This is a case study focusing on the usability of encryption systems as used by political dissidents in Apartheid era South Africa.
Background - South Africa
Between 1948 and 1994, the nation of South Africa was ruled by an ethnically white minority. They set in place a system of government – known as Apartheid - which suppressed, brutalised and discriminated against other races.
The African National Congress (ANC) was formed in the early 20th Century2 with the explicit aim of bringing "all Africans together as one people to defend their rights and freedoms."
In 1960, it was outlawed by the ruling National Party3 and was subsequently branded a terrorist organisation by many nations4.
Activists working for and on behalf of the ANC were placed under intense scrutiny by the National Party and its allies. In order to safeguard their communications, the ANC needed to develop, deploy and successfully use digital encryption.
The primary source of this information comes from the ANC's monthly journal "Mayibuye". In 1995 they published a series of articles on their encryption efforts, collated in a single article: "Talking To Vula"5
Lines of Communication
With the ANC's leadership under extreme surveillance by a technologically superior aggressor, communications between the leadership and members were subject to interception and disruption.
Poor communications had determined the shape of our struggle. It was because our fighters and cadres could not communicate with their leaders and between themselves that the underground never developed and People's War never became a reality.
"Talking To Vula"
The ANC's typical method of encrypting communications in the late 1970s was by the manual use of One Time Pads (OTPs).
While OTPs represent a theoretically uncrackable encryption, they have two fundamental flaws :
- It is difficult to distribute an OTP; it wasn't until the late 1970s that key-exchange over a public channel was solved using the Diffie-Hellman Key Exchange6.
- OTPs often suffer from unrecoverable errors introduced by flaws common in manual transcriptions7.
Activists had to manually encipher messages - a tedious and error prone process - and then manually transcribe and decipher the messages they received.
The lack of digital communications required that messages be physically distributed. This increased the latency of communication to the speed of international postal services.
It was always the same pattern: comrades would go back home feeling enthusiastic and begin by sending a series of messages. They soon came to realise that it was a futile activity as it took so much effort to say so very little and the responses, as few and far between as they were, contained little encouragement and advice.
"Talking To Vula"
These activists were fighting to free their country from the yoke of a repressive and racist government. Yet they found the long-winded process of protecting their communications just too hard.
Security is usability.
The growth of the Personal Computer industry in the 1980s made digital computing increasingly affordable. The ANC's technical committee began to research digital encryption and communication over the telephone network using modems. This was known as "Operation Vula"8.
Modern cryptographic science frowns on the sort of self-created encryption algorithms used by Operation Vula; such algorithms often contain subtle weaknesses of which their creators are unaware9 10. However, developing bespoke encryption systems was a common occurrence in the 1980s – mostly due to the United States Government forbidding the export of encryption software11. This meant that strong, audited encryption was not widely available to the public.
The introduction of computer-based encrypting revolutionised the revolutionaries so that with little effort it was suddenly possible to communicate over vast distances with (apparently) total security. Messages could be long and complex, and the latency of response times were reduced.
It failed not because of technological weakness - but because of human weakness.
Maintaining secrecy is hard. Attaching computers to modems and loading secret codes is still a lot easier than the mind-numbing process of hand powered encryption; but it is an extra burden.
Individuals were careless. They knew that organising against the government could result in torture or death. Despite that, it was hard to act with 100% vigilance.
The details of Vula that the regime released to the press revealed that indeed a number of important documents had fallen into their hands. It became clearer by the day that the comrades in Durban had violated all the rules of security that we had so assiduously tried to impress upon them. Data files of confidential information were kept "in clear" on disk and keywords and key books must have been easily obtainable. The minutes of an entire underground conference were quoted by police as evidence of the plot to overthrow the government.
"Talking To Vula"
These communications were not between "hacktivists" doing it for "teh lulz", lovers exchanging sexts or business people protecting their Intellectual Property. It was between freedom fighters working against a sadistic and murderous government. Failing to maintain security would not just end with their families being tortured - it could mean the disruption of an entire political movement.
