Let's Encrypt and U.S. laws

Hi LE,

how are you prepared / what are the plans for the case that a U.S. agency request you to compromise the security of one or more of your issued certificates?
Or to put it in other words: why did you not choose to set this service up in a country where it is not that likely to be forced by law to compromise security measures to gather informations about encrypted data?

Best regards,
AlvaHenrik

4 Likes

Hi @AlvaHenrik, all of the people and organizations who originally started this project are all based in the United States, and it would be quite a challenge to try to incorporate or locate infrastructure abroad. Itā€™s also not obvious to me that there is some jurisdiction that is unequivocally legally safer in this way. In some cases government pressure on technology and communications firms may just not have been widely publicly reported. I remember meeting with people from an industry association (that represented firms all over the world) and asking them about surveillance issues, to which they replied something like ā€œoh, of course all of our members have to deal with demands from states and of course itā€™s not something they ever talk about in publicā€.

Iā€™ve written and spoken elsewhere about some of the reasons that I donā€™t think that we would be a good target for an attempt at compelled misissuance. Maybe we can set these out in detail somewhere. Briefly, the organizations that created ISRG are especially committed to privacy and security and weā€™re working with lawyers who have been extremely active in challenging the U.S. government over surveillance issues. We have also begun publishing legal transparency reports including detailed statistics about governmental or legal requests (the first report shows that there have never been any such requests), and weā€™ve committed to using Certificate Transparency to publish every certificate that we issue, so weā€™re promising never to issue a certificate in secret. We hope to create a more transparent certificate issuance environment where we are not able to get away with misissuance, regardless of the reason for the misissuance event.

Because of the weakest-link problem with the CA system to date, it would probably be easier for governments that want to attack TLS via misissued certificates to find another CA (in any jurisdiction) that is less transparent and less disposed to do its utmost to fight back against such requests, and try to compel that CA instead of us. Maybe that will change for some attacks in the future as a result of adoption of technologies like CAA and HPKP, but for the general case right now, I donā€™t see a reason why any government would think that weā€™re the best CA to try to get misissued certs out of!

If people can think of additional transparency measures that we can adopt to try to ensure that we always get caught quickly if we ever misissue, we would love to hear about them!

5 Likes

What a total bullshit. All of these members have offices/presence around the world, are you telling us they are not capable of doing such an easy thing? This would make me doubt about the quality, goal and professionalism of this project. As far as i am concerned the US, is the worst place to be, maybe have a look at Switzerland or so.

If you use this weakest link argument here, what good is letsencrypt going to be doing then in this branche? All these certificates are untrustworthy anyway with this CA system?

It would be a good statement of letsencrypt to also choose a jurisdiction that emphasises this security and privacy. And be a good example for other ca companies, so they can follow this strategy.

Would be great to delete all root ca from countries that have 'shitty' privacy laws. Can you imagine european law, outlawing ca's that are not 'secure' :slight_smile:

Remember this whole project is under the graces of a non-profit organization. Ask a company like DigitalOcean how much it costs to open a datacenter overseas...

I wouldn't say all the certificates are untrustworthy. Given that PKI is what we're stuck with today whether you like it or not, there's nothing stopping you or anyone from creating your own ACME-based CA overseas.

1 Like

Ask a company like DigitalOcean how much it costs to open a datacenter overseas.

Yyy, I cannot come to work on monday, Bugatti Veyron has broke down and anything less of it, i don't drive.

(not convinced by this argument)

Relying on a single CA (or any CA) never being compromised or never being legally forced to hand over their root keys is not gonna be something that will improve security and trust in TLS in the long-term.

Instead, efforts should focus on making such attacks as messy and obvious as possible, so that both government agencies and CAs are discouraged from even thinking about doing it. Certificate Transparency was born in the aftermath of a major CA breach and has already detected multiple cases where certificates were misissued. Once CT becomes mandatory, and various certificate pinning mechanisms become more widely adopted, any kind of CA breach will have a) immediate and dire consequences for the CA (and possibly any government agency behind such attacks) and b) probably no effect on users at all.

Finally, I think itā€™s unreasonable to think that moving to a country like switzerland will somehow mitigate all risks. Just because we now know a lot about the surveillance programs in Five-Eye nations doesnā€™t mean other countries donā€™t have similar programs, some probably even worse. If anything the leaks have demonstrated that relying on laws for security and privacy just doesnā€™t work.

5 Likes

ā€œI think itā€™s unreasonable to think that moving to a country like switzerland will somehow mitigate all risks. Just because we now know a lot about the surveillance programs in Five-Eye nations doesnā€™t mean other countries donā€™t have similar programs,ā€

You are thinking? It is about, getting the best possible result. It is something lawyers should address nor your or me. They should find, at this point in time, the best fitting country for a specific period. Maybe the organization should even be very mobile so it can continue business in a different jurisdiction quickly.

