Encryption by Default Equals National Security

By Steven M. Bellovin, Susan Landau
Friday, October 26, 2018, 12:01 PM

The New York Times reported a mind-boggling story on Oct. 24. The president of the United States routinely ignores the advice of his aides and calls old friends on an unsecured iPhone “no different from hundreds of millions of iPhones in use around the world.” There are policy reasons why this is bad. These calls don’t get logged by the White House and hence aren't noted by his senior aides. But there is also a serious security issue: According to the Times, apparently both the Russians and the Chinese are listening to these unsecured calls.

We are paying the price for decades of government opposition to widespread, strong cryptography. Security and privacy researchers have been warning about this but were ignored—and the consequences are serious.

The president’s calls on his iPhone were unencrypted and have been intercepted, most likely on the radio link from the president’s phone to the nearest cell tower. In March 2018, the Department of Homeland Security confirmed that fake cellphone towers capable of intercepting communications had been placed in the nation’s capital by parties unknown.

Because the president is not concerned with detail, the Times writes, he tends not to learn about the particulars of an intelligence or military operation. This mitigates government officials’ concerns that the eavesdroppers might discover such information when they intercept the president's calls on his personal cellphone—though the risk that the president might slip up and mention something classified on this open line remains. (NBC reports that Trump may have discussed sensitive information on his iPhone with Fox News host Sean Hannity.) Instead, reportedly, what foreign intelligence agencies learn is what the president is thinking about trade wars and any other issues his discusses with his friends. And that, says the Times, has led to a sophisticated operation in which the Chinese make use of this information to covertly influence him. Working through friends of Trump's, the Chinese have apparently mounted an influence operation to change the president's thinking. The Russians have also been listening in—and those are just the two countries whose intelligence operations have been reported.

Trump’s lax approach to security presents an unusually stark problem. But unsecured communications have long been a problem for U.S. national security. In 1972, for example, the Soviet Union's eavesdropping led to “The Great Grain Robbery”: eavesdropping of communications on calls between American wheat farmers and the Department of Agriculture that enabled the Russians to covertly buy record amounts of wheat at low prices, causing a U.S. grain shortage 18 months later.

Twenty-five years ago, a group of computer scientists observed that “the need for information security [was] widespread” on matters including personal and business communications, data for critical infrastructure, and health records. Arguing for secure, end-to-end encryption, the scientists wrote, “This rising tide of important yet unsecured electronic data leaves our society increasingly vulnerable to curious neighbors, industrial spies, rogue nations, organized crime, and terrorist organizations.” Instead the government took the opposite tack, spending the decade pressing for adoption of the Clipper chip, an encryption system in which keys were stored with agencies of the U.S. government, and limiting the strength of cryptosystems that could be sold abroad. This effectively limited the strength of systems sold domestically.

Imagine if instead of the U.S. government fighting the spread of strong cryptography, the National Security Agency and FBI had pushed for cellphones that would always encrypt communications end-to-end. This would make it far harder to intercept communications. It would also mean that every legislator and legislative aide, every chief executive, every financial officer—indeed, any person who had information that would be useful to an eavesdropper, whether it be China, Russia, an industrial competitor or a criminal organization—would necessarily use phones that routinely secured their conversations. And, importantly, it would protect the president’s phone calls even if he refused to listen to the officials begging him to use a secure method of communication.

While end-to-end encryption would make it much harder for the United States to listen in to what the bad guys were saying, such use of end-to-end encryption wouldn't mean the end of wiretapping. High-value targets would still be the subject of targeted, sophisticated hacks. For high-value targets like the president, this is still a concern. The Times reports:

Mr. Trump is supposed to swap out his two official phones every 30 days for new ones but rarely does, bristling at the inconvenience. White House staff members are supposed to set up the new phones exactly like the old ones, but the new iPhones cannot be restored from backups of his old phones because doing so would transfer over any malware.

We know that securing the communications of government workers matter. But securing the communications of private citizens also makes a difference for national security—not just for the type of intellectual property thefts that are rampant today, including the theft of Lockheed Martin's plans for the F-35.

Default end-to-end encryption for communications would protect not only the president—who has access to secure communications devices if he wishes—but also the rest of us. And in doing so, it would help secure the nation.