A heightened interest in the subject of personal communications security is quite understandable in the light of some of the U.S. federal government’s more unfortunate responses to the Sept. 11 attacks. And while we are more interested in discussing the technological implications than the political, we do question both the utility and motivation behind the attempts to violate Americans’ Fourth Amendment rights while at the same time “building an anti-terror coalition” with noted anti-terrorists such as Arafat, Putin and Assad.
Many readers have indicated some level of concern about the security of PGP 7.0.3, so we have done some research and spent a few cycles cogitating upon the e-mail encryption system’s various vulnerabilities. Last week, we specifically mentioned three problems: back doors, Van Eck freaking and brute force attacks. Of the three, it is back doors that are the most worrisome, primarily because NAI’s refusal to release the program’s source code to the public precludes the ability to verify that there are no back doors, PKZ’s statement to the contrary notwithstanding.
A back door is an intentional security flaw designed directly into the software, allowing a third party to read messages encrypted by the first party intended only for the second party. We have tried to think about how a back door could be reasonably introduced into PGP, and have come up with three possibilities:
- Something is designed into PGP that automatically sends information to the NSA – either keys or decrypted messages. This would be pretty easy to detect and would only have to be discovered once by one of PGP’s many users around the world. Additionally, since the failure to release source code has already generated much suspicion, this seems like a possible, but very risky and impractical way to do it.
- PGP’s new public keys are generated in such a way as to allow not only the private key holder, but also the NSA, to decode any messages encrypted with that public key. The problem with this notion is that 7.0.3 is compatible with older versions of PGP which demonstrably do not have this back door. Since the same algorithm is needed in order to decrypt with older versions, we do not see how it would be possible to create such a back door. However, we are only in possession of a 555 IQ; we are not infallible.
- The key generation is controlled in such a manner that the NSA has a means of knowing exactly which private keys are associated with which public keys. This would make it much easier to crack the keys, but knowing which key goes with which would appear to be tremendously difficult to ascertain, as keyrings are generated only upon private request on an individual machine.
Generally speaking, we believe it would be very difficult for a reasonably sized, bureaucratic technology company to create a back door of the sort we have mentioned without word of it leaking out somehow. We are not too concerned about the possibility, especially considering that the alternative for most people is not to encrypt their e-mail at all, leaving it wide open for perusal by even the clumsiest hacker. On the other hand, we just don’t like the fact that there is a reasonable basis for suspecting vulnerability, however unlikely.
There are at least two solutions to the problem of potential PGP vulnerability. One is to add another level of encryption. We logged on to Hushmail the other day, and while we applaud their embrace of the Open PGP program, we have some issues with the very concept of secure web-based e-mail, especially one that appears to require the use of ActiveX controls. But pasting an encrypted PGP message into Hushmail, thus encrypting it a second time with Hushmail’s Open Source (independently verified free of back doors, etc.) system, should add an additional level of protection.
Another option is to bag Windows altogether and make use of an Open Source program like GnuPG, which requires the use of LINUX as an operating system. Despite the rapid improvements in the various forms of LINUX, this is not yet a serious alternative for most casual computer users, but we will be writing a future column on exactly how difficult one can expect the switch to be, as well as likely problems to be encountered. One big positive for LINUX, though, is that it does not have anywhere near the amount of security holes as the various Microsoft products, both accidental and otherwise. With the approach of Windows XP and its ominous Big Brother approach to ID’ing and tracking online users, we expect a lot of people are going to be looking for alternatives to the Evil Empire. (Note to Mac fans: We already e-mailed Apple. If they can’t bother to reply, don’t blame us.)
So we encourage the use of Hushmail and GnuPG, and we eagerly await the release of a solid Windows-based Open PGP solution that integrates seamlessly with the popular e-mail packages. But do keep in mind that it is far better to make use of encryption that has only potentially been penetrated, like PGP, than to make use of none at all.
ISSUE OF THE WEEK: Oracle Chairman Larry Ellison. National ID card for all Americans. What is up with that?
THUS SPAKE VOX: Larry Ellison is a Nazi rat bastard. He is the intellectual descendant of a long, ignominious line of industrialists like Gustav Krupp, who wrote to Adolf Hitler upon the occasion of the Fuhrer’s ascension to power in 1933: “The turn of political events is in line with the wishes which I myself and the Board of Directors [of the Reich Association of German Industry] have cherished for a long time.”
Unlike us, Larry “Your Papers, Please” Ellison doesn’t care about the Fourth Amendment. “Well, this privacy you’re concerned about is largely an illusion,” he says. Which naturally brings to mind the Platonic notion that “no Being or reality can be ascribed to Not-being.” And who could deny the wisdom of Aristotle when he wrote that “all men by nature desire to know”? On this philosophically sound basis, we are thus convinced that it would be impossible for Herr Ellison to object in any way to the public release of his social security, credit card and cellphone numbers. Had we a heart, it would surely be its fervent desire to see those lovely little bits of information floating wild and free across the great savanna that is the Internet.
We would also encourage our readers to let Oracle know just what they think of Larry’s thoughtful offer. Contact Oracle here.