Download the letter in PDF format [here].

Investigations — Security through investigations, and security despite investigations

Security through encryption; no security without encryption

Recently the Council of the EU has published a resolution titled "Encryption — Security through encryption and security despite encryption". Beside the unsettling play with different interpretations of "Security", the resolution requires "Competent authorities must be able to access data in a lawful and targeted manner [..]". While not explicitly requiring backdoors or weakened encryption, the text suggests a so-called "middle ground" of reasonable secure information technology and investigative powers for encrypted content. This middle ground does not exist today and, most likely, cannot exist.

Strong cryptography, and in particular encryption, are key enablers of many services that are seen as essential in a modern, interconnected society. Strong encryption not only enables secure communication between individuals, public services, and companies, but also

• facilitates, e.g., investigative journalism,

• shelters whistleblowers,

• protects fundamental rights such as freedom of speech,

• safeguards critical infrastructures such as banks,

• supports military communication, and

• contributes to physical safety, e.g., in autonomous driving.

Last but not least, cryptography and trust in IT infrastructures are the basis of a continuous digitalisation and successful Digital Single Market. It is crucial to be cognisant that any attempt to weaken the security guarantees of encryption - even for a seemingly legitimate purpose - also puts many fundamental pillars of our society directly at risk.

In the following this letter gives some context, especially on the EU as pioneer in cybersecurity and data protection. It explains that cryptography is public knowledge and cannot be switched off and the consequences of this. Then it points out that Investigations need a strong legal and technical basis and what this means in the current context. As a roadmap towards a better capacity building for evidence in information and communication networks is not trivial, it delivers proposals to this aim.

The signatories of this letter are experts in various fields, ranging from cybersecurity over ethics and digital forensics to law; they plea for an open dialogue on these issues to preserve the EU's long tradition in data protection and cybersecurity.

Context – the EU as pioneer in cybersecurity and data protection

The EU and its Member States have been strong proponents of secure communication, underlining the importance of cryptography for the security of critical infrastructures and for the protection of fundamental freedom rights. Acknowledging the challenges for Law Enforcement Agencies (LEAs), this strong support of secure communication has been expressed, e.g., by the European Commission, ENISA, and EUROPOL. Also, the EU has a global pioneering role for strong data protection and Network and Information Security laws such as the GDPR and the NIS Directive.

Unfortunately, criminals see digital services as an opportunity; in fact, they are making use of digital services not only to support traditional crimes, but also commit digital crimes that would otherwise not exist. It is of vital interest for a functioning society to sanction criminal behaviour wherever it takes place. This creates the need of policing and investigation in the digital domain. Collecting evidence at the crime scene and observing suspects is part of this need. Observing telecommunication used to be easy in a time where a limited number of communication lines carried unencrypted information. This era ended with out-of-the-box encryption tools integrated into many communication applications and increasing connectivity. The Council’s resolution seems to envy easier times, aiming to mandate mechanisms that allow easier interception.

In this letter, we encourage policy makers and authorities in the EU to continue their support of strong cryptographic tools since these tools ensure basic rights and protect businesses from criminal activities.

Further, we propose to collaborate in a scientifically supported approach to evidence in modern communication networks.

Cryptography is public knowledge and cannot be switched off

Following Kerckhoffs’ principle, openness of the specification of cryptographic tools is an essential part for security and trust. Consequently, most schemes and many high-quality and easy-to-use implementations are public knowledge, directly rendering any attempt to restrict the use of these mechanisms futile.

Specifically, any mandated law enforcement access capabilities are easy to circumvent by reasonably tech-savvy criminals, while at the same time honest users are put at higher risks due to an increased attack surface. Already today security flaws in IT implementations are often used for so called low value high volume crimes such as wide spread ransomware or botnets.

Beside these direct effects, restricting the use of cryptographic tools has negative side effects, e.g., on the overall cybersecurity level and on business. Furthermore, evasive reactions of criminals can already be observed today. We refer to the appendix of this letter for examples.

Investigations need a strong legal and technical basis

In states with the rule of law, it is essential, that law enforcers’ activities and powers cannot be misused. In the digital sphere this is not trivial.

Lawful access to personal computing devices and private electronic communication for LEAs needs the same level of protection as traditionally provided to the private home, personal notes and letters. Certain freedom rights need to be preserved in cyberspace to the same extent as we know from the brick-and-mortar world. Most notably this includes limits of use of evidence such as attorney client privilege, medical confidentiality, sacramental seal, the right to remain silent (to prevent self-incrimination).

