Will Enforcing Encryption Backdoors Even Work?

Uploaded on 2015-07-28 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW

jamescomeyfbi_lg.jpg?quality=80

FBI Director James Comey claims that Isis is exploiting end-to-end encryption.

Ever since the Internet emerged into public view in the 1980s, a key question has been whether digital technology would pose an existential challenge to corporate and governmental power. In this context, I am what you might call a recovering utopian – “utopian” in that I once did believe that the technology would put it beyond the reach of state and corporate agencies; and “recovering” in the sense that my confidence in that early assessment has taken a hammering over the years. In that period, technology has sometimes trumped politics and/or commercial power, but at other times it’s been the other way round.

The early battles were over intellectual property. Since computers are essentially copying machines, making perfect copies of digital goods became child’s play. As a celebrated trope put it: “Copying is to digital technology as breathing is to animal life.” So began the copyright wars, triggered by widespread piracy and illicit sharing of copyrighted files, which emasculated the music industry and led to the emergence of new corporate masters of the media universe – Apple, Spotify, YouTube and the rest – and the taming of the file-sharing monster. Result: Technology 1, Establishment 1.
The second battleground was the monitoring of network communications. The Internet enabled anyone to become a global publisher and to exchange information via email with anyone who had a network connection. And this posed acute difficulties for established powers that were accustomed to being able to control the flow of information to their citizens. Since nothing on the net in the early days was encrypted, everyone communicated using the virtual equivalent of holiday postcards – readable by everyone who handled them en route to their destination. The only difficulty that states experienced in monitoring this unprotected torrent was its sheer volume, but Moore’s Law and technological development fixed that. It became feasible to collect “the whole goddam haystack” (to quote a former NSA director) if you threw enough resources at it. So they did – as Edward Snowden revealed. Result: Technology 0 Establishment 1.
The biggest battle has always been about encryption. From the 1980s, public-key cryptography gave the technically savvy the ability to protect the privacy of their messages using military-grade encryption, which meant the state could no longer monitor all online communications. The first response was to outlaw dissemination of the technology. When that failed, in 1993 the Clinton administration tried a new tack – the “Clipper chip” proposal. 
This involved two things: the installation of a “doctored” chip in mobile phones; and (later) mandating that all encryption systems should lodge a copy of decryption keys with a trusted third party who would turn them over to the cops on production of a warrant (“key escrow”). The chip idea collapsed under the weight of its own absurdity, and in 1997 key escrow idea examined and demolished by a group of leading computer security experts and eventually Clinton quietly buried the idea. Result: Technology 1, Establishment 0.
But now it’s back, with a vengeance. Stung by the fact that, post-Snowden, Apple, Google and Facebook are implementing strong encryption, governments are starting to panic. Over in Washington, FBI director, James Comey, is infuriated that applications such as Facebook’s WhatsApp and Apple’s iMessage are now providing end-to-end encryption, a technology that Comey claims is being exploited by – guess who? – Isis. 
Comey wants companies to be forced to insert a “backdoor” for law enforcement into encryption software. Over here, David Cameron has been drinking the same Kool Aid. “In our country,” he asked in January, “do we want to allow a means of communication between people which we cannot read? My answer to that question is: no we must not.” Which either means either that he wants to ban services such as WhatsApp or iMessage or that he will demand a backdoor into them.
Since banning them is a non-starter, we’ve arrived at Clipper chip v2.0. And, as luck would have it, the same group of experts who demolished the original proposal have now had a look at the prospects for v2.0. Their report, Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications, is worth reading in full. It concludes that proposals for backdoors are “unworkable in practice, raise enormous legal and ethical questions, and would undo progress on security at a time when Internet vulnerabilities are causing extreme economic harm”.
In case you’re wondering what could be wrong with entrusting secret keys to the government for use “in exceptional circumstances”, just ponder this: a few months ago, hackers (suspected to be Chinese) stole the personnel records of 21.5 million US federal employees, including the records of every person given a government background check for the last 15 years.
Guardian: http://http://bit.ly/1I4rUP0

« Scientists Want to Keep AI Out of Weapons
Hacking Team Inside Job »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Hotlava Systems

Hotlava Systems

HotLava network adapters enable today's powerful servers and workstations to deliver more productivity by reducing congestion at the network interface.

Black Kite

Black Kite

Black Kite (formerly NormShield) provides comprehensive Security-as-a-Service solutions focused on cyber threat intelligence, vulnerability management and continuous perimeter monitoring.

Parameter Security

Parameter Security

Parameter Security is a provider of ethical hacking and information security services.

eMazzanti Technologies

eMazzanti Technologies

eMazzanti Technologies provides IT consulting services for businesses ranging from home offices to multinational corporations throughout the USA and internationally.

VCG Group

VCG Group

VCG provides everything you need for the design, implementation and management of data centres, cyber-secure enterprise networks, cloud and connectivity services.

A&O IT Group

A&O IT Group

A&O IT Group provide IT support and services including IT Managed Services, IT Project Services, IT Engineer Services and Cyber Security.

Cybrella

Cybrella

Cybrella offers professional cybersecurity services for small to medium sized businesses and to larger enterprises looking to expand their cybersecurity capabilities.

Chartered Institute of Information Security (CIISec)

Chartered Institute of Information Security (CIISec)

CIISec is dedicated to helping individuals and organisations develop capability and competency in cyber security.

National Cybersecurity Consortium (NCC) - Canada

National Cybersecurity Consortium (NCC) - Canada

The NCC’s mandate is to keep Canada’s cyber and critical infrastructures and citizens safe while ensuring Canada’s global competitiveness and leadership in cybersecurity.

Appalachia Technologies

Appalachia Technologies

Appalachia is a full service Managed Services Provider with a focus on cybersecurity, backed by the best engineers.

Involta

Involta

Involta orchestrates IT transformation journeys using well-defined and rigorous processes to deliver hybrid cloud solutions, consulting and data center services tailored to our clients’ needs.

US Department of State - Bureau of Cyberspace & Digital Policy

US Department of State - Bureau of Cyberspace & Digital Policy

The Bureau of Cyberspace and Digital Policy leads and coordinates the Department’s work on cyberspace and digital diplomacy to encourage responsible state behavior in cyberspace.

Airlock Digital

Airlock Digital

Airlock Digital was created after many years of experience in implementing whitelisting/ allowlisting solutions in Federal Government and various enterprises in Australia.

Infodot Technologies

Infodot Technologies

Infodot Technologies specialize in a co-managed IT support and services approach, where businesses share their IT responsibilities with a skilled Managed IT Services Provider (MSP).

UBDS Digital

UBDS Digital

UBDS Digital is your Digital Lifecycle Partner for Secure Cloud Transformation.

TrustNet

TrustNet

TrustNet helps mid-to-large firms build trust through top-tier cybersecurity, compliance, and consulting—offering complete managed services all in one place.