Computer Security Experts Release Report Slamming Proposals To Backdoor Encryption, As FBI Makes Latest Push

from the bad-ideas dept

Later today, FBI director James Comey will testify before two separate Senate panels about “going dark”, the buzz phrase for law enforcement’s ridiculous fear of strong encryption. In preparation for this, Comey has posted an article claiming that he’s not “a maniac” and recognizes the value of strong encryption… but.

1. The logic of encryption will bring us, in the not-to-distant future, to a place where devices and data in motion are protected by universal strong encryption. That is, our conversations and our “papers and effects” will be locked in such a way that permits access only by participants to a conversation or the owner of the device holding the data.

2. There are many benefits to this. Universal strong encryption will protect all of us?our innovation, our private thoughts, and so many other things of value?from thieves of all kinds. We will all have lock-boxes in our lives that only we can open and in which we can store all that is valuable to us. There are lots of good things about this.

3. There are many costs to this. Public safety in the United States has relied for a couple centuries on the ability of the government, with predication, to obtain permission from a court to access the “papers and effects” and communications of Americans. The Fourth Amendment reflects a trade-off inherent in ordered liberty: To protect the public, the government sometimes needs to be able to see an individual’s stuff, but only under appropriate circumstances and with appropriate oversight.

He ends the piece by noting that he’s just encouraging debate on the topic:

Democracies resolve such tensions through robust debate. I really am not a maniac (or at least my family says so). But my job is to try to keep people safe. In universal strong encryption, I see something that is with us already and growing every day that will inexorably affect my ability to do that job. It may be that, as a people, we decide the benefits here outweigh the costs and that there is no sensible, technically feasible way to optimize privacy and safety in this particular context, or that public safety folks will be able to do their job well enough in the world of universal strong encryption. Those are decisions Americans should make, but I think part of my job is make sure the debate is informed by a reasonable understanding of the costs.

But, of course, this suggests that there hasn’t been much debate on this. There has been. There was a giant debate twenty years ago and people realized how important strong crypto is and how dangerous it is to undermine it. And yet, now he’s claiming we need a new debate. We don’t. It’s been concluded and forcing everyone to retrace their steps from two decades ago is just a waste of time, especially considering that many of these people could be working on more important things, like better protecting us and our data.

But… instead, the debate is happening. And now a large group of folks who lived through the last debate have published a fantastic report on why backdooring encryption is monumentally stupid. The report is written by a who’s who of computer security folks:

Harold Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matthew Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Peter G. Neumann, Susan Landau, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael Specter, Daniel J. Weitzner

The paper highlights that this debate was done decades ago:

Twenty years ago, law enforcement organizations lobbied to require data and communication services to engineer their products to guarantee law enforcement access to all data. After lengthy debate and vigorous predictions of enforcement channels ?going dark,? these attempts to regulate the emerging Internet were abandoned. In the intervening years, innovation on the Internet flourished, and law enforcement agencies found new and more effective means of accessing vastly larger quantities of data. Today we are again hearing calls for regulation to mandate the provision of exceptional access mechanisms. In this report, a group of computer scientists and security experts, many of whom participated in a 1997 study of these same topics, has convened to explore the likely effects of imposing extraordinary access mandates.

We have found that the damage that could be caused by law enforcement exceptional access requirements would be even greater today than it would have been 20 years ago. In the wake of the growing economic and social cost of the fundamental insecurity of today?s Internet environment, any proposals that alter the security dynamics online should be approached with caution. Exceptional access would force Internet system developers to reverse ?forward secrecy? design practices that seek to minimize the impact on user privacy when systems are breached. The complexity of today?s Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws. Beyond these and other technical vulnerabilities, the prospect of globally deployed exceptional access systems raises difficult problems about how such an environment would be governed and how to ensure that such systems would respect human rights and the rule of law

As the paper notes, beyond the technical problems with these proposals, there’s also the fact that other governments are going to want this same capability and that opens up all sorts of problems:

The greatest impediment to exceptional access may be jurisdiction. Building in ex- ceptional access would be risky enough even if only one law enforcement agency in the world had it. But this is not only a US issue. The UK government promises legislation this fall to compel communications service providers, including US-based corporations, to grant access to UK law enforcement agencies, and other countries would certainly follow suit. China has already intimated that it may require exceptional access. If a British-based developer deploys a messaging application used by citizens of China, must it provide exceptional access to Chinese law enforcement? Which countries have sufficient respect for the rule of law to participate in an international exceptional access framework? How would such determinations be made? How would timely approvals be given for the millions of new products with communications capabilities? And how would this new surveillance ecosystem be funded and supervised? The US and UK governments have fought long and hard to keep the governance of the Internet open, in the face of demands from authoritarian countries that it be brought under state control. Does not the push for exceptional access represent a breathtaking policy reversal?

