10

This is a question I often think of when I hear about countries considering blocking just one protocol with encryption, such as tor: How would a resourceful government block tor. Clearly France wouldn't consider a total ban on all encrypted traffic, but one could make a strong argument for doing so in a country where laws prohibit disloyal, disunifying or critical communication.

It seems though that even countries with poor human rights records allow encrypted traffic, while restricting all traffic to application level proxies that speak only unecrypted HTTP would certainly solve the problem, in as much as unmonitored communication by citizens can be seen as a problem. Why don't we see totalitarian limits on the internet itself more broadly?

Regarding the comments, if you put a ban on "uninterpretable communications on the people's internet", you'd immediately ban HTTPS, which is mostly invisible to both users and web designers, but also anything a bureaucrat counldn't off the cuff interpret easily would stick out. You could certainly deliver encryption technology in the clear via javascript, where it can be intercepted and mucked with, but it's hard to see how a combination of inconvenience, attacks by government and social pressure allow that to be a workable solution.

To clarify, I'm asking what is to be lost when a country decides that it must be able to view, analyze and modify all communications to and from its citizens online. That western websites often use HTTPS is a good argument, and a kind of surprising one, given that social media seems to be a primary weapon against despots.

Community
  • 1
Art Yerkes
  • 203
  • 1
  • 4
  • How? Nothing says I can't embed ciphertext into a plaintext protocol. Let's say I sent an HTTP page with some base64-encoded encrypted content. To a scanner, it would look like regular text on a page, but somebody who knows what's going on knows they can copy&paste that text into a decryptor and get back the plaintext. So you want a parser to read every character and only let it through if it's proper English / French / Arabic? What about typos? What about Download hashes? Point is: that's a really really hard problem. – Mike Ounsworth Dec 11 '15 at 20:59
  • Following up on @MikeOunsworth's comment, perhaps you can clarify your question. Are you asking why all encrypted protocols are prohibited or why all encrypted data anywhere is prohibited? – Neil Smithline Dec 11 '15 at 22:17

3 Answers3

9

Because HTTPS underpins a lot of websites. Anywhere you authenticate, you should be using HTTPS. So that's things like:

  • banking
  • social media
  • government sites like tax submission
  • anything with an account

If you suddenly took away HTTPS, you'd be ensuring that any authentication traffic would be gone. It's not like you can petition Facebook and Goldman-Sachs to create HTTP-only versions of their websites. If the government tried to implement an HTTP-Only* authentication model for internal services, it would be a useless service. You'd be able to grab credentials easily, casting doubt on everyone's online identity. Simply being on the same network as someone (say, your despotic leader) and running a packet dumper on your machine will capture their credentials, and there's nothing they can do about it.

Blocking all HTTPS traffic would be highly disruptive to a country's online activities, and would stamp out the very thing they are trying to monitor.

* encryption-less, port 80 only, etc.

Ohnana
  • 4,727
  • 2
  • 24
  • 39
  • "You'd be able to grab anyone's credentials easily" - please elaborate: how easily could I grab a specific person's credentials? (say, the state leader's) – user253751 Dec 12 '15 at 02:03
  • Also I'm sure many despotic leaders would find the reduction in security a small price to pay for the ability to snoop all traffic. (After all, reducing security so they can snoop traffic is the *entire point*) – user253751 Dec 12 '15 at 02:10
  • @immibis HTTP sends everything as cleartext. So on the same network, you'd be able to listen (at least on a hubbed or wireless network) to packets not addressed to your computer, filter for HTTP POST packets, and look at the cleartext to see the password. You'd have to know your despotic leader's username to know the credentials belong to him, of course. – KnightOfNi Dec 12 '15 at 02:33
  • @KnightOfNi You'd have to know your despotic leader's username *and be on the same network as them*. In practice, that means they log on at your house, or you're both at a public wifi hotspot, or you're an ISP. None of which are particularly likely scenarios (and presumably ISPs are tightly controlled) – user253751 Dec 12 '15 at 02:36
  • @immibis As for the reduction in security benefiting the leaders, it actually wouldn't. Everyone would have access to everyone else's credentials, which would mean that telling who is actually using a certain person's account to post seditious material would be nearly impossible. It's actually a very effective anonymizer. – KnightOfNi Dec 12 '15 at 02:36
  • @immibis Yeah, that's right. And more importantly, the despotic leader is going to make an exception for themselves and encrypt THEIR traffic :). Maybe if they were on WiFi you could use a really powerful antenna to hook up to their home network from a safe distance, but then again maybe not. Either way, most anyone else's account would be fair game, since most people don't aggressively guard the entire area covered by their WiFi network. – KnightOfNi Dec 12 '15 at 02:39
  • That's getting off-topic now. The view that "if HTTPS was banned nobody would authenticate" is stupid. Would you still authenticate to StackExchange if StackExchange didn't use HTTPS? (Hey, wait a moment there...) – user253751 Dec 12 '15 at 02:44
2

A state actor that controls DNS servers or routing, and a certificate authority can mount man-in-the-middle attacks, giving people the illusion that their privacy is protected by encryption when it actually is not. That seems "better" (if you're a little despot, short and stout) than announcing that there shall be no privacy.

Note: I don't mean to imply that a MITM attack is easy, but it is doable with enough incentive.

Bob Brown
  • 5,293
  • 1
  • 19
  • 28
  • Especially if you've also installed your root cert on every single computer in your country, which could be a requirement for computers. – timuzhti Dec 12 '15 at 03:00
  • Well done and with humor. Here's an [answer](http://security.stackexchange.com/a/104680/13857) explaining how this works. It even mentions how a government could do it once that government installed root cert is present. – Andrew Philips Dec 12 '15 at 12:47
  • 1
    I've edited my answer to add that controlling routing means one doesn't need to control DNS/ – Bob Brown Dec 12 '15 at 15:50
1

Encrypted content is indistinguishable from random bits, by design. This means you can't enforce a ban on encryption without banning random data as well. You would effectively create a whitelist of actions which are probably crypto free. This simply becomes a test of human ingenuity to find a few unverified bits to send a message in.

Cort Ammon
  • 9,216
  • 3
  • 26
  • 26