Encryption & Key Management , Next-Generation Technologies & Secure Development , Security Operations
Why 'Cryptophobia' Is Unjustified
5 Factors Demonstrate Why Encryption Backdoors Are Wrong ApproachIn the wake of the Paris attacks, many politicians have been creating visions of jihadists storming our streets, using untraceable encrypted communication to enable their deadly assaults (see Paris Attacks Reignite Encryption Debate).
So in a classic political move, their response has been to suggest that strong crypto be banned unless software and hardware vendors add in backdoor access for government agencies.
See Also: How to Take the Complexity Out of Cybersecurity
This "cryptophobia" stance conveniently overlooks - or else demonstrates an inability to grasp - the fact that we rely on strong cryptography, with no backdoors, to protect everything from our online banking transactions to our children's privacy.
Here are five essential crypto factors to consider:
1. Bans Don't Work
It's impossible to prevent people from using strong encryption that's free from backdoors. The same is true of so-called crypto-currencies such as Bitcoin, which can be difficult - albeit not impossible - for law enforcement agencies to trace. "If you outlaw it, the only people that will use it will be outlaws," University of Surrey information security professor Alan Woodward tells BBC World Service. And law enforcement agencies would be none the wiser. "It's not like you can see these things going over the network," he says. "You simply couldn't [effectively] ban it."
2. Not Clear That Paris Attackers Used Crypto
The push for "backdoored" strong crypto looked like it had gone dormant until, in the wake of the Nov. 13 Paris attacks, numerous law enforcement and intelligence officials suggested that the attackers might have been using encrypted communications, without providing any firm evidence to support that assertion. The latest push came this week from the International Association of Chiefs of Police and the U.S. National District Attorneys Association, which demanded that Congress mandate crypto backdoors, citing the vague threat of investigations "going dark" (see After Paris Attacks, Beware Rush to Weaken Crypto).
Keep in mind, at least some of the Paris attacks apparently were organized and executed via Facebook and plaintext SMS messages sent via unlocked iPhones, according to news reports.
And any future attack could be planned without using encryption, for example via steganography - hiding messages in other files - or even pre-agreed one-time codes (see Attacks in Paris: The Cyber Investigation).
3. Backdoors Create New Problems
While it's easy to decry how strong crypto can be used to facilitate criminal behavior, adding backdoors may create more problems than it solves, according to a technical report, "Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications," that researchers at the Massachusetts Institute of Technology released earlier this year.
The researchers warned that backdoors break forward secrecy - meaning that earlier communications could be compromised in the future - as well as increase system complexity, thus dramatically increasing the risk of introducing exploitable vulnerabilities that would undermine the entire system. And any system that forces organizations or Internet service providers to share access credentials with the government, which then centralizes that information, would itself be at risk from "bad actors" - both internally and externally.
"Recent attacks on the U.S. government Office of Personnel Management show how much harm can arise when many organizations rely on a single institution that itself has security vulnerabilities," the researchers write (see OPM: 'Victim-as-a-Service' Provider). In addition, it's worth highlighting that amassing so much information in one place would make life much easier for foreign intelligence agencies, who could then steal the backdoor keys and gain easy access to encrypted communications and data.
4. 'Good Guys' Can Attack
Insiders are also a risk. In the investigation into the notorious Silk Road darknet marketplace, for example, two of the men arrested, who later pleaded guilty to related crimes, were federal agents participating in the investigation (see Former Secret Service Agent Pleads Guilty to $800K Bitcoin Theft).
It's also worth noting that the United States already has a system where the "good guys" hold keys to locks. As pundit Cory Doctorow has noted, the Transportation Safety Administration requires all locked baggage to use Travelsentry-compatible locks, for which TSA agents hold master keys.
A CNN investigation into lost luggage found numerous cases of insider theft, including baggage handlers rifling through bags in TSA-secured areas. TSA has fired 513 officers for theft, CNN reports.
5. Strong Crypto Benefits Society
Many politicians and government officials that are quick to push for adding backdoors to crypto spend no time detailing the likely repercussions.
"Do we want strong encryption to protect our businesses, to protect our online privacy and prevent mass surveillance by rogue states?" asks Brian Honan, an information security consultant and cybersecurity adviser to the association of European police agencies known as Europol. Or do we instead want to provide backdoor access to encrypted communications, thus imperiling our collective security? Because when it comes to effective crypto, there's no way to limit exceptions to just the "good guys." The only reliable solution is to ensure that we all have access to strong crypto.
"The premise driving the people writing encryption software is ... the hope that we can enforce existing rights using algorithms that guarantee your ability to free speech, to a reasonable expectation of privacy in your daily life," says Nadim Kobeïssi, a Beirut native who's now a cryptography researcher at the French Institute for Research in Computer Science and Automation - known as INRIA - in a blog post. "When you make a credit card payment or log into Facebook, you're using the same fundamental encryption that, in another continent, an activist could be using to organize a protest against a failed regime," he notes, echoing a perspective also being advance by technology giants such as Google and Microsoft.
Undercutting encryption, Kobeïssi argues, is not only bad for society, but would do nothing to curb terrorism. "If we take every car off the street, every iPhone out of people's pockets and every single plane out of the sky, it wouldn't do anything to stop terrorism," he says. "Terrorism isn't about means, but about ends. It's not about the technology but about the anger, the ignorance that holds a firm grip over the actor's mind."