbers. Relying on phone numbers has also led to security and account takeover incidents. Not to mention that the phone number requirement costs Signal more than $6 million annually to implement.
Signal insists on its site that phone numbers are a requirement for contact discovery and to stymie spam. (Signal did not respond to a request for comment). Other encrypted messaging platforms such as Session and Wire do not require phone numbers.
There are some ways around Signal's phone number policy that involve obtaining a secondary number, such as using temporary SIM cards, virtual eSIMs, or virtual numbers. But these approaches involve jumping through hoops to set up anonymous payment measures to procure the secondary numbers. And sometimes they don't work at all (that was my experience when I tried using a Google Voice number to sign up for Signal).
I wanted a way to get a Signal account without leaving any sort of payment trail — a free and anonymous alternative. And thus began my long and tedious journey of registering Signal with a pay phone.
The advance was incremental at best. So why did so many think it was a breakthrough?
There's little doubt that some of the most important pillars of modern cryptography will tumble spectacularly once quantum computing, now in its infancy, matures sufficiently. Some experts say that could be in the next couple decades. Others say it could take longer. No one knows.
The uncertainty leaves a giant vacuum that can be filled with alarmist pronouncements that the world is close to seeing the downfall of cryptography as we know it. The false pronouncements can take on a life of their own as they're repeated by marketers looking to peddle post-quantum cryptography snake oil and journalists tricked into thinking the findings are real. And a new episode of exaggerated research has been playing out for the past few weeks.
The last time the PQC—short for post-quantum cryptography—hype train gained this much traction was in early 2023, when scientists presented findings that claimed, at long last, to put the quantum-enabled cracking of the widely used RSA encryption scheme within reach. The claims were repeated over and over, just as claims about research released in September have for the past three weeks.
A few weeks after the 2023 paper came to light, a more mundane truth emerged that had escaped the notice of all those claiming the research represented the imminent demise of RSA—the research relied on Schnorr's algorithm (not to be confused with Shor's algorithm). The algorithm, based on 2021 analysis of cryptographer Peter Schnorr, had been widely debunked two years earlier. Specifically, critics said, there was no evidence supporting the authors' claims of Schnorr's algorithm achieving polynomial time, as opposed to the glacial pace of subexponential time achieved with classical algorithms.
Once it became well-known that the validity of the 2023 paper rested solely on Schnorr's algorithm, that research was also debunked.
Three weeks ago, panic erupted again when the South China Morning Post reported that scientists in that country had discovered a "breakthrough" in quantum computing attacks that posed a "real and substantial threat" to "military-grade encryption." The news outlet quoted paper co-author Wang Chao of Shanghai University as saying, "This is the first time that a real quantum computer has posed a real and substantial threat to multiple full-scale SPN [substitution–permutation networks] structured algorithms in use today."
Among the many problems with the article was its failure to link to the paper—reportedly published in September in the Chinese-language academic publication Chinese Journal of Computers—at all. Citing Wang, the paper said that the paper wasn't being published for the time being "due to the sensitivity of the topic." Since then, the South China Morning Post article has been quietly revised to remove the "military-grade encryption" reference.
With no original paper to reference, many news outlets searched the Chinese Journal of Computers for similar research and came up with this paper. It wasn't published in September, as the news article reported, but it was written by the same researchers and referenced the "D-Wave Advantage"—a type of quantum computer sold by Canada-based D-Wave Quantum Systems—in the title.
Some of the follow-on articles bought the misinformation hook, line, and sinker, repeating incorrectly that the fall of RSA was upon us. People got that idea because the May paper claimed to have used a D-Wave system to factor a 50-bit RSA integer. Other publications correctly debunked the claims in the South China Morning Post but mistakenly cited the May paper and noted the inconsistencies between what it claimed and what the news outlet reported.
FBI and CISA officials said it was impossible to predict when the telecommunications companies would be fully safe from interlopers:
Amid an unprecedented cyberattack on telecommunications companies such as AT&T and Verizon, U.S. officials have recommended that Americans use encrypted messaging apps to ensure their communications stay hidden from foreign hackers.
The hacking campaign, nicknamed Salt Typhoon by Microsoft, is one of the largest intelligence compromises in U.S. history, and it has not yet been fully remediated. Officials on a news call Tuesday refused to set a timetable for declaring the country's telecommunications systems free of interlopers. Officials had told NBC News that China hacked AT&T, Verizon and Lumen Technologies to spy on customers.
A spokesperson for the Chinese Embassy in Washington did not immediately respond to a request for comment.
In the call Tuesday, two officials — a senior FBI official who asked not to be named and Jeff Greene, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency — both recommended using encrypted messaging apps to Americans who want to minimize the chances of China's intercepting their communications.
"Our suggestion, what we have told folks internally, is not new here: Encryption is your friend, whether it's on text messaging or if you have the capacity to use encrypted voice communication. Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible," Greene said.
The FBI official said, "People looking to further protect their mobile device communications would benefit from considering using a cellphone that automatically receives timely operating system updates, responsibly managed encryption and phishing resistant" multi-factor authentication for email, social media and collaboration tool accounts.
The scope of the telecom compromise is so significant, Greene said, that it was "impossible" for the agencies "to predict a time frame on when we'll have full eviction."
[...] The FBI and other federal law enforcement agencies have a complicated relationship with encryption technology, historically advocating against full end-to-end encryption that does not allow law enforcement access to digital material even with warrants. But the FBI has also supported forms of encryption that do allow some law enforcement access in certain circumstances.
[...] In a statement to NBC News, Ron Wyden, D-Ore, one of the Senate's fiercest privacy advocates, criticized America's reliance on CALEA as it leaves such sensitive information unencrypted.
"Whether it's AT&T, Verizon, or Microsoft and Google, when those companies are inevitably hacked, China and other adversaries can steal those communications," he said.
Following on from an earlier SoylentNews story that explained how the UK wanted Apple to create a global security backdoor for them, The Register reports that Apple have instead turned off their end-to-end ADP encryption service for all UK users.
"Apple can no longer offer Advanced Data Protection (ADP) in the United Kingdom to new users and current UK users will eventually need to disable this security feature," Apple said.
"We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy," Apple said. "Enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before."
The article explains that a few Apple services will still remain end-to-end encrypted (presumably those outside of the scope of the UK's request?). For now though it will be interesting to see whether the UK's Security services maintain their demand and keep all of their citizens unsafe or whether they'll back down.
