It was reported yesterday that the Home Office are now saying that they’re not worried about encryption, because they can look inside HTTPS. Most people’s reaction is that this isn’t possible, or at least isn’t easy unless you’re going to throw huge resources at the problem. (Edit: Privacy International have reported this in more detail)
Sadly, it’s not that hard – but it has worrying implications.
The technical bit
There’s been a trick used by large corporate IT departments for a while to check on what employees are doing, which they often need to do for regulatory compliance. It works because the IT department controls your PC and the can tell it what Certificate Authorities (CAs) to trust to authenticate remote sites. The proxy you use to access the internet has a root CA on it that your PC has been told to trust, so it can create apparently legitimate looking certificates on-the-fly for any web site on the internet you visit.
This is known as a “Man-in-the-Middle” attack, because you’re sitting between A and B and altering the communications, rather than just listening to it passively. It’s also out there and used today – here’s an example of a commercial device that uses this technique.
That’s fine for corporates, because they control the end devices. However, things became a little scarier earlier this year when one of the real root Certificate Authorities broke the trust of the community.
CAs don’t use their highest level certificates for day-to-day signing. Those certificates are installed in every web browser out there and they have to negotiate with browser manufacturers individually if they’re to change them, so if they’re compromised it’s game over for them. Instead, they generate an “intermediate root” certificate and use that, so it can be revoked if someone leaks it. The real root key stays locked in a safe somewhere. One root CA, Trustwave, didn’t just generate intermediate roots for it’s own use, however: It also generated one for use in one of these snooping devices.
Back to where we are today
It seems likely that if the Home Office think they can break HTTPS, they’ve spoken to someone with one of these magic SSL snooping boxes and also spoken with a root CA willing to let them have a certificate. If that’s the case, it’s concerning because they think it’s acceptable not just to listen in on traffic but to alter it in transit in order to glean the contents. We’ve seen the unintended consequences of such actions before, when the Internet Watch Foundation listed Wikipedia as a child porn hosting site.
I can see nothing in the proposed Bill that would act as a safeguard against the Home Office mandating the ISPs engage in such behaviour.
Luckily, it probably won’t work. The moment a CA is caught giving the Home Office a root certificate, Mozilla would likely revoke it. They can lean on Apple, Google and Microsoft as corporate entities to play along but Mozilla is run by the community and it’s going to be hard to pull the wool over everyone’s eyes there.
You wouldn’t be able to get on a site without being snooped on, but at least your browser will pop up lots of warnings letting you know that Big Brother is watching.
P.S. If you’re worried about this sort of attack being used on you, I can recommend Certificate Patrol for Firefox. It pops up quite a few false-positives, but will give a pretty good clue if something suddenly causes all your certificates to change.