Moreover judicial control of each data access needs to be ensured, and misuse needs to be prevented. In case of digital "surveillance" this might be much harder than in a physical world, as the chance of undetected/undetectable data access is much higher. Hence misuse by criminals, foreign intelligence services or rogue insiders is easier. This threat is real as for example the recent cases of blackmail to German politicians show.

Roadmap towards a better capacity building for evidence in information and communication networks

While we acknowledge that end-to-end encryption poses challenges to investigators, we would like to stress that "Security despite encryption" is a deceptive notion. A "balance" between information security and ease for lawful investigative access does not exist.

The signatories of this letter are well aware of the high responsibility that European policy makers have, and the many different interests and challenges that need to be considered in any decision making process. In order to support these efforts, this letter aims to reach out and propose a coordinated research effort to build the expertise and tools for LEAs in the digital domain.

For any activity going forward, open and unbiased discussions need to take place between policy makers, LEAs, academic experts – including but not limited to the fields of cybersecurity, digital forensics, fundamental rights, ethics, or procedural law – and representatives of the general public at least during the following phases.

Requirements elicitation. An in-depth requirements elicitation needs to take place, to identify what is really needed and what the typical problems of LEAs in the digital space are, in order to ensure that any developed solution provides the required features without introducing excessive surveillance capabilities. Also, requirements regarding authenticity and legality of evidence need to be identified.

Technological solution space. Besides the development of technological solutions, also their potential risks to cybersecurity in general need to be continuously evaluated, in order to minimise unintended negative side effects. Furthermore, objective parameters such as costs or scalability need to be considered.

Comprehensive assessment. Before deploying any solution a detailed technical, legal, and ethical evaluation is required, to assess the potential consequences of its deployment and use.

In order to prevent damage to related fundamental rights, applicable law, authenticity of evidence, or even cybersecurity in general, for every potential approach an ethical and societal impact assessment is needed. This assessment needs to be open-ended and might lead to abandoning the developed solution.

Signatories

Signatories of this letter act in their own capacity, institutions are merely for identification

Appendix

Strong Network Information Security is a market advantage

The USA have a long history of regulating the export of strong encryption tools. However, this gradually changed trough the Clinton administration. Most notably due to the increasing realisation, that not-US-based companies were gaining disproportionally high market shares in cybersecurity.

To which end this market imbalance disappeared due to deregulation is not easy to answer; however, it is to expect that asymmetrically stricter regulations may again lead to a loss of market shares for businesses in those jurisdictions where restrictions become stricter.

Past issues with lawful interception support in technologies

Initiatives for lawful interception are not new, and discussions have been going on at least since the 1990s. The different proposed and partially also implemented regulations included at least mechanisms for key recovery, key escrow, limitation of legitimate key lengths, and intentional vulnerabilities.

As example, one should consider former US export regulations, limiting the key size for exported cryptography were eventually lifted in the late 1990s. However, the so-called FREAK attack still allowed to force communication partners down to (then fully insecure) export grade encryption on many platforms in 2015, demonstrating the risk of unintended long-term consequences on national cybersecurity in general. As another prominent example is the projected Clipper Chip, for which early after its deployment it was shown how to circumvent the interception capabilities of LEAs while still adhering to legal interoperability requirements.

Having these examples in mind, we want to stress that any approach to introduce interception capabilities comes with major risks—access to escrow keys might be accessed for unauthorised purposes, back doors and vulnerabilities give rise to a grey/black market, and closing legacy vulnerabilities and fading out deployed cryptographic mechanisms is a process that can take many years to decades, during which they may still be misused by criminal organisations or foreign intelligence services. Furthermore, it proved challenging to impossible to prevent criminals to circumvent the techniques.

Criminals react already by using public short-lived unencrypted channels

In addition to the above listing of risks and costs of weakening secure end-to-end communication, the benefits might be smaller than expected. Criminals will use just another layer of encryption or even steganography to hide their communication. Even if this use of nested protection would be sanctioned, evidence for nested encryption will only be found during investigation, hence such a ban is hard to enforce. Initially that might not be a solution to all kinds of criminals but the most tech-savvy, but at the end of the day secure communication will be just another type of crime as a service in the internet. Moreover, we already observe a move to more ephemeral communication channels, i.e., criminals communicate unencrypted and in the public on ad hoc platforms such as online games.