And there’s still the technical problems. Government officials still seem to think it’s possible to build a golden key that only government can access. This is technologically ignorant:

[B]uilding in exceptional access would substantially increase system complexity. Security researchers inside and outside government agree that complexity is the enemy of security ? every new feature can interact with others to create vulnerabilities. To achieve widespread exceptional access, new technology features would have to be deployed and tested with literally hundreds of thousands of developers all around the world. This is a far more complex environment than the electronic surveillance now deployed in telecommunications and Internet access services, which tend to use similar technologies and are more likely to have the resources to manage vulnerabilities that may arise from new features. Features to permit law enforcement exceptional access across a wide range of Internet and mobile computing applications could be particularly problematic because their typical use would be surreptitious ? making security testing difficult and less effective.

[E]xceptional access would create concentrated targets that could attract bad actors. Security credentials that unlock the data would have to be retained by the platform provider, law enforcement agencies, or some other trusted third party. If law enforcement?s keys guaranteed access to everything, an attacker who gained access to these keys would enjoy the same privilege. Moreover, law enforcement?s stated need for rapid access to data would make it impractical to store keys offline or split keys among multiple keyholders, as security engineers would normally do with extremely high-value credentials. Recent attacks on the United States Government Office of Personnel Management (OPM) show how much harm can arise when many organizations rely on a single institution that itself has security vulnerabilities. In the case of OPM, numerous federal agencies lost sensitive data because OPM had insecure infrastructure. If service providers implement exceptional access requirements incorrectly, the security of all of their users will be at risk.

There’s a lot more in the report itself, which is worth reading. As Kevin Bankston, the director of the Open Technology Institute, notes, we’ve had this debate and it’s time to end it. It’s over.

Tech companies, privacy advocates, security experts, policy experts, all five members of President Obama?s handpicked Review Group on Intelligence and Communications Technologies, UN human rights experts, and a majority of the House of Representatives all agree: Government-mandated backdoors are a bad idea. There are countless reasons why this is true, including: They would unavoidably weaken the security of our digital data, devices, and communications even as we are in the midst of a cybersecurity crisis; they would cost the US tech industry billions as foreign customers ? including many of the criminals Comey hopes to catch ? turn to more secure alternatives; and they would encourage oppressive regimes that abuse human rights to demand backdoors of their own.

Most of these arguments are not new or surprising. Indeed, it was for many of the same reasons that the US government ultimately rejected the idea of encryption backdoors in the 90s, during what are now called the ?Crypto Wars.? We as a nation already had the debate that Comey is demanding ? we had it 20 years ago! ? and the arguments against backdoors have only become stronger and more numerous with time. Most notably, the 21st century has turned out to be a ?Golden Age for Surveillance? for the government. Even with the proliferation of encryption, law enforcement has access to much more information than ever before: access to cellphone location information about where we are and where we?ve been, metadata about who we communicate with and when, and vast databases of emails and pictures and more in the cloud. So, the purported law enforcement need is even less compelling than it was in the 90s. Meanwhile, the security implications of trying to mandate backdoors throughout the vast ecosystem of digital communications services have only gotten more dire in the intervening years, as laid out in an exhaustive new report issued just this morning by over a dozen heavy-hitting security experts.

If only someone would explain that to Comey, everyone could get back to work. Yet, unfortunately, it looks like he wants to rehash this debate over and over again, despite the fact that the basics aren’t going to change.

Filed Under: , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Computer Security Experts Release Report Slamming Proposals To Backdoor Encryption, As FBI Makes Latest Push”

Subscribe: RSS Leave a comment
That One Guy (profile) says:

Hanlon's razor isn't always true

If only someone would explain that to Comey, everyone could get back to work. Yet, unfortunately, it looks like he wants to rehash this debate over and over again, despite the fact that the basics aren’t going to change.