Cisco is in India, Akamai is in India maybe some of the partners as well. So it is possible to go abroad to cut costs, but for privacy and security not?

https://cdn.discourse.org/letsencrypt/letter_avatar_proxy/v2/letter/b/d78d45/45.png blagom https://community.letsencrypt.org/users/blagom
November 22
Roosit, the only contributions I have seen you make are complaining about the current implementation. Are you involved in this project in any way (either through funding, code contributions, or infrastructure design)? If not, you may leave these higher level questions to the parties involved and stick to filing technical bug reports/feature requests, instead of borderline harassing community members who are gratefully contributing their time to forwarding this wonderful project.

Or if your only goal is to pressure them to move everything to your datacenter http://www.domainiq.com/name?Marc_Roos in the Netherlands, then perhaps a proper sales pitch is in order, instead of hatefully commenting in threads like these.

To respond, visit Let's Encrypt and U.S. laws - #8 in your browser.

I dont know where this message is located on this forum. But for the sender.

  • I think it is a great idea to bring encryption to the masses in an easy and secure way.
  • Encryption/ceritification is serious business, so the question Alva raised is a valid concern.
  • Addressing this issue with evasive answers, will lead to this type of thread. Some here have broad experience, knowledge and can think for themselves. Just say "we didnt think about incorporating abroad" or "we like it here in the us, and thats is where it will stay" or "i am just simple contributor, i will have a lawyer answer this" than it would be the end of the discussion.
  • If you are thinking i am out to get some colocation/hosting business, than you have totally missed the point in this thread. (And that is exactly the reason, why I am addressing this).

Is it possible to put a poll on this forum:
I would like Letsencrypt to be incorporated in a country (other than the US) with better fitting legal conditions (eg. privacy laws)?

  • I am from the US and I would like this
  • I am from the US and I don't want this
  • I am NOT from the US and I would like this
  • I am NOT from the US and I don't want this

If I want to contribute in some other way, and come to the states, will it be possible to meet with management?

AFAIK the post was deleted by the creator and was only visible some time longer before it finally got removed. I think he/she had his/her reasons to do it and I don't think it's helpful if you bring this post up again.

To answer more directly: Jurisdictional issues are definitely something we think about, but as Seth said, our founding organizations are all in the US. I am not a lawyer, but I donā€™t think a US organization can create an overseas entity that is not subject to US court orders. And as Seth said, so long as any major CA remains in the US, the risk of compelled issuance is still there.

Our fix to that problem is to work towards fixing the whole ecosystem. It should not be possible for any CA to issue a compelled certificate, and have that certificate remain a secret. Certificate Transparency is one of the best current approaches in that area, and we are supporting that effort. I personally think that has a much greater chance of success than jurisdiction-shopping.

5 Likes

Swiss parliament pushed through a new intelligence law (Nachrichtendienstgesetz) which will give the Federal Intelligence Service FIS extended power and will lead to legalized mass surveillance. Additionally the surveillance law (BƜPF) is currently revised. The new version will extend the time frame communications meta data has to be stored and will extend the amount of providers which will fall under the new rules. I'm not sure, if Switzerland will be any better than the US privacy-wise when these new laws are in effect.

1 Like

To be honest, thats one of my points preventing me using letsencrypt as a service.
Iā€™m located in Germany, and any data storing mechanisms which contain US is beeing refused to many IT colleagues I know - Experience based.

Hi @Us3r even if you do not trust LE where is the problem ?

  1. Any CA including LE did not receive any private or sensitive data from you like keys. The Certificate can anyone retrieve and store.
  2. If you believe that the CA could sign an certificate without your permissions you can PIN your own key so even the CA will not be able to do an MITM after the first visit of the client.
    So what is your problem ?

Is there any CA you would trust ?

I appreciate people worrying about jurisdictional risks because I think it puts valuable pressure on governments to stop tampering with everything, and because we've seen that those risks can be very real and practical.

However, as @tlussnig says, I'm not sure that concern is a strong reason not to use Let's Encrypt in this case. Remember that CAs do not possess your private key and, if you choose to use OCSP stapling, don't learn who visits your site. Overall, the biggest threat from a CA is compelled misissuance, as hypothesized by Soghoian and Stamm in "Certified Lies".

Apart from Let's Encrypt's strong interest in preventing this by using CT and working with a lot of lawyers who are eager to fight any such request, it's clear that sites are already exposed to compelled misissuance from any CA in the default case, unless they use pinning and/or other mechanisms to limit that exposure. If Let's Encrypt or any other CA that is based in a jurisdiction with a government could be compelled by that government to misissue in order to support an attack, any site on the Internet would already be exposed to that risk whether or not it chose to use that CA. Remember that previous misissuance attacks were mostly not against CAs' existing customers, but against non-customers, like when DigiNotar was compromised and made to misissue for sites that were not its customers at all and with which it had no relationship.

