A Few Thoughts on Ray Ozzie’s “Clear” Proposal

The work I did on mobile encryption was framed thusly:<p>- Deriving a key for all devices from a single key creates a single, catastrophic failure mode for the solution where all devices become vulnerable together. As soon as customers figure this out, nobody serious will adopt it because they can&#x27;t afford to accept that known risk exposure.<p>- We&#x27;re assuming that the HSM we&#x27;re using doesn&#x27;t have a bias in its key generation RNG to limit the real key space, because if I were an intel agency, that&#x27;s probably the first lever I would pull.<p>- The entropy of the additional derivation components we can source from the individual device to locally diversify keys is really limited, and some really smart people are going to be reversing our code. Apple (and unrelated, in my own work, I never worked for anyone affiliated with them) relied on limiting number of attempts in hardware (effectively) to mitigate this risk.<p>Personally, I think the Ozzie proposal is a red herring to give the feds rhetorical leverage by providing their side with something few people understand, but can get behind politically because it&#x27;s sufficiently complex as to be &quot;our&quot; magic vs. &quot;their&quot; magic. This is to drown out technical objections and make the problem a political one where they can use their leverage.<p>As The author (Green) notes, we can design some pretty crazy things, and if the feds came out and said, &quot;build us a ubiquitous surveillance apparatus, or at least give us complete sovereign and executive control of all electronic information.&quot; that is technically solvable problem, but in the US, legally intractable. So instead, they want those effective powers without the overt mandate.

&gt; It literally refers to a giant, ultra-secure vault that will have to be maintained individually by different phone manufacturers<p>We can&#x27;t even trust manufacturers to provide updates in most cases. Placing that much trust in them is nothing short of lunacy.

I don&#x27;t see anything new in the alleged proposal, this is the same old crypto war. This is &quot;just&quot; key escrow.<p>One might as well propose to have the manufacturers build in the governments public key (and autobrick phone usage) such that the phone can detect if it is really the government reading the phone.<p>Another note:<p>&quot;Ozzie’s proposal relies fundamentally on the ability of manufacturers to secure massive amounts of extremely valuable key material against the strongest and most resourceful attackers on the planet. &quot;<p>This is not true: the phone encrypts the users passcode against the manufacturers public key. If the government tries to read the phone, it will get the encrypted passcode (useless) and send it to the manufacturer who decrypts the passcode. A single private key is not massive amounts of information. Not that it changes anything about protection needs: wheither its a piece of paper containing the say 4096 bits (512 bytes), or in Matthew Greens misinterpretation billions of 512 bytes (half a terrabyte) on a single HDD, they both have the same value. The whole code base needs similar protection anyway: their bootloaders already are signed by the manufacturer.<p>All this centralization is bad, leave the crypto genie out of the bottle please...

The main difference between this proposal and the previous ones is the bricking step, which is supposed to make it transparent when the key has been revealed. But once the key has been revealed, what prevents an attacker from replacing the main board of the phone (keeping the phone&#x27;s exterior and its SIM card), and copying all the data to the new board? A non-technical user (and even most technical users) wouldn&#x27;t know the difference.

Bricking the phone works <i>against</i> law enforcement by only allowing raw access to the data. Even if Clear worked correctly, law enforcement couldn&#x27;t open apps and see the data in the correct context. They&#x27;d have raw data files full of indexes, hashes, and cached data. Worse, apps would start to encrypt data on the client specifically to avoid Clear.<p>The only significant change between plain key escrow and Clear (bricking the phone) would defeat the usefulness of Clear.

&gt; [..] and keep the secret key in a “vault” where hopefully it will never be needed.<p>That&#x27;s only in bullet point one and where it already falls apart.

I cant think of anything worse than my plastic metal and glass friend being forced to snitch against me. Its like my best friend betrayed me. Beyond creepy, key escrow proposals are the very definition of totalitarianism.

Can anyone explain why the government wouldn&#x27;t just mandate that they be given all the keys from the start? Why would they put up with Apple as a middleman who could potentially refuse their requests?<p>Also, this key escrow scheme is near impossible to scale to more than one government. Now we need a way to authenticate government agents, good luck with that.

But why? Why give the government such a ripe target for abuse? Why tilt the balance of power even further in its favor?