Unfortunately, such a conversation would almost certainly be a waste of time. Unless Comey is incredibly stupid and intentionally ignorant regarding the matter(which while possible is unlikely for someone in his position) the odds are good that he knows full well that what he’s asking for is both technically impossible, and would lead to massive negative repercussions even attempting. He simply doesn’t care.

He doesn’t care that weakening encryption puts the personal data of millions at risk, that attempting to do so will almost certainly cost the US billions as other countries go with safer alternatives for tech, or that what he’s demanding is flat out impossible.

Why wouldn’t he care? Because encryption makes his job more difficult, and acts as a check of sorts on his power. I imagine there’s more to that, but that’s probably the core reason, the fact that encryption makes mass spying much trickier to pull off, and increases the odds that to get to a bit of data, the ones who want it will have to convince a judge to allow it, and let their target know about it too.

To those that believe that they should be allowed to do anything, so long as it’s done under the name of National Security: Because Terrorists!(tm), that they have a right to any data or information at the asking, and that the less everyone knows of what they’re doing the better, I’m sure the idea of encryption in the hands of the common citizen is something they are absolutely against.

Idiots don’t rise to attain the position of FBI Director, so the idea that he simply doesn’t know any better, that his position on encryption is simply because no-one has explained it to him is unlikely at best. He knows, quite well I’m sure, that what he’s asking for is both impossible, and dangerous.

He just doesn’t care.

Sheogorath (profile) says:

Public safety in the United States has relied for a couple centuries on the ability of the government, with predication, to obtain permission from a court to access the “papers and effects” and communications of Americans.
So, James Comey, if papers were written in a code so obscure even the Enigma Machine couldn’t crack it, the FBI still had strong evidence to make its case? If papers were burnt whilst the ink on the signature of the warrant was still drying, that didn’t fuck up your case at all? No wonder you guys all creamed yourselves over warrantless searches, and no wonder you’re all shitting yourselves that the courts are beginning to agree with the people as a result of Ed Snowden’s revelations.

Anonymous Coward says:

They are drunk with power and hoping to keep the tap open

The 3 letter acronym agencies are drunk with power over their ability to monitor nearly anyone’s communications, location, etc. All with very little government oversight. They fear the day that they will no longer have these voyeuristic powers. I, on the other hand, welcome that day with open arms.

Besides, it isn’t like they won’t have this ability, they will just have to get a warrant to access individual records at the cell carrier, Google, Apple, etc. We the people can only hope the genie can be put back in the bottle and they will be required to get a warrant to target specific people rather than monitoring us all.

Anonymous Coward says:

Public safety in the United States has relied for a couple centuries on the ability of the government, with predication, to obtain permission from a court to access the “papers and effects” and communications of Americans.

Do not let the talk of encryption distract you. Do not let their basic premise go unchallenged. They are trying to move the line.

Anonymous Coward says:

out of curiosity, if back doors are in built and the obvious of ‘unwanted people access through them, what is going to happen to the people whose bank accounts get emptied? they will have done all they could, all that was necessary, but because of the FBI and others wanting, no, insisting that back doors are built into encryption, will they pony up the missing funds? of course not! and the poor saps who lost money, possibly their life savings and/or their retirement plans, will be left destitute! no one will come running round to replace it from the bank and definitely no one from the security services will!!

Ninja (profile) says:

Well, we know that people seem to have major issues learning from history but, really, we are talking about what, three decades? You can’t even pretend people haven’t lived through it. Either law enforcement today suffer from some bad Alzheimer case, are completely dumb or are megalomaniac sociopaths that believe the ends justify any means. Neither of the options are a good sign.

Anonymous Coward says:

Before arguing over what you will do,

it might help to know what you CAN do. Strong crypto is already out there. You can’t undo millions of copies already in the public domain.

Since regulatory isn’t on the table, what remains is punitive.

What this means to the average user: Infringing a copy of Beer Fest could carry RICO charges if you use strong crypto. This sort of thing is already happening in less specific ways. If it’s not grokked, and its not graft, it must be RICO! Really you can only go down that road so many times before you create an American Nelson Mandela or Fidel Castro.

Perhaps the FBI should stop looking for low hanging fruit in the end-user spectrum, and start looking at Anti-Trust activities in the carrier and finance sectors?

O.K. You can stop laughing now. really…

Anonymous Coward says:

All of this is just a long-winded way of saying “Make our job easier, we don’t wanna do the leg work so weaken encryption for us will you?”

