A powerhouse baker’s dozen of cryptography experts and pioneers have released a paper explaining the potential legal and ethical issues relative to the government’s continued insistence on access to cryptographic keys that secure communication over the Internet.
The paper, called “Keys Under Doormats: Mandating Insecurity by Requiring Government Access to All Data and Communication,” warns that “exceptional access” as the government calls it, would not only raise legal and moral questions about such access to data, but would also undo much of the security currently in place, in particular many of the encryption advances made by so many technology companies since the release of the Snowden documents more than two years ago.
“As computer scientists with extensive security and systems experience, we believe that law enforcement has failed to account for the risks inherent in exceptional access systems,” the paper says. “Based on our considerable expertise in real-world applications, we know that such risks lurk in the technical details.”
The release of the 36-page document comes a day ahead of tomorrow’s scheduled appearance by FBI director James B. Comey and Deputy Attorney General Sally Quillian Yates before the Senate Judiciary Committee. The hearing is scheduled for 10 a.m. EDT and will be presided over by committee chair Sen. Charles Grassley (R-Iowa) who last week sent a letter to Comey asking pointed questions about the FBI’s use of spyware, zero-day vulnerabilities, phishing attacks and other tools.
At tomorrow’s meeting, Comey is expected to renew the government’s calls for “exceptional access” to cryptographic keys. Last October during a talk at the Brookings Institution, Comey railed against decisions by Apple and Google specifically to encrypt mobile devices by default, for example, and free themselves of managing encryption keys by putting them in the users’ hands. The tech companies’ thinking is that even if they’re compelled by a warrant, National Security Letter, or FISA court order, to turn over customer data, they won’t be able to do so because keys are now stored on the users’ device and not on company servers.
Comey’s argument for exceptional access is that barring law enforcement from accessing data in this way hinders criminal investigations. His calls for “front door” access harkened back to the Clipper Chip debates of 1990s when the Clinton administration demanded a cryptographic key escrow system that would enable the government to unlock encrypted data.
The cryptographers’ paper, written by experts including Steve Bellovin, Whitfield Diffie, Peter Neumann, Ron Rivest, and Bruce Schneier, among many others, argue that the economic impact of such access would be much more harmful than 20 years ago when the Clipper Chip debates were in full swing.
“In the wake of the growing economic and social cost of the fundamental insecurity of today’s Internet environment, any proposals that alter the security dynamics online should be approached with caution,” the experts wrote.
They point out that exceptional access would undo forward secrecy, for example. Forward secrecy implements a cryptographic system where one-time crypto keys secure sessions and are immediately destroyed, so that if that key is stolen, it can be used only once, keeping past and future communication safe. They also argue that building in front doors would introduce complexity, which they deem to be “the enemy of security” since new features interact and likely introduce new vulnerabilities.
“The complexity of today’s Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws,” the experts wrote. “Beyond these and other technical vulnerabilities, the prospect of globally deployed exceptional access systems raises difficult problems about how such an environment would be governed and how to ensure that such systems would respect human rights and the rule of law.”
The front door, the experts point out, would also be a beacon for hackers seeking to exploit what becomes a single point of failure.
“Security credentials that unlock the data would have to be retained by the platform provider, law enforcement agencies, or some other trusted third party. If law enforcement’s keys guaranteed access to everything, an attacker who gained access to these keys would enjoy the same privilege,” the experts wrote. “Moreover, law enforcement’s stated need for rapid access to data would make it impractical to store keys offline or split keys among multiple keyholders, as security engineers would normally do with extremely high-value credentials.”
The experts conclude that criminals and nation-states would target these “front doors” and spell out the potential damage to innovation and economic growth.
“Policy-makers need to be clear-eyed in evaluating the likely costs and benefits,” the experts wrote.