If you&#x27;d like to look at the proposal yourself rather than to interpret it through others:<p><a href="https:&#x2F;&#x2F;github.com&#x2F;rayozzie&#x2F;clear&#x2F;blob&#x2F;master&#x2F;clear-rozzie.pdf" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;rayozzie&#x2F;clear&#x2F;blob&#x2F;master&#x2F;clear-rozzie.p...</a>

I’m not sure the benefit to Apple or other phone manufacturers. This looks like a substantial cost with zero benefit to those others than law enforcement. And substantial new risk for misuse or abuse.<p>What’s Ozzie’s true motivation? Is he looking to start a company running Clear and raking in patent revenue? I get why the governments want this, but not why a citizen would propose this.<p>If it weren’t Ray Ozzie, I would think this was just part of some propaganda push.

Just a nitpick. Matthew Green uses the analogy of signing keys being leaked often as evidence that Ozzi’s proposed system would be similarly not secure. This is a weak analogy: signing private keys are often leaked because their use case requires them to be “online” in some fashion (code must be signed with the private key so it can be verified with the public key). Similarly, CAs must use private keys operationally (to sign customer CSRs), increasing the risk of key compromise.<p>In Ozzi’s proposal, the private key never actually has to exist outside the environment it was created in, only the public key does. As pointed out in other comments, LE would not need access to the private key, either, they could simply submit the encrypted passcode to the manufacturer, who would then decrypt it on their behalf using the private key.

Extremely exceptional access only, in cases where thousands of people&#x27;s lives could be at stake or millions. Since we can&#x27;t create a fully unbreakable software&#x2F;hardware security systems anyway, if ever, companies can use technology + psychology. Unintentionally create an extremely difficult to find bug that requires extremely talented engineers and large hardware resources to break, then unintentionally share it with at most discreet way probably just verbally to very few trusted 3rd parties. And it is not officially approved by the top management or even knows about it. We don&#x27;t live in a perfect world and we don&#x27;t have a perfect solution. JUST COMMENTS, NOT A SUGGESTION!

I don&#x27;t want this scheme. I don&#x27;t want key escrow. But, a critique in the document is a &#x27;if lost, lost forever&#x27; moment. If the escrow DB is compromised, the article says all phone are now pwned. For that point in time, true.<p>But phones are online devices. why does the escrow key have to be a constant, which if the central store is compromised means all phones prior to that date are compromised forever?<p>eg, re=spin the per-phone keygen on some cycle, and you define a window of risk, but it passes. re-spin clearly has to pass through some protocol, but we&#x27;ve been doing ephemeral re-key forever with websites.

He talks about “massive amounts of extremely valuable key material“ needed to be stored for billions of devices.<p>It’s not like this would be Fort Knox. All that data could be stored on a couple of USB sticks which, really, makes it even scarier. Someone could hold the entire contents in the palm of their hand walk away with everything.

What if someday we get political leadership so awful that, hypothetically, a former CIA chief feels compelled to warn that is is fundamentally dangerous to the nation?<p>One answer might be that we deserve such an outcome, and there is no reason to insulate encryption from the negative consequences. But is that a good answer?

&gt; Also, when a phone is unlocked with Clear, a special chip inside the phone blows itself up.<p>no thanks

