Encryption Workarounds Paper Shows Why 'Going Dark' Is Not A Problem, And In Fact Is As Old As Humanity Itself

from the you-don't-know-what-I-know dept

It was October 2014 when FBI Director James Comey made his famous claim that things were "going dark" in the world of law enforcement because of the increasing use of encryption. Since then, Techdirt has had dozens of posts on the topic, many of them reporting on further dire warnings that the very fabric of civilization was under threat thanks to what was claimed to be a frightening new ability to keep things secret. Many others pointed out that the resulting calls for backdoors to encryption systems were a stunningly foolish idea that only people unable to understand the underlying technology could make.

One Techdirt post on the topic mentioned a great paper with the title "Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications," which ran through all the problems with the backdoor idea. It was written by many of the top experts in this field, including Bruce Schneier. He's just published another paper, co-authored with Orin Kerr, who is a professor at George Washington University Law School, which looks at the other side of things -- how to circumvent encryption:

The widespread use of encryption has triggered a new step in many criminal investigations: the encryption workaround. We define an encryption workaround as any lawful government effort to reveal an unencrypted version of a target's data that has been concealed by encryption. This essay provides an overview of encryption workaround.

The various possibilities are largely self-explanatory:

We classify six kinds of workarounds: find the key, guess the key, compel the key, exploit a flaw in the encryption software, access plaintext while the device is in use, and locate another plaintext copy. For each approach, we consider the practical, technological, and legal hurdles raised by its use.

What's interesting is not so much what the workarounds are, as is the fact that there are a number of them, and that they can all work in the right circumstances. This gives the lie to the idea that we are entering a terrible new era where things are "going dark," and it is simply impossible to obtain important information. But as the authors point out:

there is no magic way for the government to get around encryption. The nature of the problem is one of probabilities rather than certainty. Different approaches will work more or less often in different kinds of cases.

Schneier and Kerr go on to draw an analogy:

When the police have a suspect and want a confession, the law gives the police a set of tools they may use in an effort to persuade the suspect to confess. None of the interrogation methods work every time. In some cases, no matter what the government does, suspects will confess. In other cases, no matter what the government does, suspects will assert their rights and refuse to speak. The government must work with the inherently probabilistic nature of obtaining confessions. Similarly, the government must work with the inherently probabilistic nature of encryption workarounds.

That analogy reveals something profound: that the supposedly new problem of "going dark" -- of not being able to find out information -- has existed as long as humans have been around. After all, there is no way -- yet, at least -- of accessing information held in a person's mind unless some kind of interrogation technique is used to extract it. And as the analogy shows us, that is exactly like needing to find some encryption workaround when information is held on a digital device. It may be possible, or it may not; but the only difference between the problems faced by those demanding answers thousands of years ago and today is that some of the required information may be held external to the mind in an encrypted digital form. Asking for guaranteed backdoors to that digital data is as unreasonable as demanding a foolproof method to extract information from any person's mind. We accept that it may not be possible to do the latter, so why not accept the former may not be feasible either?

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    TechDescartes (profile), 24 Mar 2017 @ 7:31pm

    Kudos

    Best article yet on the "problem" of going dark. Neither omniscience nor omnipotence are desirable qualities in a government.

    reply to this | link to this | view in chronology ]

  • icon
    discordian_eris (profile), 24 Mar 2017 @ 9:14pm

    It has never been about encryption per se. It has always been about power and essentially, laziness. Why actually investigate something when you don't have to? Easier to coerce a confession, false or real doesn't matter. Just a conviction. If breaking someones encryption is the easiest APPARENT way to 'solve' a crime, it's a no-brainer from the LEO perspective.

    People need to remember, it never has been about 'justice', just closing cases.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Mar 2017 @ 9:06am

      always been about power

      |

      "...never been about encryption... It has always been about power.."


      Yup. Our politicians insist that they ("government") have an inherent “right to know” about all the private matters of the entire American citizenry. They do not say that openly, but it is obvious from their daily actions ("collect it all"). Obstacles like citizen 'encryption' MUST be neutralized across the board... to secure the government's perceived "right to know"!


      But politicians/judges/bureaucrats have no "rights" whatsoever-- only very limited authorities granted by the citizenry in legal form (Constitution). There is no general "right to know" for government, even in the courts.

