In 1991, Philip Zimmermann developed a humble-sounding electronic
encryption technology known as Pretty Good Privacy. In fact, it was very
good–so good that not even the federal government has been able to
crack it, a fact that has made Zimmermann a folk hero to privacy
advocates and a headache to law enforcement.
Now Zimmermann, a fellow at Stanford Law School’s Center for Internet
and Society, has found himself back in the fiery debate between federal
investigators and those who oppose their snooping–this time thanks to
ZRTP, a technology for encrypting Internet telephone calls. ZRTP throws a
wrench in the Bush administration’s controversial warrant-free
wiretapping program and its proposed legal immunity for the
telecommunications companies. So far, not even teams of supercomputers
and cyberspies at the National Security Agency have cracked ZRTP. That
means anyone who uses Zimmermann’s Zfone software, a ZRTP-enabled voice
over Internet Protocol (VoIP) program available for free on his Web
site, can skirt the feds’ wiretapping altogether.
Forbes.com spoke with Zimmermann about how his small company has been
able to produce an encryption product that not even the U.S. government
can break, what ZRTP means for national security, and why cutting off
the government’s access to our phones is necessary to keep out the truly
malicious spies.
Forbes: From a security and espionage perspective, what’s the difference between traditional telephony and VoIP?
Zimmermann: In the traditional telephone system,
Alice and Bob are connected by a single path. The simple thing is to
wiretap that path in the middle at the phone company’s switch. With
VoIP, the packets take many paths through the cloud to get to their
destination, so traditional wiretapping isn’t nearly as easy. Instead,
it’s easiest to tap it near the endpoints. That, in fact, is very easy
to do–almost trivial.
So unencrypted VoIP is less secure than traditional telephony?
Vastly less secure. The traditional public telephone system that
we’ve been using for the last hundred years is fairly well protected.
It’s easy for the government to wiretap it by going to the phone
company, but not easy for anyone else to wiretap it. If anyone else
wanted to wiretap someone’s conversations, they’d have to find a place
close to his or her office, get some alligator clips, and try to find
the right wire out of thousands to clip them onto, and hope that nobody
spots you doing it.
With VoIP, it’s not nearly so hard. All you just need is to take over
a computer on the same network as the VoIP traffic with some spyware.
That computer intercepts the VoIP conversations and stores them on a
hard disk as .wav files that can be browsed later. A wiretapper could
even choose to target the phone calls of a company’s general counsel
talking to an outside law firm, or the CEO talking to his counterpart at
another company.
It’s much easier because you don’t have to physically be there. You
can be in China or Russia and target a company without obtaining a visa
or entering the country you’re trying to infiltrate.
So unencrypted VoIP is vulnerable not just to government wiretapping but also to cyber-criminal spying.
With traditional telephony, our threat model was mostly government
wiretapping. With VoIP, anyone can wiretap us: the Russian mafia,
foreign governments, hackers, disgruntled former employees. Anyone.
Historically, there’s been an asymmetry between government
wiretapping and everyone else wiretapping that’s been in the
government’s favor. As we migrate to VoIP, that differential collapses.
The government itself is just as vulnerable. Wiretappers can reveal
details of ongoing investigations, names and personal details of
informants, conversations between officials and their wives about what
time they pick up their kids at school.
So youre arguing that we have to encrypt VoIP to protect our
calls from criminals, regardless of whether it defeats government
wiretapping?
We have no choice. If we had the luxury of continuing to use the
traditional phone system and not VoIP, we wouldn’t be compelled to
encrypt calls. The traditional phone system is well-protected enough
that, although the government can wiretap it, organized criminals can’t.
Everyone thinks that VoIP is the future of telephony.
It’s cheaper, more versatile, more feature-rich. So technological
pressure herds us towards VoIP; we’ll have to encrypt it. Wiretapping
will become so easy that the criminals–not just governments–will be able
to do it routinely. There will be insider trading, blackmail, organized
crime spying on judges and prosecutors, key witnesses killed before
they can testify.
What exactly are ZRTP and Zfone, and how do they work?
