Feasible ‘Going Dark’ Crypto Solution Nowhere to be Found

At Black Hat, cryptographer Matthew Green and attorney James Denaro broke down the Going Dark crypto issue, including the struggle to find a feasible solution going forward.

LAS VEGAS – Try as they might, technologists are struggling to find a feasible way to solve the government’s and law enforcement’s “Going Dark” crypto issue.

Cryptographer Matthew Green and D.C. intellectual property attorney James Denaro today during a talk at the Black Hat conference made no promise of a working solution, but instead broke down this contentious topic from a historic, legal and technical point of view.

The arguments from officials wanting “exceptional access” to data are that decisions such as Apple’s to relinquish control of encryption keys to the user device inhibits law enforcement’s ability to hunt criminals and government’s ability to monitor terror suspects and those radicalizing. This is what FBI Director James Comey called “Going Dark.”

Opponents of proposals that would include key escrow systems, for example, point out that not only would mandatory backdoor access would intentionally introduce a vulnerability into systems, but would also break existing security such as forward secrecy.

And then there legal concerns, Denaro said, such as potential First Amendment issues where the government is demanding that private software companies build products in a certain way, not to mention oversight questions.

“How can you have a regime that communicates securely only until someone decides not to?” Denaro questioned. “How do you make that decision? Is there a review process? Clearly this is ripe for abuse.”

Short of outlawing cryptography, which would ensure that only outlaws have crypto, some of the solutions on the table call for either key escrow or building access for law enforcement into key servers.

“There’s no assurance that something like this would not be abused for mass surveillance,” Green said.

The FBI’s Comey, as recently as a month ago, eased off demands for exceptional access, and instead told technology companies they need to try harder to find a solution to the problem. Key escrow, where trusted parties share keys, was part of Comey’s solution.

“I’ve heard that it’s too hard, that there’s no solution. Really?” Comey said during a Congressional hearing July 8, mentioning Silicon Valley by name. “Maybe it is too hard, but given the stakes, we’ve got to give it a shot and I don’t think it’s been given an honest hard look.

“We want people to be in position to comply with judges’ orders in the U.S. We want creative people to figure out how to comply with court orders,” Comey said. “You shouldn’t be looking at the FBI director for innovation.”

Green and Denaro pointed out during today’s session a number of technical issues that make exceptional access a bad idea, in particular the fact that this issue has no geographic borders. Should Apple, for example, build in a backdoor for U.S. law enforcement, how does it say no to other countries, including leaders in oppressive or sanctioned nations?

“Once we have the capability to eavesdrop, even if you build in a legal safeguard to make sure it’s not abused, what happens when you send this to repressive governments that don’t have a First Amendment?” Green said. “Build it here to chase [criminals] and give that same technology to oppressive governments to own devices? If ISIS needs encryption, it will get it. It will stop relying on iMessage pretty quickly if it’s backdoored.”

Mobile apps such as Apple’s iMessage and the Facebook-owned WhatsApp between them count close to 2 billion active downloads, a massive number of people using end to end device encryption. This is a significant roadblock, law enforcement says, and it and the government have resorted to making emotional arguments to legislators and policymakers that encryption facilitates the activities of terrorists and child predators.

“Government is not articulating this well and has stopped talking about the future. We’re left trying to find a way forward through this,” Denaro said. “The question we need to ask is there a way that reasonably satisfies the interests of these parties so that they can get the types of communication they had until ‘Going Dark.’

“The problem is that it’s hard to make a system that allows exceptional access that wouldn’t have inherent or opportunistic flaws that wouldn’t be found.”

Suggested articles

Discussion

  • briian on

    Of course this is a problem of the governments own making, by participating in possibly illegal and certainly immoral massive surveillance, they have made everyone suspicious. At the end of the day there is nothing to stop the bad guys using simple one use cyphers, old school style. So keep pressing forwards and you will be locked out. The easy route is now gone, the security services are going to have to get back to working for a living, and I suspect getting back out with conventional intelligence methods might well keep us all safer. After all the weakest link in most security system is at the human interface!
  • Dave on

    Weakening legal encryption will simply push people doing bad things further into the "wild west" of the Internet. Once they are on Tor or similar, these bad actors will be more and more out of reach of law enforcement. "The more your tighten your grip, the more start systems will slip thru your fingers." - Princess Leia Organa
  • S. on

    This notion that that the government was spying on everyone was a huge load of crap being circulated by the EFF and every other tech site. The majority of peoples information was as safe and secure as the device (and provider) allowed it to be. As a matter of fact, hackers probably have more of a users relevant data than the government does. People, on a daily basis, during a normal conversation divulge more personal information about themselves in public and keep right on talking without regard for whose around them. When was the last time an innocent civilian was taken down because of calls he was making?...I'll wait for an answer but so far I hear nothing but crickets...

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.