The stand-off between the US government and its various surveillance and law enforcement agencies on the one hand, and just about everybody else on the other, over encryption continues to deepen. The government has become increasingly alarmed at tech companies’ (and in particular Apple’s) push to provide their customers with strongly encrypted products that are genuinely secure – even against the best efforts of law enforcement and national security agencies.
Such agencies use the time-worn boogeymen of terrorists and pedophiles to argue that they must have access everyone’s personal data (I argue in this article that such demands have nothing to with catching criminals, and everything to do with exerting state control), while privacy advocates, businesses, and anyone who does not feel the government has an automatic right to paw through their metaphorical undies drawer disagrees, while also pointing out that encryption with a backdoor is really no encryption at all.
Perhaps even more to the point, US tech companies are still reeling from the damage done (to the tune of billions of dollars) by Edward Snowden’s revelations about their cooperation with the NSA in spying on their customers, and desperately need to regain their trust.
According to The Washington Post, NSA chief Mike Rodgers recently gave a rare hint at what he considers might be a technical solution to the ‘problem’, suggesting that companies be forced to create a digital crypto key that can be used to decrypt their customers data, but that this keys be split into different parts that single entity (except presumably the owner of the data) would have full access to without court orders, subpoenas, warrants etc. This would require the government and tech companies to work together to access the data.
‘I don’t want a back door. I want a front door. And I want the front door to have multiple locks. Big locks.’
Ignoring the fact that a door is a door, whatever you call it (and that by calling it a ‘front door’ Rodgers is disingenuously hoping to suggest the illusion of security), this proposal has a number of serious problems,
- It is potentially very insecure from a technical perspective. A deliberate flaw weakens the basic encryption, and can be exploited not just by law enforcement but by criminals. A split-key approach is potentially quite secure against hackers, but also requires a complex management system that is very easy to get wrong. As Johns Hopkins University cryptologist Matthew Green notes,‘Get any part of that wrong and all your guarantees go out the window.’
- The NSA (etc.) could easily just demand that tech companies and other third parties hand over their parts of the keys in secret, and slap a gag order on them to prevent this becoming public knowledge
- Any such government demands for crypto keys are arguably in direct contravention of both the letter and the spirit of the Constitution (especially the Fourth Ammendmant). As Marc Zwillinger, an attorney ‘working for tech companies on encryption-related matters and a former Justice Department official’, notes,‘I don’t believe that law enforcement has an absolute right to gain access to every way in which two people may choose to communicate. And I don’t think our Founding Fathers would think so, either. The fact that the Constitution offers a process for obtaining a search warrant where there is probable cause is not support for the notion that it should be illegal to make an unbreakable lock. These are two distinct concepts.’
- Such a move would only be enforceable on US companies. ‘Bad guys’ would simply use products developed abroad that allow user to keep their own keys
- It would be terrible for US businesses, as both personal and corporate customers would look elsewhere for products that keeps their data away from prying government eyes, and whose security has not been fundamentally compromised.
The ‘split-keys’ solution is just one idea being examined by the government, but as perhaps the most interesting, all other solutions have similar or worse problems associated with them…