Windows users are also vulnerable to FREAK snooping attacks

The “FREAK” vulnerability that downgrades and weakens secure web connections doesn’t just affect Google and Apple users — according to a security advisory from Microsoft, all supported versions of Windows are vulnerable too.

FREAK (Factoring attack on RSA-EXPORT Keys) is a recently discovered hangover from the early 90s, when the U.S. government banned the export of most software that used strong encryption. The SSL web security protocol was for that reason built with a special mode that uses key lengths considered weak today. The law was changed but the weak cipher suites remain, and although most modern browsers are supposed to avoid them like the plague, a widespread bug means they don’t always do that.

The FREAK flaw allows “man-in-the-middle” snoopers to downgrade a session’s security to that mode – as long as the browser is vulnerable and the server accepts those weak old cipher suites — then crack the keys and spy away.

When the flaw was publicized earlier this week, it was Apple’s Safari browser and the stock Android browser that were on the firing line for being vulnerable, endangering those users who communicate with servers that accept “export-grade” encryption – apparently a whopping third of servers with browser-trusted certificates. But it turns out the list of affected browsers and systems is way longer than that.

The big one is Windows. In pretty much every version of Windows that’s out there, Internet Explorer and whatever else uses the Schannel security package are vulnerable to the FREAK attack.

In its advisory, Microsoft said:

We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

Per the researchers who brought this all to our attention, here’s the current list of browsers that need patching:

  • Internet Explorer
  • Chrome on OS X (patch available)
  • Chrome on Android
  • Safari on OS X (patch expected next week)
  • Safari on iOS (patch expected next week)
  • Stock Android browser
  • BlackBerry browser
  • Opera on OS X
  • Opera on Linux

As a Firefox user, I’m feeling slightly smug this week — the researchers’ FREAK test tool just gave my browser a clean bill of health, and told me my never-used IE installation is vulnerable. Not too smug though, given the impact on other Windows software.

Good thing the anti-strong-encryption nonsense that caused this mess is a relic of past decades, eh? Oh wait…

Defending encryption doesn’t mean opposing targeted surveillance

David Omand, the former head of British spy agency GCHQ, has made an extraordinary threat. Speaking earlier this week, he said that if companies such as Apple and Google don’t abandon their end-to-end encryption efforts, intelligence services will have to employ more “close access” surveillance on people they suspect of evil deeds.

This means physical observation, or bugging rooms, or hacking into phones and computers. According to Omand, such actions are “more targeted but in terms of intrusion into personal privacy – collateral intrusion into privacy – we are likely to end up in an ethically worse position than we were before.”

No, you’re not. Surreptitiously getting a key to a suspect’s communications is no more ethical than conducting close personal surveillance — but in the big picture, the latter is vastly preferable.

The ethics of spying

Targeted surveillance will always mean “collateral intrusion” into the privacy of people associated with a suspect, regardless of whether communications are read by having a master key or by hacking into client devices. Either way, communications with innocent people will probably be scooped up. When the master key mechanism means a weakening of security for the public at large, though, that option has the added downside of being dangerous and counterproductive.

Omand was spouting what is either a misinterpretation of the pro-end-to-end-encryption argument, or (more likely) a willful misdirection. His implication is that those who favor end-to-end encryption – which leaves your Apples and Googles without any keys to offer the spooks – are against the surveillance of people who want to blow things up.

That’s nonsense. I can’t speak for everyone, but I don’t personally fancy being murdered by terrorists, nor would I like anyone else to be. We do need to have intelligence services, and they do need to keep us safe.

However, strong encryption also keeps us safe from criminals and potentially foreign agents too (GCHQ and the NSA aren’t the only ones with mean hacking skills). Our ecommerce infrastructure wouldn’t work without it. A trustworthy internet will not work without it. The next-best alternative to end-to-end encryption is arguably the use of key escrow databases, which are inherently less secure. There’s a reason the U.S. government’s own cybersecurity department recommends people use end-to-end encryption.

That’s why we should ignore calls by Omand and David Cameron and Barack Obama and the EU’s counter-terrorism coordinator to abolish end-to-end encryption in communications tools, and why we should be deeply annoyed at the intelligence community’s surreptitious attempts to weaken encryption standards. Sure, security will always be an arms race — attackers make better attacks, so defenders make better defenses; rinse and repeat — but hyperconnected societies require state-of-the-art defenses for regular citizens.

