Pretty Much Anyone With Any Understanding Of Crypto Tells President Obama That Backdooring Crypto Is Monumentally Stupid

from the basic-understanding dept

Nearly 150 tech companies (including us via the Copia Institute), non-profits and computer security experts have all teamed up to send a letter to President Obama telling him to stop these stupid ideas about backdooring encryption that keeping coming out of his administration. The press headlines will note that big companies -- like Google, Apple, Cisco, Microsoft, Twitter and Facebook -- are signing the letter. But significantly more interesting is the signatures from a huge list of computer security experts, all putting their names down on paper to make it clear what a ridiculously bad idea it is to even think about backdooring encryption. Among those signing on are Phil Zimmermann (who lived through this sort of thing before), Whitfield Diffie (guy who invented public key cryptography), Brian Behlendorf, Ron Rivest, Peter Neumann, Gene Spafford, Bruce Schneier, Matt Blaze, Richard Clarke (long-time counterterrorism guy in the White House), Hal Abelson and many, many more. Basically a who's who of people who actually know what they're talking about.
We urge you to reject any proposal that U.S. companies deliberately weaken the security of their products. We request that the White House instead focus on developing policies that will promote rather than undermine the wide adoption of strong encryption technology. Such policies will in turn help to promote and protect cybersecurity, economic growth, and human rights, both here and abroad.

Strong encryption is the cornerstone of the modern information economy’s security. Encryption protects billions of people every day against countless threats—be they street criminals trying to steal our phones and laptops, computer criminals trying to defraud us, corporate spies trying to obtain our companies’ most valuable trade secrets, repressive governments trying to stifle dissent, or foreign intelligence agencies trying to compromise our and our allies’ most sensitive national security secrets.

Encryption thereby protects us from innumerable criminal and national security threats. This protection would be undermined by the mandatory insertion of any new vulnerabilities into encrypted devices and services. Whether you call them “front doors” or “back doors”, introducing intentional vulnerabilities into secure products for the government’s use will make those products less secure against other attackers. Every computer security expert that has spoken publicly on this issue agrees on this point, including the government’s own experts.
There's much more in the full letter which I highly recommend reading. It very nicely summarizes why this is a completely insane idea, and highlights why anyone raising it should be immediately told to move on to some other project instead:
The Administration faces a critical choice: will it adopt policies that foster a global digital ecosystem that is more secure, or less? That choice may well define the future of the Internet in the 21st century. When faced with a similar choice at the end of the last century, during the so-called “Crypto Wars”, U.S. policymakers weighed many of the same concerns and arguments that have been raised in the current debate, and correctly concluded that the serious costs of undermining encryption technology outweighed the purported benefits. So too did the President’s Review Group on Intelligence and Communications Technologies, who unanimously recommended in their December 2013 report that the US Government should “(1) fully support and not undermine efforts to create encryption standards; (2) not in any way subvert, undermine, weaken, or make vulnerable generally available commercial software; and (3) increase the use of encryption and urge US companies to do so, in order to better protect data in transit, at rest, in the cloud, and in other storage.”
The Washington Post quotes another surprising signatory: Paul Rosenzweig, the former Deputy Assistant Secretary for Policy at Homeland Security. If that name sounds familiar, it's because we've quoted his defense of the NSA, once arguing that "too much transparency defeats the very purpose of democracy." If even he is arguing against backdooring encryption, you know it's an idea that should be killed off. In his case, it's because he recognizes the simple reality that seems to have eluded the FBI director:
The signatories include policy experts who normally side with national-security hawks. Paul Rosenzweig, a former Bush administration senior policy official at the Department of Homeland Security, said: “If I actually thought there was a way to build a U.S.-government-only backdoor, then I might be persuaded. But that’s just not reality.”
That's just not reality. And neither should be any policy effort that involves pushing for more backdoors in encryption. It's bad economic policy. It's bad security policy. It's bad crypto policy. It's bad privacy policy. It's just bad policy all around.

