Category Archives: Cryptography
2012: "Mass surveillance is fine — if it wasn’t, you’d see major corporations trying to court new business by building in crypto tools that kept out the surveillance agencies. The fact that they’re not doing this tells you that surveillance opponents are an out-of-touch, paranoid minority."
2016: "Mass surveillance is necessary — when companies use crypto tools as ‘marketing ploys,’ they’re getting in the way of something we all agree is proportionate and legitimate!"
The government’s attempt to get Apple to build a bespoke operating system so they can brute force access to an iPhone without it erasing its data has led the media to some of us who were in the first round of the crypto wars. Today was my turn. A few seconds on CBS in the Morning, ink in a nice explainer by Steve Lohr in the New York Times. I also spoke to the LA Times and the Wall St. Journal, but I haven’t seen what if anything they made of it.
I presume they found me because I wrote the first US legal article on law and encryption: The Metaphor is the Key: Cryptography, the Clipper Chip and the Constitution. There’s also a shorter sequel that some find easier to read, It Came From Planet Clipper.
The Apple case potentially raises at least these major legal issues:
- To what extent the government can use the All Writs Act to compel people unrelated to a case to provide unwilling technical support–here, Apple says, 12-40 man-weeks of expert engineering–to the government’s efforts to disable a security system in order to effectuate a search warrant or similar court order;
- Whether ordering a firm to write code (here, a bespoke phone OS), is a form of compelled speech violating the First Amendment
- Whether ordering a firm to digitally sign that code (or anything else) is an impermissible form of compelled speech
- Whether if a court can issue this order requiring assistance to disable a security system without violating the Constitutions, it follows that Congress could also legislate to forbid people from building strong security systems that the government cannot break into unassisted — and, most critically, whether that would mean the government could forbid the deployment of strong cryptographic tools without back doors. (This last issue was the main subject of the two articles I linked to above. It’s not a simple question.)
Although the Apple issue likely will be decided on non-constitutional grounds, the parties are making a record on the constitutional issues with an eye to a set of appeals that could go as far as the Supreme Court. The issues are important and interesting, so the media is right to treat this as a big deal.
We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.
We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.
Nonetheless, we are taking additional measures to ensure that your data remains secure. We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. As an added precaution, we will also be prompting users to update their master password.
An email is also being sent to all users regarding this security incident. We will also be prompting all users to change their master passwords. You do not need to update your master password until you see our prompt. However, if you have reused your master password on any other website, you should replace the passwords on those other websites.
Because encrypted user data was not taken, you do not need to change your passwords on sites stored in your LastPass vault. As always, we also recommend enabling multifactor authentication for added protection for your LastPass account.
Security and privacy are our top concerns here at LastPass. Over the years, we have been and continue to be dedicated to transparency and proactive measures to protect our users. In addition to the above steps, we’re working with the authorities and security forensic experts.
We apologize for the extra steps of verifying your account and updating your master password, but ultimately believe this will provide you better protection. Thank you for your understanding and support.
& the LastPass Team
Frequently Asked Questions
Why haven’t I been notified by email? Emails are being sent to all users regarding the security incident. While this takes a bit longer than posting on the blog, we are working to notify users as fast as possible.
Do I need to change my master password right now? LastPass user accounts are locked down. You can only access your account from a trusted IP address or device – otherwise, verification is requested. We are confident that you are safe on your LastPass account regardless. If you’ve used a weak, dictionary-based master password (eg: robert1, mustang, 123456799, password1!), or if you used your master password as the password for other websites you need to update it.
I remember it well:
Editor’s Preamble! Back in 1997 I gave a paper on crowdfunding – I believe the first ever proper paper, although there was one "lost talk" earlier by Eric Hughes – at Financial Cryptography 1997. Now, this conference was the first polymath event in the space, and probably the only one in the space, but that story is another day. Because this was a polymath event, law professor
who’s name escapesMichael Froomkin stood up and asked why I hadn’t analysed the crowdfunding system from the point of view of transaction economics.
I blathered – because I’d not heard of it! But I took the cue, went home and read the Ronald Coase paper, and some of his other stuff, and ploughed through the immensely sticky earth of Williamson. Who later joined Coase as a Nobel Laureate.
The prof was right, and I and a few others then turned transaction cost discussion into a cypherpunk topic. Of course, we were one or two decades too early, and hence it all died.
Now, with gusto, Vinay Gupta has revived it all as an explanation of why the blockchain works.
The NYT has a great story today, Miss a Payment? Good Luck Moving That Car on sub-prime loans for cars requiring that buyer accept installation of an immobilizer that can be operated by remote control by the lender’s agents. The article concentrates on ways in which these are being abused, e.g. immobilizing cars in traffic, far from home, when payments are not in fact late, and more.
It also hints at a group of legal issues, notably privacy (the GPS technology on which the immobilizer relies makes cars trackable by the monitoring company), and whether state laws on repossession — which require more notice, or more time between a missed payment and authorized action by the lender — should apply to a ‘virtual repossession’ or not. (Attention: Student note topic seekers. Doing this analysis in just one state would be a fine topic, and a social good.)
Then there’s the sociological aspects,
Beyond the ability to disable a vehicle, the devices have tracking capabilities that allow lenders and others to know the movements of borrowers, a major concern for privacy advocates. And the warnings the devices emit — beeps that become more persistent as the due date for the loan payment approaches — are seen by some borrowers as more degrading than helpful.
“No middle-class person would ever be hounded for being a day late,” said Robert Swearingen, a lawyer with Legal Services of Eastern Missouri, in St. Louis. “But for poor people, there is a debt collector right there in the car with them.”
Missing, though, is the first thing that occurred to the cypherpunks when this technology first got mooted over a decade ago: How long until it is hacked? What happens when some bad guy starts war driving with a black box immobilizer causing accidents or other harms? And to what extent will the makers of the immobilizer be liable for those harms? Another good student note, at the very least.
[Note: Edited to add italicized line in second paragraph, which mysteriously got cut out before posting.]
I think I’ve pretty much got https working on this blog. At present it will serve up both unencrypted or encrypted versions depending what you ask for. The encrypted version is, at least on my computers, noticeably slower to turn up.
So the question is, What do I do now? Should I turn of http and forward all traffic to https? If I do so, should I remove the remaining insecure items, which I take to be the counters and the little map that shows where visitors come from? Is there a free counter somewhere that is https compliant? If I don’t force https, what’s the point of having the encrypted version there if almost no one other than the people running EFF’s great https-everywhere plugin will ever see it?