Personally I believe real world actions should be the focus of surveillance. The empires are simply trying to cheap out by focusing on surveillance of computer activity.<p>This is the most profound part of Matthew Green&#x27;s piece in my opinion:<p>&quot;While this mainly concludes my notes about on Ozzie’s proposal, I want to conclude this post with a side note, a response to something I routinely hear from folks in the law enforcement community. This is the criticism that cryptographers are a bunch of naysayers who aren’t trying to solve “one of the most fundamental problems of our time”, and are instead just rejecting the problem with lazy claims that it “can’t work”. &quot;<p>I believe the most fundamental problem is how can we decentralize real world security? I am FOR mass surveillance but AGAINST <i>centralized</i> mass surveillance.<p>Assume every crook and cranny of the world was covered by <i>community</i> cameras, and the cameras encrypted the streams with treshold cryptography, such that the populace has different parts of the secret, then one needs &quot;enough&quot; citizens agreeing to reveal the contents seen by a specific camera at a specific time. This way its public for all or public for none. Every accident, every murder, ...<p>Suppose a body is found, then the group decides to reveal the imagery: oh yes, in this case the person was murdered! look the perpetrator is walking out of view to the next camera, then the next,... we can trace him to where he is now. Properly trained citizens (in a now authorized police role) go and arrest the guy. He is now in prison waiting for his trial (also with <i>community cameras</i>, so no broomsticks in prisoner ani). At trial time, if the person denies, or claims to be a different person from the arrested one, we can trace through all the imagery from his commiting a crime to his sitting in court right there and then.<p>So yes, there is a real conflict between cryptographers and centralized law enforcement. We dont need no spooks!<p>And the spooks can not decode the camera imagery: a large enough number of citizens (chosen at random by cryptographic sortition) running instance of <i>good citizen client</i> software need to release their part of the shared secret.<p>EDIT:<p>So there is broadly speaking 2 kinds of crimes:<p>* meatspace crimes (murder, negligence, rape, making childporn (automatically rape), ...)<p>* cyber crimes (copyright, child porn, ...)<p>I argue that not implementing such a <i>community camera</i> system is a form of negligence in itself.<p>It does not adress things like copyright infringement, but ... thats not exactly the most popularly supported concept.<p>Then there is the problem of child porn: fake and real.<p>I argue that with deepfake any faked child porn will eventually become indiscernible from real child porn.<p>Which leaves the problem of official child porn recorded by the <i>community cameras</i> used to apprehend perpetrators (since these also sign the imagery to testify authenticity!).<p>Due too taboo many victims of child abuse didn&#x27;t realize, or only had doubts that they were suffering abuse, enabling the abuse to continue. Without concrete visual examples for them to explore, to asses if they are or are not suffering child abuse, how can they alert others of their situation? We send these children extremely mixed messages: absolutely tell us if you are being abused, but absolutely never falsely report a person. Merely asking someone else for advice is automatically interpreted as a child reporting child abuse. How can a child asses his or her situation? With abstract questions using words and connotations it does not know?<p>I believe the number of reported child abuses would go up if we used these <i>community cameras</i> for decentralized mass surveillance.<p>Also for crime in general (theft, murder, ...), the knowledge that you will with extremely high probability be caught, will decrease a lot of crime. I would not be surprised if the crime rate of &quot;impulsive&quot; crimes (where the criminal was supposedly not able to control his urges) would drop substantially, revealing that in the current system they often get off the hook.<p>There will still be rude people, getting fines for squeezing women in the ass while drunk. But for any actual crime in general, both victim and perpetrator would know that the victim can simply report this to the group, and that the perpetrator can not escape by lack of evidence. The current lack of evidence constantly discourages people from reporting crimes (as there is risk involved: financial: lawyers, emotional: potential incredulity at police station, ...).<p>One might think that this will cause criminals to escalate to murder: &quot;if you rob a victim, you should kill her, or else she will report you&quot; but hiding a body will be very hard, and if a person goes missing the friends and relatives will report this, and instead of following the criminal we can follow the missing person from the time and place she was last reported seen!<p>As long as cryptographers only draw the <i>privacy</i> card, the law enforcement community has a point. As long as the law enforcement community only draws the <i>centralized</i> power card, the cryptographers have a point.<p>Only when we have decentralized mass surveillance can we have <i>both</i> privacy (as long as you don&#x27;t commit crimes or go missing) and real law enforcement.<p>Common FAQ:<p>What if say a stalker repeatedly reports his ex as &quot;missing&quot;? Cry wolf to many times, or be blocked to report a person missing, and the <i>good citizen client</i> software that the citizens individually run, will refuse to comply.<p>What if a stalker or group of them repeatedly reports a &quot;murderer&quot; in a celebrities bedroom? we can send a local but randomly selected properly trained (group of) citizen (in police role) to go check the room, if the supposed dead body is not there, no reason to unlock the imagery.<p>(I will add more as people ask)