ZRTP is a protocol that defines how VoIP phones talk to each other in
an encrypted way. Zfone is a program that we’ve developed for end users
that employs ZTRP. They both use strong cryptographic algorithms to
negotiate cryptographic keys between two parties without the
participation of any phone company. The keys are strings of bits, and
without them, you can’t decrypt the conversation. They’re automatically
created at the start of the call, and destroyed at the end. Only the two
parties know the keys, and the phone company isn’t in a position where
it can give the keys to a third party.
And that negotiation can’t be intercepted?
It could be intercepted, but it wouldn’t be useful. The keys are
negotiated between the two parties using an algorithm known as the
Diffie-Hellman algorithm, which makes it computationally infeasible for a
third party to reconstruct the keys by intercepting the key
negotiations. That’s the beauty of public key cryptography. Your
opponent can intercept all the packets of data in the negotiation, and
yet he can’t figure out what the keys are, unless he has nearly infinite
computing resources. He’d need more computing resources than the human
race currently has and the entire lifetime of the universe to work on
it.
And with these shared keys, you can encrypt communication in a way that can’t be unscrambled?
Once the two parties have keys, they can use the advanced encryption
standard, which is in wide use today. It’s a cipher that’s very
difficult to reverse without knowing the keys. And when I say “very
difficult,” again I mean that the computations would take millions of
times the age of the universe.
So you’ve created a protocol that not even thousands of NSA agents working for years could unscramble?
Well, they’re using computers, not people. In fact, they’re using
supercomputers that attempt every possible key. But they wouldn’t be
able to guess the key to decrypt a ZRTP-encrypted conversation.
In fact, they’re using the same kind of encryption for their own
classified data. If they knew how to break it, they probably wouldn’t
trust it enough to use it themselves.
Plenty
of Americans believe that government wiretapping–even without a
warrant–is legitimate. But encrypted VoIP calls could mean the end of
that kind of wiretapping as well.
Yes, it would. But if you think about how intelligence agencies fight
al-Qaida: they get almost as much information from traffic pattern
analysis as they do from the content. There’ll be a phone call from
Pakistan to a cellphone in New York, and that phone will call six other
cellphones. And so they’re interested in who’s calling whom. They look
for the patterns, which will still be visible even if the content is
encrypted.
Those patterns often tell them more than the contents of the call.
The contents might be “The wedding cake will be ready on Saturday.”
Well, it’s probably not a wedding cake, and it’s probably not really
Saturday either.
From the point of view of law enforcement, traffic analysis can be
quite useful. But for a criminal trying to get information for insider
training, he’s only interested in the content. So encryption actually
hits criminals harder than it hits law enforcement agencies.
The Communications Assistance for Law Enforcement Act (CALEA)
mandates that telecommunications equipment provide a backdoor for
interception by law enforcement. Does that mean that ZTRP is illegal?
CALEA imposes requirements on service providers like phone companies.
But Zfone negotiates the keys between end users, where CALEA doesn’t
apply. The phone company doesn’t have access to the keys–only the users
do. CALEA is rendered moot.
What’s your take on the debate over the Bush Administration’s
program of warrant-free wiretapping and what it means for civil
liberties?
If the government has a court-ordered wiretap against someone who
they believe has probable cause, there’s still a legal place for that.
The driftnet fishing approach, where anyone can be wiretapped at any
time, however, raises some constitutional questions.
The objective of ZRTP is not to stop the NSA from doing its job. It’s
to protect society from organized crime and foreign governments. We
have to encrypt VoIP to do that. That may have effects on lawful
interception of telecommunications, but those effects have to be weighed
against the terrible effects of not doing it.
The government claims it only wants to wiretap a tiny fraction of a
percent of all phone calls. To let the government keep wiretapping those
phones, we’d have to expose all of our phone calls to organized crime.
As the debate heats up over immunity for telecommunications
companies that have enabled government wiretapping, is interest in your
products growing?
Interest is growing, but it will be mainly driven by the growth of
VoIP. For now, VoIP isn’t the dominant way that people make phone calls,
but in a few years it will surpass traditional telephony. And when VoIP
grows big enough to hold an attraction for organized crime, they’re
going to be all over it–just like they’re all over the rest of the
Internet today.
No comments:
Post a Comment