Will Enforcing Encryption Backdoors Even Work?

Uploaded on 2015-07-28 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW

jamescomeyfbi_lg.jpg?quality=80

FBI Director James Comey claims that Isis is exploiting end-to-end encryption.

Ever since the Internet emerged into public view in the 1980s, a key question has been whether digital technology would pose an existential challenge to corporate and governmental power. In this context, I am what you might call a recovering utopian – “utopian” in that I once did believe that the technology would put it beyond the reach of state and corporate agencies; and “recovering” in the sense that my confidence in that early assessment has taken a hammering over the years. In that period, technology has sometimes trumped politics and/or commercial power, but at other times it’s been the other way round.

The early battles were over intellectual property. Since computers are essentially copying machines, making perfect copies of digital goods became child’s play. As a celebrated trope put it: “Copying is to digital technology as breathing is to animal life.” So began the copyright wars, triggered by widespread piracy and illicit sharing of copyrighted files, which emasculated the music industry and led to the emergence of new corporate masters of the media universe – Apple, Spotify, YouTube and the rest – and the taming of the file-sharing monster. Result: Technology 1, Establishment 1.
The second battleground was the monitoring of network communications. The Internet enabled anyone to become a global publisher and to exchange information via email with anyone who had a network connection. And this posed acute difficulties for established powers that were accustomed to being able to control the flow of information to their citizens. Since nothing on the net in the early days was encrypted, everyone communicated using the virtual equivalent of holiday postcards – readable by everyone who handled them en route to their destination. The only difficulty that states experienced in monitoring this unprotected torrent was its sheer volume, but Moore’s Law and technological development fixed that. It became feasible to collect “the whole goddam haystack” (to quote a former NSA director) if you threw enough resources at it. So they did – as Edward Snowden revealed. Result: Technology 0 Establishment 1.
The biggest battle has always been about encryption. From the 1980s, public-key cryptography gave the technically savvy the ability to protect the privacy of their messages using military-grade encryption, which meant the state could no longer monitor all online communications. The first response was to outlaw dissemination of the technology. When that failed, in 1993 the Clinton administration tried a new tack – the “Clipper chip” proposal. 
This involved two things: the installation of a “doctored” chip in mobile phones; and (later) mandating that all encryption systems should lodge a copy of decryption keys with a trusted third party who would turn them over to the cops on production of a warrant (“key escrow”). The chip idea collapsed under the weight of its own absurdity, and in 1997 key escrow idea examined and demolished by a group of leading computer security experts and eventually Clinton quietly buried the idea. Result: Technology 1, Establishment 0.
But now it’s back, with a vengeance. Stung by the fact that, post-Snowden, Apple, Google and Facebook are implementing strong encryption, governments are starting to panic. Over in Washington, FBI director, James Comey, is infuriated that applications such as Facebook’s WhatsApp and Apple’s iMessage are now providing end-to-end encryption, a technology that Comey claims is being exploited by – guess who? – Isis. 
Comey wants companies to be forced to insert a “backdoor” for law enforcement into encryption software. Over here, David Cameron has been drinking the same Kool Aid. “In our country,” he asked in January, “do we want to allow a means of communication between people which we cannot read? My answer to that question is: no we must not.” Which either means either that he wants to ban services such as WhatsApp or iMessage or that he will demand a backdoor into them.
Since banning them is a non-starter, we’ve arrived at Clipper chip v2.0. And, as luck would have it, the same group of experts who demolished the original proposal have now had a look at the prospects for v2.0. Their report, Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications, is worth reading in full. It concludes that proposals for backdoors are “unworkable in practice, raise enormous legal and ethical questions, and would undo progress on security at a time when Internet vulnerabilities are causing extreme economic harm”.
In case you’re wondering what could be wrong with entrusting secret keys to the government for use “in exceptional circumstances”, just ponder this: a few months ago, hackers (suspected to be Chinese) stole the personnel records of 21.5 million US federal employees, including the records of every person given a government background check for the last 15 years.
Guardian: http://http://bit.ly/1I4rUP0

« Scientists Want to Keep AI Out of Weapons
Hacking Team Inside Job »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

JYVSECTEC - JAMK University of Applied Sciences

JYVSECTEC - JAMK University of Applied Sciences

JYVSECTEC is a cyber security research and development and training centre

Clusit

Clusit

Clusit is the Italian Association for Information Security, a nonprofit organization devoted to promoting every aspect of information security.

SERMA Safety & Security (S3)

SERMA Safety & Security (S3)

SERMA Safety & Security provides a comprehensive cybersecurity offering incorporating Expertise, Evaluation, Consultancy and Training, covering hardware, software and information systems.

SynerComm

SynerComm

SynerComm is an IT solution provider specializing in network and security infrastructure, enterprise mobility, remote access, wireless solutions, audit, pentesting and information assurance.

SolutionsPT

SolutionsPT

SolutionsPT enables customers to strengthen their Operational Technology (OT) network to meet the ever increasing demand for performance, availability, connectivity and security.

ThreatAdvice

ThreatAdvice

ThreatAdvice is a provider of cybersecurity education, awareness and threat intelligence.

NuSummit

NuSummit

NuSummit (formerly NSEIT) specializes in empowering financial services firms to navigate complex challenges with cutting-edge, technology-driven solutions.

Center for Research on Scientific & Technical Information (CERIST)

Center for Research on Scientific & Technical Information (CERIST)

CERIST is a scientific and technical research centre with activities focused in the area of networks, information systems and IT security.

CYQUEO

CYQUEO

CYQUEO is your professional partner and system integrator. We secure your organization against advanced cyber threats.

Advantio

Advantio

Advantio offers a unique combination of technologies and managed, advisory and testing services to increase your cyber resilience and compliance.

Inflection Point Ventures (IPV)

Inflection Point Ventures (IPV)

Inflection Point Ventures (IPV) is a 6000+ members angel investing firm which supports new-age entrepreneurs by connecting them with a diverse group of investors.

MyKRIS Asia

MyKRIS Asia

MyKRIS specialise in providing and managing Internet network services and cyber security services to enterprises.

Parablu

Parablu

Parablu is a leading provider of data security and resiliency solutions for the digital enterprise.

Cambridge International Systems

Cambridge International Systems

For more than 25 years, Cambridge has been fighting bad actors in both the cyber and physical worlds.

Orca Fraud

Orca Fraud

Orca is an AI-driven fraud orchestration platform. We empower fraud fighters to outpace fraud using our custom ML models.

Burges Salmon

Burges Salmon

Burges Salmon is an independent UK law firm with a clear purpose to deliver the highest quality service and best experience, for our people and for you.