We need a new way of thinking about caches of secrets. It comes from this unpleasant truth: all secrets eventually leak. The evidence of the past few years teaches us that even state actors with unlimited resources cannot prevent their secrets from leaking.<p>A &quot;leak&quot; here happens when a trusted entity loses control of the secret to one or more untrusted and malicious entities. That&#x27;s just a definition, not a claim that any particular government, company, or person is a trusted entity.<p>To counter this, we need multiple layers of defense.<p>One is the business of bricking the phones when the leaked secrets are exploited. That makes it plain that the secret has leaked. It&#x27;s a valuable layer of defense.<p>Another is to make the secrets have limited useful lifetimes. Expiration and revocation for TLS certificates is a way to do that. Credit&#x2F;debit card numbers can be deactivated and replaced rapidly. That&#x27;s another way to limit the lifetime of a secret. Ozzie&#x27;s proposal does not include a way to limit secrets&#x27; lifetimes. (Social Security numbers are problematic secrets: they too have unlimited lifetimes.)<p>A third layer is making the secrets have limited utility. If debit cards had daily spending limits, their secret numbers would be less useful than they are today, for example. Day-one exploits are secrets with vast utility, for another example. Ozzie proposes a secret to unlock an entire phone. How about limiting that to, say, the phone&#x27;s call log or SMS log?<p>A fourth layer is to keep the caches of secrets as small as possible, so a breach affects as few people as possible. Ozzie proposes the opposite of this.<p>A fifth layer: holders of caches of secrets must know they are strictly liable for breaches proportional to the damage they do. It must not matter whether the breach was due to negligence, carelessness, espionage, or salt water rusting out the safe after a storm. Large scale key escrow cache systems will never be able to meet this standard: nation states won&#x27;t honor that liability, nor will they pay private companies enough to cover the insurance for it.<p>(Strict liability is not unprecedented: workers&#x27; compensation and the vaccine injury victims&#x27; compensation fund are two reasonably successful examples.)<p>People, companies, and governments holding secrets necessarily must consider what happens when (not if) they leak, and provide at least some defenses in depth like these.<p>Ozzie&#x27;s proposal has weak and incomplete in-depth defenses. That&#x27;s why it&#x27;s dangerous.

I agree about the security of a centralized vault being a key weakness, but the article omits a few key aspects of Ozzie&#x27;s proposal:[0]<p>* A court order is required. It&#x27;s not up to the tech vendor.<p>* Physical control of the device is required. No remote exploits.<p>* Access is enabled only to one device at a time. No mass hacking.<p>The point of security is to increase the cost to the &#x27;attacker&#x27; (here we&#x27;ll use that word even for legitimate government purposes); there&#x27;s no perfect security; law enforcement can access data on iPhones already. Also, attackers focus on the weakest (i.e., least expensive) link and there&#x27;s limited value in increasing the cost beyond the 2nd weakest link.[1] Except for the centralization of key storage and two other issues (see below), Ozzie&#x27;s proposal might increase the cost to the level of law enforcement&#x27;s alternative, acquiring a hacking tool. In fact, I&#x27;ve been thinking of something similar (court order, physical access required, notification to user) and might even have posted it to HN at some point.<p>Using hacking tools is much worse than Ozzie&#x27;s process: There&#x27;s no court (or at least it&#x27;s not as enforceable, because there&#x27;s no tech company checking for a warrant), no tech company, the user doesn&#x27;t necessarily know their data has been accessed, remote exploits are possible, and so is mass hacking.<p>Also remember that private citizens can still encrypt their data at the file level using other tools, though of course most will not.<p>Here are weaknesses I see:<p>A) The use of other means of accessing devices would have to be outlawed, or law enforcement will continue to use hacking tools and citizens gain nothing.<p>B) Solve the centralization problem. Probably, the keys shouldn&#x27;t be in the hands of the tech giants and should be distributed widely. EDIT: Perhaps require two unrelated parties for access?<p>C) If these new access tools are built into mobile devices, what happens in countries where people&#x27;s rights have been taken away? The courts are often ineffective. I suppose the fact that the phones get bricked at least informs the user, and the authorities can use hacking tools anyway, so perhaps nothing is lost.<p>____________<p>[0] <a href="https:&#x2F;&#x2F;www.wired.com&#x2F;story&#x2F;crypto-war-clear-encryption&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.wired.com&#x2F;story&#x2F;crypto-war-clear-encryption&#x2F;</a><p>[1] If I increase the cost of exploit A to $100,000 and exploit B costs $50,000, attackers will use B. If I increase the cost of A even further, to $200,000, it won&#x27;t provide much more security - the attackers still will use B.