I’m sorry but that’s your job, besides encryption has only provided a small barrier at best so there should be literally no problem here but you’re lazy and the slightest bit of extra effort is just too much to ask!

steve says:

The real reason for this anti-encryption campaign is that if effective encryption – that is, where the service provider can’t decrypt – becomes common, then the mass syping will be impaired.

There is really no threat from common criminals or the mostly-fictional “terrorists” – most of them can be caught without decryption, or are too technically inept to use effective encryption. In any case it is not legitimate to refer to them even existing unless the person making the claim has strong evidence, and in that case they obviously got such evidence in the present situation without any “golden key”!

But the USG has to avoid acknowledging the real reason for their demands, knowing the people would reject it as illegitimate, so they have to keep waving the fantasy bogey-man of encryption-enabled terrorists, no matter how little sense it makes.

SteveMB (profile) says:

The simple fact is that the “going dark” problem does not exist. There are several ways to bypass encryption no matter how strong or well-implemented it is — plant a hardware or software bug in the user’s keyboard to capture message prior to decryption (and, for that matter, capture the user’s password); bug the display output line to capture messages as they are read; intercept EM noise and reconstruct keystrokes and display images.

The problem from Big Brother’s viewpoint is that this is too much like work and requires a significant investment in specialized training and equipment. Thus, it only works for legitimate surveillance of a select specific targets, and can’t be scaled up to mass surveillance. Of course, the proper response is “too damn bad”, because the government is supposed to be limited to the former in any case, and technologies that enforce that limitation are problematic only to politicians and bureaucrats who wish to abuse their power (i.e. the ones who give the other 2% a bad name).

Rekrul says:

The real problem is that everyone in the government is too stupid to comprehend the idea that you can’t keep backdoors secret. Because they don’t understand the technology, they think that all the tech companies can magically figure out ways to do it.

What someone needs to do is to make a combination padlock that can also be opened by just poking a rod into a hole in the side of the lock.

Hold up the lock and tell them that this is encryption and the combination is the password. Then hand the rod to one of them and tell them that it’s their magical “golden key” (you can even make it out of brass so that it looks gold). Show them how it works and then ask them how they would ensure that only the government knows about or can use that golden key. Then take out a paperclip, straighten it out and pop the lock open right in front of them. Re-lock it and hand it to someone else and ask them to try and open it. Having seen what you did, they will probably do the same, or use a pen. Then ask the politician again how he intends to ensure that only the government can open such locks without the combination.

Anonymous Coward says:

no need to worry. the UK has so little regard for it’s citizens, it’s going to introduce legislation that removes every vestige of Freedom and Privacy, then pass on everything it finds out to the USA. all it will be passing on, i suspect, is who owes how much money on their mortgage etc, but not a single terrorist plot! anyone who honestly believes that something that could do such harm to people and a country would just be among casual conversations which any security agency could fall upon is a complete friggin’ idiot! even messages to your bank are most closely guarded and require passwords and more, let alone something like this!

Anonymous Coward says:

Even if this wasn’t a horrible idea, we simply don’t trust the government with Crypto Keys and with all the snowden revelations they don’t deserve the trust. They will be hacked out or some human failure will occur or almost certainly they will be misused or passed to the NSA to use at will against everything.

and that’s if it wasn’t the worst idea ever, which it is.

Jon Davis says:

I feel like it would be cheaper and more expedient to have some of these devices with back doors and “golden keys” designed and distributed, then just see how long it takes for some hacking groups to exploit them.
My guess is it would only take a couple days and there would be concrete proof against the implementation of this nonsense.

Anonymous Coward says:

Why do they encrypt their radios?

If encryption is so bad then why would you want to encrypt your communications and keep them away from the public? Oh, of course, in the interest of security. That makes sense! But why can’t the public have this ability. Is there nothing that they are allowed to hide from you without being assumed a criminal or threat?

Anonymous Coward says:

Great article Mike! Very informative.

Me favorite comment I read on Techdirt stated, “Government officials don’t want a debate about exceptional access. We already had that debate and they lost. What government official want is a monologue where they speak and we listen to them.”

Also, whoever came up with the phrase ‘exceptional access’, in reference to encryption backdoors, is a freaking genius. It describes backdoors perfectly.

Especially American backdoors, because American’s tend to think of themselves as exceptional people worthy of exceptional access, compared to the rest of the non-free and non-exceptional world.


Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »