Since technology companies such as Google and Apple turned on end-to-end encryption by default and tied encryption keys to device passwords, the government’s inability to compel providers via warrants to turn over data has caused considerable angst.
Going Dark is the government’s catch-all phrase for the current state of affairs, and high-ranking officials such as FBI Director James Comey have tried to make compassionate pleas for access to data in the name of law enforcement and national security investigations. Early on in the Going Dark rhetoric, there were even calls for intentional backdoors, key escrow or shared keys as possible solutions. Short of a legislative fix, which the White House said late last year would not happen, Comey and others have volleyed the problem back at Silicon Valley, telling the country’s tech giants to figure it out.
A team of privacy and security experts convened by luminaries Bruce Schneier, Jonathan Zittrain and Matt Olson, and supported by Harvard’s Berkman Center for the Internet & Society published a paper that explains—again—the importance of encryption to privacy and the security of commerce, and paints a clear picture of the options still available to the government without the need for so-called “exceptional access.”
The experts point out in the paper, “Don’t Panic: Making Progress on the Going Dark Debate,” that there remains an abundance of unencrypted data online from numerous channels through which evidence may be collected and cases made. They said that many companies rely on unencrypted channels and access to data to turn a profit. Architecturally, there are always significant challenges when deploying encryption, including a lack of standardization and market fragmentation, especially for Android devices, that ensures the availability of data.
Metadata is also a consideration, and one the government is familiar with. The first leaks from data provided by NSA whistleblower Edward Snowden explained the depths to which the government was collecting and analyzing phone call metadata.
“Metadata is not encrypted, and the vast majority is likely to remain so. This is data that needs to stay unencrypted in order for the systems to operate: location data from cell phones and other devices, telephone calling records, header information in e-mail, and so on,” the report says. “This information provides an enormous amount of surveillance data that was unavailable before these systems became widespread.”
The connected nature of embedded devices is also another option for the government, the paper says, countering that networked sensors and the Internet of Things could “drastically change surveillance.”
“The still images, video, and audio captured by these devices may enable real-time intercept and recording with after-the-fact access,” the paper says. “Thus an inability to monitor an encrypted channel could be mitigated by the ability to monitor from afar a person through a different channel.”
Law enforcement, the paper suggests, could have access to the data collected by networked devices and sensors, opening untapped surveillance avenues for some time.
“It is vital to appreciate these trends and to make thoughtful decisions about how pervasively open to surveillance we think our built environments should be – by home and foreign governments, and by the companies who offer the products that are transforming our personal spaces,” the paper says.
While the government is very public about its inability to access mobile data on Android and iOS devices, it fails to point out that the encryption deployed by Apple, for example, does not extend to iCloud, the company’s cloud-based storage service. Apple holds the encryption keys to iCloud backups in case users lose their devices or data is corrupted. Since Apple holds the encryption key, it can be compelled via a warrant to turn over that data.
Going Dark has been debated for more than a year with experts also countering that some proposed solutions such as key escrow would introduce massive complexity.
“If we were able to engineer a mechanism where we’re splitting a key and having a third party escrow it where the government could ask for it, the very next thing that would happen is that China et al will ask for the same solution. And we’re unlikely to give them the same solution,” said Eric Wenger, director of cybersecurity and privacy, global government affairs at Cisco at a Boston security event in November. “Complexity kills, and the more complex you make a system, the more difficult it is to secure it. I don’t see how developing a key-bases solution secures things the way you want it to without creating a great deal of complexity and having other governments demand the same thing.”
One of the signees, Susan Landau of Worcester Polytech Institute, made the same complexity argument at that event, and fortified her case that exceptional access would also break forward secrecy. With forward secrecy, now considered a baseline encryption rollout, ephemeral keys secure communication rather than one private key securing all sessions. Should an ephemeral key be cracked, all future communication remains secure.
“The complexity of 165 to 200 nations, each with access to keys, is unimaginable,” Landau said.