Experts Blast Encryption 'Backdoor' PlanCryptographers Say Effort to Help Law Enforcement Unfeasible
A dozen well-known cryptographers and cybersecurity specialists have published a paper explaining why they believe it's unrealistic to create a so-called "backdoor" to allow law enforcement and intelligence agencies to decrypt coded information.
"You can't have a world where the good guys can spy and the bad guys can't," says cryptographer Bruce Schneier, one of the authors of the paper, Keys Under Doormats: Mandating Insecurity by Requiring Government Access to All Data and Communications. "All we can get is where everyone can spy or nobody can spy."
The paper was published July 7, the day before FBI Director James Comey and Deputy Attorney General Sally Quillian Yates were scheduled to testify before the Senate Judiciary Committee on the dangers they believe new encryption technologies pose in preventing law enforcement from monitoring criminals, terrorists and adversaries.
Bruce Schneier explains why a backdoor isn't workable.
The paper contends providing law enforcement with "exceptional access" to encrypted data would pose grave security risks, imperil innovation and raise thorny issues for human rights and international relations.
"Building backdoors into all computer and communication systems is against most of the principles of security engineering, and it also against the principles of human rights," one of the paper's authors, University of Cambridge Professor Ross Anderson, writes in his blog.
The paper's authors identify three problems with providing law enforcement and intelligence agencies with exceptional access to decrypt data:
- Providing exceptional access would force a U-turn from the best practices being deployed to make the Internet more secure. These practices include forward secrecy, in which decryption keys are deleted immediately after use, so that stealing them would not compromise other communications. A related technique, authenticated encryption, uses the same temporary key to guarantee confidentiality and to verify that the message has not been forged or tampered with.
- Building in exceptional access would substantially increase system complexity. Security researchers see complexity as the enemy of security; each new feature can interact with others to create vulnerabilities. To achieve widespread exceptional access, new technology features would have to be deployed and tested with hundreds of thousands of developers all around the world, creating an extremely complex computing environment.
- Exceptional access would create concentrated targets that could attract bad actors. Security credentials that unlock the data would have to be retained by the platform provider, law enforcement agencies or a trusted third party. If law enforcement's keys guaranteed access to everything, an attacker who gained access to these keys would enjoy the same privilege. Law enforcement's stated need for rapid access to data would make it impractical to store keys offline or split keys among multiple keyholders, as security engineers would normally do with extremely high-value credentials. As the recent Office of Personnel Management breach demonstrates, much harm can arise when many organizations rely on a single institution that itself has security vulnerabilities.
Clipper Chip Debate Revisited
This isn't the first time security experts have voiced joint opposition to government efforts to bypass encryption. In 1997, the cryptographic community lobbied against the proposed Clipper Chip, which sought to have all strong encryption systems retain a copy of keys necessary to decrypt information with a trusted third party that would turn over keys necessary to decrypt data to law enforcement with a court order. The government eventually abandoned its Clipper Chip initiative.
"It's still a bad idea," another of the report's authors, Columbia University Computer Science Professor Steven Bellovin, writes in his blog. "The underlying problem of complexity hasn't gone away; in fact, it's worse today. We're doing a lot more with cryptography, so the bypasses have to be more complex and hence riskier. There are also more serious problems of jurisdiction; technology and hence crypto are used in far more countries today than 20 years ago."
In a joint press conference last January, President Obama and British Prime Minister David Cameron said they saw a need for law enforcement to be able to gain access to encrypted data on a suspected terrorist's digital device, though Obama stopped short of calling for a law to require manufacturers to provide a so-called "backdoor" to break encryption on mobile devices (see Obama Sees Need for Encryption Backdoor).
Listen to the full remarks on encryption President Obama and Prime Minister Cameron delivered.
Comey, in an Oct. 16 speech, said he wanted Congress to update a 20-year-old law to give law enforcement authorities access to the encrypted data of suspected criminals, a point he's expected to reiterate at two hearings on July 8, before the Senate Judiciary and Intelligence committees. His comments came after smartphone makers announced that they were designing their products to give device owners complete control over encryption keys.
"We are struggling to keep up with changing technology, and to maintain our ability to actually collect the communications we are authorized to intercept," Comey said last fall (see FBI Director Ignites Encryption Debate). "And if the challenges of real-time interception threaten to leave us in the dark, encryption threatens to lead all of us to a very dark place."
The paper's authors posed a series of questions officials should answer before the government tries to implement a backdoor program. One key question, they say, is: What oversight program would be required to monitor the effectiveness, cost, benefits and abuse of exceptional access? The authors also suggest officials gauge the economic impact of providing exceptional access. "What economic effect would be considered too impactful for exceptional access to be considered worthwhile?" they ask.
Besides Anderson, Bellovin and Schneier, the paper's other authors include MIT Professor Hal Abelson, Microsoft Senior Cryptographer Josh Benaloh, public-key cryptography creator Whitfield Diffie, entrepreneur and civil libertarian John Gilmore, Johns Hopkins University Professor Matthew Green, Worcester Polytechnic Institute Professor of Cybersecurity Policy Susan Landau, Massachusetts Institute of Technology Professor and RSA co-founder Ronald Rivest, MIT security researcher Michael Specter and MIT Computer Science and Intelligence Lab Founding Director Daniel Weitzner.