The latest variant of the crypto wars is happening now, with the UK and EU governments attempting to force backdoors into end-to-end encryption (E2EE).
The war is law enforcement and government desire to prevent criminals ‘going dark’ through E2EE. The battlefield for liberal democracies is the EU (the Child Sexual Abuse Regulation) and the UK (the Online Safety Bill – OSB). The collateral damage could be every law abiding citizen – and the audience is all other liberal democracies around the world.
On June 26, 2023, the Online Rights Group delivered an open letter (PDF) signed by 80 technologists and civil rights organizations to Chloe Smith, the UK government minister guiding the OSB through parliament. The biggest concern is the likely requirement for an encrypted message scanning capability. The open letter warns:
“The scanning software would have to be pre-installed on people’s phones, without their permission or full awareness of the severe privacy and security implications. The underlying databases can be corrupted by hostile actors, meaning that individual phones would become vulnerable to attack. The breadth of the measures proposed in the Online Safety Bill – which would infringe the rights to privacy to the same extent for the internet’s majority of legitimate law-abiding users as it would for potential criminals…”
Within days of this letter, Apple sent a separate statement to the BBC: “End-to-end encryption is a critical capability that protects the privacy of journalists, human rights activists, and diplomats. It also helps everyday citizens defend themselves from surveillance, identity theft, fraud, and data breaches. The Online Safety Bill poses a serious threat to this protection, and could put UK citizens at greater risk. Apple urges the government to amend the bill to protect strong end-to-end encryption for the benefit of all.”
SecurityWeek decided to examine the type of technology used in E2EE and feared by governments. We spoke to Matthew Hodgson, co-founder of Matrix.org and CEO/CTO at Element. The combination of Matrix and Element is fitting and ironic for this discussion.
It is fitting because both organizations have their origins in the UK’s Cambridge university. Matrix is an open protocol for decentralized, secure communications. Its custodian is the Matrix.org Foundation, a non-profit UK Community Interest Company. Element is a UK-based E2EE company set up by Hodgson partly to help fund Matrix, and partly to demonstrate its potential.
It is ironic because Matrix/Element’s E2EE is used by government departments in North America, the EU, NATO, Ukraine – and the UK. We should be clear, however, that Matrix/Element is as useful to private corporations that require secure communications as it is for government agencies that require secrecy.
Hodgson is reticent about going into detail on Element’s government users, limiting comments to public knowledge. “Historically, we have worked with France, providing secure sovereign communications across all the ministries and departments. Then we entered Germany, starting with the military and expanding to cover the whole country. Now we are providing similar operations to the US DOD, working specifically with the Navy and Marine Corps and Space Force, delivering the ability to communicate securely, but on their own terms, without any dependencies on external systems.”
The backbone of the system is Matrix. “Matrix is a communication protocol, like email or the web, except it focuses on realtime communications,” explained Hodgson. Anyone can install a Matrix server on their own equipment. If Element is also installed, the combination is secure E2EE that cannot be accessed outside the owners of the Matrix servers concerned.
Hodgson compared Element’s approach to Signal, one of the primary suppliers of E2EE. “It is similar. However, Signal is centralized. It runs on a single logical system running on Signal.org operated by a single organization, the Signal Foundation. This is problematic if you need or want to control all the ownership and responsibility for the communication yourself.”
Matrix allows end-to-end communication for chats, file transfer, voice/video calling or any other type of structured data. “We’ve used it for synchronizing VR and metaverse data, IoT data, and cursor-on-target data – which is particularly meaningful for the military,” continued Hodgson. “All this goes over Matrix, and the joy is that you can run the entire infrastructure yourself, either in your own country or in your own data centers, or in air gapped environments.” But it is decentralized, meaning all the Matrix servers can interoperate.
Element is both a company and a communication technology established by the creators of Matrix, “Frankly,” says Hodgson, “it is to keep the lights on and fund our ability to keep building the Matrix technology. Element is a Matrix client that you install on your phone or laptop to communicate across the Matrix network. It looks and smells much like other communication tools such as WhatsApp, Signal, Slack, Teams, or Discord – except it communicates directly with the destination server across the internet. We have around 100,000 servers and around 100 million users – public sector, open source players and private sector companies that may be regulated or related to the public sector infrastructure; including manufacturing, utilities, defense, education, and healthcare.”
The core encryption within Element is similar to Signal. “When they first launched Signal, they produced a simple sketch of how it works,” continued Hodgson. “We took this and wrote an expanded, revised version which we call olm because of its double ratchet implementation.” Double ratchet algorithms are traditionally named after salamanders, and olm is a salamander type found in the limestone caves of south-east Europe.
One of the reasons for the Salamander-naming convention is the ratchet that generates the series of keys used to encrypt the messages can self-heal – much like a salamander can regrow its tail or indeed limbs if damaged. “If attackers intercept and decrypt your encryption, it doesn’t mean they’re going to be able to predict the future keys. As a conversation continues, the process produces new secrets producing new keys that are exchanged between the parties.” Matrix/Element took inspiration from the best in class (Signal) and standardized their own version before Signal produced the official standard.
Element is also working with the IETF on messaging layer security (MLS). a new security layer for encryption within groups of two to many. MLS will provide both forward secrecy and post-compromise security due to a pre-specified key rotation or replacement rate.
Matrix/Element is not ignoring the potential future threat of quantum decryption. “We’re working on implementing Kyber as a wrapper around the elliptic curve25519 encryption that we have as our key exchange primitive today. That work is funded by one of the large government organizations that we’re working with. [More irony.] We have cryptographic agility built into both Matrix as a protocol and Element as an implementation. We can swap out for the best cipher and ratchet as either emerges.”
Hodgson is uncompromising in his view of the Online Safety Bill, but uncertain how it would affect his E2EE company. Firstly, he says adamantly that Element will not introduce a government backdoor or scanning capability. “We are willing to be blocked in markets where the government mandates that there must be some kind of intercept capability or scanning capability on communications. To have an alien blob of code reading all the unencrypted messages, and doing God knows what depending on the predilections of OFCOM or the government of the day would be catastrophic – all from a government that claims to support tech companies.”
His uncertainty comes from the devil in the details. We don’t yet know the final wording of the Online Safety Bill. There are likely to be some concessions. Corporate, and government, communications may be excluded. “There’s an exemption in the Online Safety Bill that says it only applies to the pesky citizens. If you’re providing enterprise communication, then you’re not in scope. So, it would, ironically, not necessarily impact the deployments we do for the UK government or UK companies. But it would be very problematic for people installing the app in the way they install Signal today off the App Stores. We will probably have to remove our app, as would Signal and WhatsApp and the other encrypted messengers, to make sure that the great British public doesn’t get its hands on proper secure communication technology.”
How the UK government expects to separate corporate from personal communication in the age of remote working remains to be seen – but if the Bill becomes an Act, the detection of a non-exempted E2EE communication will create a British outlaw from an otherwise completely law-abiding British citizen.