If you do use pinning or other mechanisms, you may have a more meaningful choice about how to limit your exposure, and then it's naturally your choice what you want to do. I won't try to convince people that the U.S. is obviously a better or safer jurisdiction than others for avoiding compelled misissuance attacks, but I hope people recognize that this threat can potentially exist in many jurisdictions and it's not obvious today that there is some jurisdiction magically impervious to it.

3 Likes

a lot of intresting risk is going even so far that using the facebook like button on your page unmodified because of its tracking nad the fact that the data is sent to a US, where privacy laws seem kinda weak, is illegal, because the user cannot know beforehand that his data is transferred far away. Thatā€™s why there are 2-click systems (first click on an image which informs you about that data transmission, and then the button appears which you can click)

the problem is that the US has the All Writs act, meaning a judge can do literally anything to get "ā€œwhat is neededā€ so you could be compelled to issue without publishing to CT, and unless thereā€™s a part in the root cert which could force the browsers to check CT, thereā€™s no way you could do otherwise.
Apple is also fighting against that (ya know, that ā€œterrorist phoneā€ case) and even I as apple hater really respect them for that. but there were cases like lavabit who were also compelled to give out their keys so if the NSA or alike force you to hand over your root key you would probably not have much choice.

but there should really be a way to state in the root and intermediates that CT is used to the browsers can avoid those enforced issuances, because even if the public knows they use CT I dont think everyone bothers to check

1 Like

This is also an issue that EFF is working on, for example by filing a brief in support of Apple in the current All Writs Act case.

It's definitely not correct to say that the All Writs Act allows a judge to do literally anything; by its terms, for example, the Act requires that the writs be "agreeable to the usages and principles of law", and courts have previously examined the question of what would make an order appropriate or inappropriate under the Act. They haven't just said "oh, the All Writs Act has 'all' in its text, so there are no longer any constraints on courts"!

It's not a foregone conclusion that a CA can be compelled by a court to misissue, but it's the exact concern presented in Soghoian and Stamm's paper and it is very worth having people in the CA ecosystem pay attention to.

I'm concerned that people have sometimes assumed that non-U.S. jurisdictions somehow don't have this concern, without having done legal research to discover how plausible that is. Almost all jurisdictions have forms of the subpoena power, compelled testimony, and compelled assistance with law enforcement investigations; many jurisdictions also have special rules (de jure or de facto or both) about the government's military or espionage activities. I think it's a complicated empirical question to understand how those rules would relate to attempts to compel a CA to misissue in any jurisdiction, and it's really important not to make assumptions about the answer based on intuitions that particular governments are less aggressive in conducting electronic surveillance than the U.S. government.

Absolutely, and there are people working on this at Google now. I think it's very likely that Let's Encrypt (and hopefully other CAs!) will eventually have an automated mechanism for this, so that certs can be rejected automatically if they're not in CT. That would dramatically increase the value of CT for defending against misissuance.

well let's say almost. seeing how far the US privacy laws go (especially when the target is foreign), in this case pretty much anything goes. If the FBI and the courts seriously think that deliberaltely posting a hole in the software (but I wonder how they wanna install it in the first place since iirc wipe free installs are only possible after lockscreen)

at least for the CAs that do CT

but then there's another bad problem, which is essentially based on one of the greatest Ideas.
DANE.
The ICANN is a US based company making them subject to the US law, so court could sadly let them hand out the root key which would let the NSA be able to forge certs for a domain using DANE. DANE may be a larger scale but remember that Lavabit was also forced to give their master key.
and the problem since there is nothing above the DNSSec root you cant say "my zone needs CT certs", which makes it even more annoying.

there would be only one way for making that stuff entirely secure. ALL DANE certs would need CT.
Talking about CT, is there a way I could upload a self-signed (or unkown authority) cert to CT and is is simple?

In the Apple case, the court is not deciding and is not being asked to decide about anyone's privacy rights, but about what a company can be compelled to do in order to assist with an investigation (not on the basis of who the target of the investigation is).

My understanding is that logs generally require submitted certs to chain to a publicly-trusted root, otherwise they don't regard them as interesting.

No. It is not.

ICANN was created on September 18, 1998, and incorporated on September 30, 1998 in the State of California.[3] It is headquartered in the Playa Vista section of Los Angeles, California. On September 29, 2006, ICANN signed a new agreement with the United States Department of Commerce (DOC) that moves the organization further towards a solely multistakeholder governance model.[4]
On October 1, 2009 the U.S. Department of Commerce gave up its control of ICANN, completing ICANN's transition.[5]

in

Wanna read more (recent things)?
https://www.newamerica.org/oti/controlling-internet-infrastructure/