Will Enforcing Encryption Backdoors Even Work?

Uploaded on 2015-07-28 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW

jamescomeyfbi_lg.jpg?quality=80

FBI Director James Comey claims that Isis is exploiting end-to-end encryption.

Ever since the Internet emerged into public view in the 1980s, a key question has been whether digital technology would pose an existential challenge to corporate and governmental power. In this context, I am what you might call a recovering utopian – “utopian” in that I once did believe that the technology would put it beyond the reach of state and corporate agencies; and “recovering” in the sense that my confidence in that early assessment has taken a hammering over the years. In that period, technology has sometimes trumped politics and/or commercial power, but at other times it’s been the other way round.

The early battles were over intellectual property. Since computers are essentially copying machines, making perfect copies of digital goods became child’s play. As a celebrated trope put it: “Copying is to digital technology as breathing is to animal life.” So began the copyright wars, triggered by widespread piracy and illicit sharing of copyrighted files, which emasculated the music industry and led to the emergence of new corporate masters of the media universe – Apple, Spotify, YouTube and the rest – and the taming of the file-sharing monster. Result: Technology 1, Establishment 1.
The second battleground was the monitoring of network communications. The Internet enabled anyone to become a global publisher and to exchange information via email with anyone who had a network connection. And this posed acute difficulties for established powers that were accustomed to being able to control the flow of information to their citizens. Since nothing on the net in the early days was encrypted, everyone communicated using the virtual equivalent of holiday postcards – readable by everyone who handled them en route to their destination. The only difficulty that states experienced in monitoring this unprotected torrent was its sheer volume, but Moore’s Law and technological development fixed that. It became feasible to collect “the whole goddam haystack” (to quote a former NSA director) if you threw enough resources at it. So they did – as Edward Snowden revealed. Result: Technology 0 Establishment 1.
The biggest battle has always been about encryption. From the 1980s, public-key cryptography gave the technically savvy the ability to protect the privacy of their messages using military-grade encryption, which meant the state could no longer monitor all online communications. The first response was to outlaw dissemination of the technology. When that failed, in 1993 the Clinton administration tried a new tack – the “Clipper chip” proposal. 
This involved two things: the installation of a “doctored” chip in mobile phones; and (later) mandating that all encryption systems should lodge a copy of decryption keys with a trusted third party who would turn them over to the cops on production of a warrant (“key escrow”). The chip idea collapsed under the weight of its own absurdity, and in 1997 key escrow idea examined and demolished by a group of leading computer security experts and eventually Clinton quietly buried the idea. Result: Technology 1, Establishment 0.
But now it’s back, with a vengeance. Stung by the fact that, post-Snowden, Apple, Google and Facebook are implementing strong encryption, governments are starting to panic. Over in Washington, FBI director, James Comey, is infuriated that applications such as Facebook’s WhatsApp and Apple’s iMessage are now providing end-to-end encryption, a technology that Comey claims is being exploited by – guess who? – Isis. 
Comey wants companies to be forced to insert a “backdoor” for law enforcement into encryption software. Over here, David Cameron has been drinking the same Kool Aid. “In our country,” he asked in January, “do we want to allow a means of communication between people which we cannot read? My answer to that question is: no we must not.” Which either means either that he wants to ban services such as WhatsApp or iMessage or that he will demand a backdoor into them.
Since banning them is a non-starter, we’ve arrived at Clipper chip v2.0. And, as luck would have it, the same group of experts who demolished the original proposal have now had a look at the prospects for v2.0. Their report, Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications, is worth reading in full. It concludes that proposals for backdoors are “unworkable in practice, raise enormous legal and ethical questions, and would undo progress on security at a time when Internet vulnerabilities are causing extreme economic harm”.
In case you’re wondering what could be wrong with entrusting secret keys to the government for use “in exceptional circumstances”, just ponder this: a few months ago, hackers (suspected to be Chinese) stole the personnel records of 21.5 million US federal employees, including the records of every person given a government background check for the last 15 years.
Guardian: http://http://bit.ly/1I4rUP0

« Scientists Want to Keep AI Out of Weapons
Hacking Team Inside Job »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Trusted Computing Group

Trusted Computing Group

TCG was formed to develop, define and promote open, vendor-neutral, global industry standards, supportive of a hardware-based root of trust, for interoperable trusted computing platforms.

Allen & Overy

Allen & Overy

Allen & Overy is an international law firm. Practice areas include Cybersecurity and Data Protection.

InfoWatch

InfoWatch

InfoWatch solutions allow you to protect data and information assets that are critically important to your business.

Suprema

Suprema

Suprema is a leading global provider of access control and biometrics solutions.

Mantix4

Mantix4

Mantix4’s M4 Cyber Threat Hunting Platform actively defends against cyber threats.

Global Cyber Alliance (GCA)

Global Cyber Alliance (GCA)

Global Cyber Alliance is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world.

Hexnode MDM

Hexnode MDM

Hexnode MDM is an award winning Enterprise Mobility Management vendor which helps businesses to secure and manage BYOD, COPE, apps and content.

Applied Science and Technology Research Institute Company Limited (ASTRI)

Applied Science and Technology Research Institute Company Limited (ASTRI)

ASTRI's mission is to enhance Hong Kong’s competitiveness in technology-based industries through applied research in areas including Security & Data Sciences which encompasses cybersecurity.

Veritas Technologies

Veritas Technologies

Veritas provide industry-leading solutions that cover all platforms with backup and recovery, business continuity, software-defined storage and information governance.

Cyber NYC

Cyber NYC

Cyber NYC is a suite of strategic investments to grow New York City’s cybersecurity workforce, help companies drive innovation, and build networks and community spaces.

DeFY Security

DeFY Security

DeFY Security is a Cyber Security solutions provider with more than 20 years of experience securing financial institutions, healthcare, manufacturing and retail.

Accolite Digital

Accolite Digital

Accolite is an innovative, design thinking software company that guarantees seamless digital experiences with maximum results.

Noblis

Noblis

Noblis is a dynamic science, technology, and strategy organization dedicated to creating forward-thinking technical and advisory solutions in the public interest.

Enginsight

Enginsight

Enginsight provides a comprehensive solution for monitoring and securing your servers and clients.

ramsac

ramsac

ramsac provide secure, resilient IT management, cybersecurity, 24 hour support and IT strategy to businesses in London and the South East.

ERCOM

ERCOM

Ercom, a subsidiary of the Thales Group, is a French company known for its mobility security solutions.