And yet that threat still was not enough to keep people acting in a security-conscious manner.
"Talking to Vula" concludes with the lessons the ANC learned from running their encryption programme:
Without first-class communications you cannot carry out a successful underground operation.
"Talking To Vula"
"First class" does not just refer to the technology powering the system, but also the usability of the security.
We know that commonly used encryption programs often have fundamental flaws (such as the recent POODLE13 and HeartBleed14 vulnerabilities), that state-based agencies have deliberately weakened encryption standards15 and that there are theoretical attacks on cryptography using quantum computing16.
Let us assume for now that via some combination of Vernam ciphers17 and Perfect Forward Secrecy18 it is possible to create an encryption scheme which, if used correctly, can withstand sustained attack from determined adversaries.
The correct use of encryption relies on, at a minimum, the following behaviours :
- Users understanding why encryption is necessary.
- A provably secure way for users to generate encryption keys.
- Securely storing the encryption keys.
- Exchanging keys.
- Validating that the keys are trusted by the recipient.
- Correct enciphering of messages.
- Correct deciphering of messages.
- Validating the provenance of messages.
- Securely storing or destroying messages.
- Updating behaviours and technologies in the light of emergent threats.
If any of these behaviours are weak, the entire encryption scheme becomes vulnerable.
Is it possible to create a system that simultaneously satisfies the conditions of desirability (the understanding of its necessity) and usability (the inability to use incorrectly)?
Modern systems like GPG and Keybase.io have improved on the usability of older encryption systems – but they still require the user to act in an almost perfect manner.
A recent high profile case illustrates that, despite the improvement of these systems, intelligent and committed users still make basic mistakes :
David Miranda was carrying password for secret files on piece of paper
A journalist’s partner who was detained carrying thousands of British intelligence documents through Heathrow airport was also holding the password to an encrypted file written on a piece of paper, the government has disclosed.
Daily Telegraph. 2013-08-30
This careless attitude was present 23 years earlier, during Vula :
[Ghebuza's] assistant was in the habit of moving around with Ghebuza's program and "key" disks as well as his data files. This was against all the rules though we had always suspected that some of the comrades were less than meticulous about observing them.
"Talking To Vula"
Users will seemingly do almost anything to bypass security in the name of convenience19 20. From writing down passwords21 22 to pointing a webcam at a VPN token23, these behaviours completely negate any of the protection provided.
Users are left with, at best, a placebo security measure.
A comprehensive encryption programme has to account for the fallibility of human nature.
Ubiquity & Transparency
Usability of encryption relies on two essential factors: Ubiquity and Transparency.
Until the release of the Firesheep software24 it was assumed that websites only had to protect the login portion of their services with HTTPS. Firesheep showed how every interaction with the site could leak login information to an observer.
The only way to guarantee the security of users was to ensure that every single interaction with the site was secured. Ubiquitous security became a necessity.
Similarly, it used to be common that in order to securely access a site like Facebook or Twitter, a user had to remember to enter the URL with the "https://" protocol, or they had to manually set an option to enable security.
By having the website insist on using HTTPS and enforcing it for all users at all times, they removed the need for the user to have to constantly check their security settings. This mode of operation means that encryption technology does not get in the way of the user's normal use of the site. Users do not have to undertake manual actions to enable encryption.
Despite the obvious legal and moral need to protect such sensitive information, I discovered that 18 of the forces did not provide any website security. Six of the sites had encryption available but did not force visitors to use it. This meant that users of the site would have to manually manipulate the URL to select a secure method of communication.
Even minor transgressions in the correct use of security can offer an adversary the opportunity to penetrate a user's defences. Users have to continually protect themselves against an unending onslaught of criminals and state-backed hostiles.
"Remember we only have to be lucky once. You will have to be lucky always."
Anonymous IRA Spokesman26 referring to the 1984 Brighton hotel bombing.
In order to make encryption practical and to extend the benefits of secure communication to as many people as possible, we have to find ways of making users as "lucky" as possible.
The challenge for future security systems is to protect users from their own fallibility whilst being as unobtrusive as possible.