      There NO exceptions to the 4th Amendment for national security, law enforcement, or border searches. Politicians sitting on the US Supreme Court blatantly ignores that fact.

      Despite this fundamental truth, our self-imagined rulers arrogantly demand that Americans acquiesce to massive invasions of privacy... due to whatever the latest political crusade happens to be for these rulers --- yet they insist on strictly maintaining their own state secrets privilege from the very people who hired them (citizenry).

      U.S. government obvious desire to closely watch & control the American populace is self-evidently an extreme dangerous to liberty.

      reply to this | link to this | view in chronology ]

  • identicon
    Mark Wing, 24 Mar 2017 @ 11:03pm

    The weak link in encryption has always been and will always be people.

    reply to this | link to this | view in chronology ]

  • icon
    Udom (profile), 24 Mar 2017 @ 11:05pm

    Unable to download the paper unless I weaken my browser's security... a tad ironic.

    reply to this | link to this | view in chronology ]

  • icon
    orbitalinsertion (profile), 25 Mar 2017 @ 1:33am

    I wonder what it will be like to have a mind with encryption overhead.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Mar 2017 @ 6:09am

    on the basis of an individual case,

    the transmission or storage medium has never been the weakest point. It has only ever been the penetration point easiest to automate.

    Which is to say the feds beef isn't that it can't investigate. It's beef is that it can't snuffle everybody's traffic at will and then use parallel construction to selectively persecute whomever it wants.

    Which really seams to be driven by Comey himself rather than the FBI as an institution. Where this guy gets off thinking the FBI is a tool for his god appointed role as a king maker, I will never know.

    reply to this | link to this | view in chronology ]

    • icon
      trollificus (profile), 26 Mar 2017 @ 10:59pm

      Re: on the basis of an individual case,

      Well, the first step is obtaining the power, under the guise of, of course, national security.

      The second step is USING the power for more...personal gains than just the security of the nation.

      Step One has been ongoing for quite a while, not surprising to see the intelligence community flex its power now.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Mar 2017 @ 6:56am

    Getting convictions

    Let's not fool ourselves. The angst and fear tsunami from LEO is not about anything other than low hanging fruit convictions. What is evident to me, as wrong or right as it may be, is that LEO wants easy work. Well, I'd like that too, but hey, it's just not happening.

    No more than the average person, I don't want to die in an attack. But on the flip side, I don't want to give up privacy.

    Many say that if you're not breaking the law, then why are you so concerned about being monitored? On the surface, and without thinking about it, that's a pretty strong argument for a total surveillance state. Afterall, if it's illegal, then why should someone expect their "doin's" to be private?

    The reason, for those that don't see it, is that not everything the state thinks is wrong is a crime. At one point, dating someone of a race other than your own was criminal. Smoking pot is illegal according to Federal law, but is legal in many state laws.

    What is reprehensible is that if one dares to raise the issue of Jury Nullification, that is a felony in many states.

    I've no answers. I wish I did.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Mar 2017 @ 9:07am

      Re: Getting convictions

      As has been demonstrated recently in the U.K., total surveillance does not prevent attacks, even when the person who carried it out was known to the security services. Indeed total surveillance is counterproductive at two levels, it increases the risk of individuals taking violent action, and it overloads the security service with false leads, taking their eyes of of known risks.

      The first risk is due to the isolating effect of a surveillance state, people who are dissatisfied with the state think that, and with some justification, talking about their dissatisfaction and trying to organize change is liable to get them into trouble. This drives some people into seeking out those organization that will help them to take violent action, or simply claiming affiliation to magnify the effect of the action that they take.

      People need a degree of privacy, and need to feel that they can talk about their dissatisfaction with governments without being promptly targeted as a potential terrorist.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Mar 2017 @ 9:53am

    totally agree with the laziness assertions. people who don't really want to work but want all the credit and reward for having done it.

    [another matter: it's time to give some thanks around here.
    thanks to the russians for showing us we have traitors in government and in business.
    thanks to the traitors for showing us the wisdom of the founding fathers (and mothers).
    thanks to the founding fathers and mothers for giving us a nation with the resilience that can withstand even this treachery.]

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.