Science and Tech


The Flaws In The Government's Proposed Crypto Workarounds

Popular access proposals can’t guarantee safety from mass surveillance. Some are just backdoors by other names.
Posted at 5:29 PM, Aug 08, 2015

The voices and the stakes of the encryption debate are well laid out: law enforcement and the government want access. (Videos via Newsy)

And have taken to calling on Silicon Valley to work harder at finding some sort of solution. (Video via C-SPAN)

Even presidential hopefuls like to weigh in.

"I want to collect more records from terrorists, but less records from innocent Americans," Rand Paul said during the August 6 GOP debate. (Video via Fox News)

But so far, none of the major proposals for getting this access are holding much water. 

The Washington Post editorial board suggested manufacturers put in a contingency for governments.

"With all their wizardry, perhaps Apple and Google could invent a kind of secure golden key they would retain and use only when a court has approved a search warrant."

Not likely, given Apple and Google were the ones that started the push for encryption in the first place.

And as Techdirt points out, this is really just a more complicated way of spelling “backdoor.”

"What they basically said is: 'a back door is a bad idea, so how about creating a magic back door?'"

Another proposal calls for a key escrow system, which lets parties keep their end-to-end encryption. The government retains access to a key held by a third party, which they could use to decrypt communications if they have sufficient legal evidence to do so.

Another proposal calls for a distributed system, in which multiple parties each hold a portion of an encryption key and must agree to combine it.

National Security Agency Director Michael Rogers explained"I don’t want a back door. I want a front door. And I want the front door to have multiple locks. Big locks."

But we tried escrow in the '90s, with a gadget called the Clipper chip. Communications were private between parties, but also technically available to the government — until backlash from privacy advocates and security researchers drove it into the ground.

The arguments against escrow now are the same as they were then: there’s no way to guarantee an escrow key wouldn't be used for mass surveillance.

Bruce Schneier highlights the Catch-22: To get around end-to-end encryption: "The FBI has to ensure that an American can only use back-doored software. And the only way to do that is to prohibit the use of non-back-doored software."

Maybe just as bad, any intentionally compromised encryption could leak out of the U.S.

Researchers at this year’s Black Hat security conference asked, "Once we have the capability to eavesdrop, even if you build in a legal safeguard to make sure it’s not abused, what happens when you send this to repressive governments that don’t have a First Amendment?"

The government doesn't have any official answer to that — or other criticisms of key solutions — yet. 

This video includes images from Getty Images and Travis Goodspeed / CC BY 2.0 and music from Brenticus / CC BY 3.0.