And the world would be much better off if all of these security experts and companies could focus on better protecting us from harm, rather than having to join in ridiculous debates about what a bunch of clueless bureaucrats think might be some sort of mythical magic unicorn encryption breaker.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 19 May 2015 @ 6:08am

    I need a key for the back door of the White House.

    reply to this | link to this | view in chronology ]

    • icon
      DannyB (profile), 19 May 2015 @ 6:18am

      Re:

      You don't need a key. But someone might need such a key. So one should exist. And of course, you can trust the government that it won't be misused.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 May 2015 @ 7:02am

      Re:

      I don't know if that's necessary since they leave the front door unlocked.

      reply to this | link to this | view in chronology ]

    • identicon
      David, 19 May 2015 @ 8:58am

      Re:

      You haven't been paying attention then. The back door of the White House unlocks by throwing money at it. Don't worry though: you only need to pay out of your own pockets the first time round and may take taxpayer money for revisits.

      reply to this | link to this | view in chronology ]

  • identicon
    Call me Al, 19 May 2015 @ 6:19am

    I sincerely hope they have sent a copy of this letter to the UK government and France, among innumerable other goverments full of people without any idea of how technology actually works.

    reply to this | link to this | view in chronology ]

    • identicon
      John, 19 May 2015 @ 9:35am

      To 'Call me Al'

      What gave you the idea that the UK, France and other governments have no idea about how technology works? They understand very well what they are doing, as does the US administration.

      reply to this | link to this | view in chronology ]

      • identicon
        Brian Gregory, 27 May 2015 @ 9:29am

        Re: What gave you the idea that the UK, France and other governments have no idea about how technology works?

        Do you think they realise that this will only allow them to spy on the innocent? Anyone who really has something to hide will easily be able to get old style encryption without a back-door. It is, you must agree, impossible to un-invent it.

        reply to this | link to this | view in chronology ]

  • icon
    DannyB (profile), 19 May 2015 @ 6:20am

    So much feedback sends a strong message

    Hopefully so much feedback from experts will send a strong message to politicians. Predictably, when politicians get so much unified feedback from so many experts, they will give it strong consideration and then do the exact opposite of this good advice.

    reply to this | link to this | view in chronology ]

  • identicon
    Just Another Anonymous Troll, 19 May 2015 @ 6:30am

    Encryption protects billions of people every day against countless threats—be they... repressive governments trying to stifle dissent
    Removing that is a feature of the backdoors, not a bug.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 May 2015 @ 6:40am

    And then there's the government's hypocrisy that insists that encryption is sacrosanct --and eternal-- when it comes to Hollywood corporations locking up their media (or at least pretending to) even after they sell it, yet argues the opposite for the citizenry who want the most basic protections of encryption.

    reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 19 May 2015 @ 7:21am

    "No worries, our Magical Golden Key (TM) will only work with the worthy and the pure of heart!" - The Administration

    reply to this | link to this | view in chronology ]

    • icon
      DannyB (profile), 19 May 2015 @ 7:30am

      Re:

      Only the Big Brother divinely appointed by the Administration can pull the Golden Key from the Stone. No other will be able to perform this remarkable act. Only the Administration has the quantum superposition Holy Grail of secure but insecure cryptography. All Subjects of the Administration are henceforth commanded to use only this most worthy form of encryption.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 May 2015 @ 9:27am

      Re:

      Pure Evil

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 May 2015 @ 10:31am

      Re:

      Whosoever holds this key, if he be worthy, shall possess the power over everyone

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 May 2015 @ 1:40pm

      Re:

      Well, that pretty much eliminates any and all Government officials. First off, you gotta have a heart to have a "Pure" one. Never saw any Government Official in possession of an actual heart.

      reply to this | link to this | view in chronology ]

    • icon
      PaulT (profile), 20 May 2015 @ 12:21am

      Re:

      "No worries, our Magical Golden Key (TM) will only work with the worthy and the pure of heart!"

      ...but we'll store it under the doormat in the porch. Don't worry, nobody ever looks there and we have a guard who's there most of the time. Nobody will be able to try it without our permission, trust us!