The case for friction

There’s an added benefit to proper encryption technology, which may be the real reason spies and securocrats want it stamped out. Intelligence services can, to put it generously, get somewhat carried away, particularly when a framework such as the internet makes it so much easier and cheaper to spy on people’s communications than ever before, by encouraging everyone to live their lives on spy-friendly infrastructure.

This lack of friction makes mass surveillance relatively efficient and secretive, as there’s no need for a lumbering, conspicuous Stasi-like system (something that really had extra ethical downsides, creating a society based on mutual suspicion). When the secrecy associated with the agencies’ programs also leads to fewer judicial and political safeguards, an excess of efficiency may also encourage the overuse of targeted surveillance, because who would know?

In short, the internet’s opportunities for surveillance efficiency create the potential for intelligence agencies to become too powerful. End-to-end encryption adds friction and acts as a counterbalance. It doesn’t make targeted surveillance impossible – Omand himself noted that client device hacking and physical surveillance render encryption moot – but it does make it more resource-expensive, and therefore discourages its overuse.

We don’t want intelligence agencies to be unable to do their job. We do want them to focus more and even keep a more watchful eye on those who need watching — perhaps by diverting resources from mass surveillance efforts to targeted surveillance. We also want the necessary security underpinnings of our digital economy to be genuinely secure.

These things can and should coexist, and there’s no reason to inaccurately paint them as being in opposition. So, spies and law enforcement, please go right ahead and employ close access surveillance where it’s necessary. You have more support in that regard than you’re making out.

UK’s Cameron wants Obama to take his side in new crypto war

British Prime Minister David Cameron is reportedly set to ask President Barack Obama to apply pressure to U.S. tech firms that offer fully encrypted communications, to compel them to break the encryption to aid investigations.

Cameron said a few days ago that, if re-elected in May, he will “not allow modern forms of communication to be exempt from the ability, in extremis, with a warrant… to be exempt from being listened to.”

After people drew the logical conclusion that this meant banning communications that use strong, end-to-end encryption, Cameron’s office gave off-the-record briefings claiming he was misunderstood and would not ban encryption or encryption-using internet companies from plying their trade in the U.K., but that he was rather talking about using existing powers and getting communications providers to comply with existing laws.

Nice try. “Getting providers to comply” is in line with what British intelligence chiefs have been calling for – the backdooring of services such as [company]Facebook[/company]’s WhatsApp and devices such as [company]Apple[/company]’s iPhone, to which the companies themselves cannot currently hold the keys. If the companies are forced to do this, it still effectively amounts to banning proper strong encryption, because it would force the companies to abandon or break such technology. (And even if this happens, tools such as PGP that have no underlying company to serve with a warrant will still let people communicate in secret.)

But anyway, this much has been pointed out before — see the earlier crypto wars — and no doubt will again. So Cameron is in Washington on what was meant to be an electioneering “pose with Obama” trip, before its nature was altered by last week’s Paris attacks. According to reports in the Guardian and Wall Street Journal, Cameron wants Obama to “more publicly criticize” Facebook and the like for rendering court orders pointless.

The U.S. Department of Justice also wants backdoors, and it’s trying to use an 18th-century federal law called the All Writs Act to compel Apple to aid criminal investigations involving encrypted iPhones. At the same time, though, Obama is under pressure from the other side. Companies such as Facebook are furious that Edward Snowden’s revelations of NSA surveillance have damaged the image of U.S. tech firms in the eyes of the world and weakened internet security in general – hence the fact that WhatsApp now offers end-to-end encryption to users of its Android app.

According to the WSJ, in addition to urging Obama to pick sides, Cameron also wants companies such as Facebook to “proactively monitor their users to spot budding national security threats.”

The U.K. is already demanding that these companies store and offer up records of users’ communications metadata – a mass surveillance program covering who contacted whom and when, as opposed to the contents of communications that Cameron now wants for targeted investigations. This became part of British law (albeit only until the end of 2016) thanks to the “emergency” Data Retention and Investigatory Powers Act (DRIPA) that was rushed through in July 2014.

The Counter-Terrorism and Security Bill, which is currently going through the legislative process in Parliament, would also compel online communication service providers such as Facebook to keep data showing who used which IP address and at which point in time, so that the U.K. authorities can more accurately identify people who break the law online.