from the crossing-the-threshold dept
It’s no secret that some in the law enforcement and intelligence communities are hell bent on stopping encryption from being widely deployed to protect your data. They’ve made it 100% clear that they want backdoors into any encryption scheme. But when actual security folks press government officials on how they’re going to do this without undermining people’s own security and privacy, we get a lot of bureaucratic gobbledygook in response. Either that or magical fairy thinking about golden keys that basically any security expert will tell you are impossible without weakening security.
Not surprisingly, the law enforcement and intelligence communities are not giving up yet. The latest is that the White House appears to be floating a proposal to setup a backdoor to encryption that requires multi-party keys. That is, rather than just having a single key that can decrypt the content, it would require multiple parties with “pieces” of the “key” to come together to unlock it:
Recently, the head of the National Security Agency provided a rare hint of what some U.S. officials think might be a technical solution. Why not, said Adm. Michael S. Rogers, require technology companies to create a digital key that could open any smartphone or other locked device to obtain text messages or photos, but divide the key into pieces so that no one person or agency alone could decide to use it?
?I don?t want a back door,? said Rogers, the director of the nation?s top electronic spy agency during a speech at Princeton University, using a tech industry term for covert measures to bypass device security. ?I want a front door. And I want the front door to have multiple locks. Big locks.?
Of course, this proposal is nothing new. As Declan McCullagh points out, during the first “Crypto Wars” of the 1990s, the NSA proposed the same sort of thing with two parties holding parts of the escrow key. It was a dumb idea then and it’s a dumb idea now.
The idea being floated here is that by setting up such a system, it’s less open to abuse by government/law enforcement/intelligence communities. And maybe that’s true. It makes it marginally less likely to be abused by the government. But it can still be abused quite a bit. It’s not like we haven’t seen multiple government agencies team up to do nefarious things in the past, or even federal officials and private companies. Hell, just look at the recent discussions about the DEA’s phone records surveillance program, where the DEA later teamed up with the NSA. And, also, that program required the more or less voluntary cooperation of telcos. So the idea that the requirement of multiple parties somehow lessens the risk seems like a stretch.
But, even if it actually did reduce the risk of direct abuse, it doesn’t get anywhere near the real problem with this approach. If you’re building in a back door, you’re building in a vulnerability that others will eventually be able to exploit. You are flat out weakening the system — whether or not you split up the key. You’re still exposing the data to those with nefarious intent by weakening the overall system.
Thankfully, at least some in the government seem to recognize this:
?The basic question is, is it possible to design a completely secure system? to hold a master key available to the U.S. government but not adversaries, said Donna Dodson, chief cybersecurity advisor at the Commerce Department?s National Institute of Standards and Technologies. ?There?s no way to do this where you don?t have unintentional vulnerabilities.?
So, now the questions is if the White House will actually listen to the cybersecurity experts at NIST — or the people who want to undermine cybersecurity at the NSA and the FBI?