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 May 2015 @ 7:31am

    Will this be enough to end the debate? It should be, but considering that we went through this in the 90s and again now, I'm not so sure.

    It's been well established for decades why deliberate backdoors are an awful idea. Yet clueless Comey and other government officials routinely come back to this and demand it. Government officials, drunk with power, abhor being told no.

    Well, no is the only answer they're going to get. They don't need it. They can't have it. Stop demanding it.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 May 2015 @ 7:51am

      Re:

      I'm no cryptography expert, but I'll open my ignorant mouth anyway.

      There are a lot of smart people in silicone valley. I'm sure they can come up with a way to make up be down and down be up. Black can be white while simultaneously being black. If you can accept this simple fact, then it is no further stretch to accept that systems can be both secure and insecure.

      Just because a system is insecure doesn't mean it isn't also secure. When you complain that it is insecure, I can point to the fact that it is also secure. You can be sure it is secure because it is written into the law that way.

      Enhanced interrogation isn't torture. Secret trade agreements are for free trade. Corporations are people too.

      reply to this | link to this | view in chronology ]

    • icon
      PaulT (profile), 20 May 2015 @ 12:26am

      Re:

      "Will this be enough to end the debate?"

      No. Many politicians get votes by appearing to "do something", even if that something would actually make life worse, not better. They also get votes through fear and being "tough on crime", and by fooling the ignorant into thinking that questioning bad decisions is the same as supporting said crime or terrorism.

      This will keep coming up until either every politician is tech savvy enough to realise how stupid the request is, those who know what they're doing are completely ignored and the law passes anyway, or someone comes up with a kind of crypto where such a backdoor is impossible or irrelevant. The latter, by the way, would probably get someone locked up for supporting America's enemies.

      reply to this | link to this | view in chronology ]

  • identicon
    Jason, 19 May 2015 @ 7:31am

    Almost perfect

    I wish they would have also included a phrase or two addressing the "Silicon Valley people are smart, they can figure this out if they wanted to" statements that some of the people pushing backdoors have made--something that would highlight the difference between "hard" and "not mathematically possible"--but even without that this is excellent and I hope the message gets through.

    reply to this | link to this | view in chronology ]

  • identicon
    Dave Waterson, 19 May 2015 @ 8:30am

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 May 2015 @ 10:36am

      Re:

      As a country who is rapidly turning into a nation of bankers you'd think the UK would appreciate the value of secure online data transmission.

      reply to this | link to this | view in chronology ]

  • identicon
    If I only had a heart!, 19 May 2015 @ 8:32am

    It's not about security it's about control

    There will still be backdooring, anyone remember the debate about ECHELON? we won that one right?, RIGHT? wait no, the state just said they weren't going to do it and then went ahead and implemented it and worse anyway, this is about the ability to commit arbitrary violence to people, because fuck you that's why, it's psychopaths having having murder fantasies, it will not stop, it will not get better they have the guns.

    reply to this | link to this | view in chronology ]

    • icon
      James Burkhardt (profile), 19 May 2015 @ 8:47am

      Re: It's not about security it's about control

      Given that backdooring requires the consent of the companies involved, and those companies stated aversion to including intentional backdoors, and the fact that if we 'win' this fight people can release their own encryption algorithims, I dont see how backdooring encryption will become a mainstay if we win this fight.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 May 2015 @ 9:01am

    you can't ban math

    reply to this | link to this | view in chronology ]

  • identicon
    alternatives(), 19 May 2015 @ 1:25pm

    Backdoor key

    Fine. Let 'em.

    Then design a system that requires each time an encrypted key is used the backdoor key must be registered and the Government, to confirm the key is properly registered, must send a response in writing.

    I'm betting you can create and expire the keys faster than the bureaucracy can process the paper.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 May 2015 @ 7:07pm

    Now, let's see the list of cryptography expert's signatures that the proponents of weaker cryptography can produce.

    And swear to never hire those "experts" again.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.