Police Finding Few Allies On Encryption Back or Front Doors
Last week the FBI and DoJ testified before the House Committee on Oversight and Government Reform Subcommittee on IT, asking for an encryption back door (or as the NSA has said they prefer, a front door). They did not get a very welcome reception. In fact, Rep Lieu suggested that they “just follow the damn Constitution” and that the problem was of their own making.
The problem is that for the last several years, they have been able to go to Google or Amazon or Microsoft and, with a warrant or not, ask them to give us the data. In many cases, the provider cannot even legally tell the person that the FBI or some other 3 letter agency came calling. Now that more data is being encrypted in a manner that the providers don’t have the key, then either the government has to ask the target for the data or they have to crack the crypto (since so many people use 123456, that is still not a big problem) or they have to hack the person’s computer to get the info they want. While all of this is doable, at least for some of the 3 letter agencies, it is difficult for the local guys – they don’t have the skills or resources to do that. This is the crux of what they are complaining about.
Cycle back 30 years and the police always had to present a search warrant to the party under suspicion. We are reverting back to the way things were a few years ago.
In defense of the police, they are worried that the suspect will delete data if he finds out about the warrant, and that is probably legitimate, but that happened before too, and that is a separate crime.
Now even providers like Microsoft, Amazon and Box are setting up BYOK (bring your own key) options. This is a win-win-lose situation. The providers no longer have the key, so they don’t have to worry about losing control of it. The customers do have the key, so they feel more in control of the cloud and are more likely to use it and the police can no longer go to a third party and ask them to give up information on a customer, whom, the provider is concerned, will leave or sue them if they find out about it.
Dan Conley, DA of Suffolk County, Massachusetts complained that this was all Google and Apple’s fault for encrypting devices (never mind that desktops, laptops and clouds are encrypted and often never have anything to do with those two vendors). Rep. Ted Lieu (D-CA) suggested that rather, Apple and Google’s actions were “a private sector response to government overreach.”
Other Congressmen grilled experts on the idea of alternative decryption keys held by the government or someone and they said that all that does is move the risk, it doesn’t eliminate it. If there are other copies of the decryption keys, no matter how or where they are held, that is a risk.
Now here is something to contemplate. When the expert was asked about how hard is was to bypass the 4 digit PIN that many people use, the expert said that it was no impediment at all. Longer passwords, different story.
One other point that is important.
Assuming the government gets their way and gets a copy of your encryption key, then they will have effectively killed an entire industry.
The concept of digitally signing documents is totally compromised. Assuming someone digitally signs something and there is an issue that comes to court. All the defense has to do as ask the plaintiff:
Can you guarantee that one of these escrowed back door keys was not used to sign the document in question?
If the expert says yes, he is perjuring himself, so I doubt he would do that, since there is no way that he could guarantee that one of the likely many back door keys had not been compromised some way. If he says no, the case is over.
Last thought. For many systems, there is a unique key for each object. For example, WhatsApp generates about 25 billion messages a day. They do encrypt them but don’t use a unique key per message – but they could. Other companies do use unique keys. So let’s assume, for the sake of argument, that there are 1 million keys generated a day – 365 million a year, 3.6 billion over a 10 year useful life. In many cases, the key may not be useful without certain randomizing data that the algorithms use to make hacking harder. How, exactly, do you manage, organize, and more importantly, control 3.6 billion objects?
Now let’s make that number more realistic. If WhatsApp alone generates 25 billion messages a day, lets say that the total universe – all applications across all platforms – generate a billion new keys a day. That is 365 billion a year, 3.6 trillion keys over 10 years.
I have a little experience with that problem and 3 letter agencies, never mind the local county sheriff. The 3 letter agencies say that this is a problem, even for them.
Another problem – how do you control the distribution of those keys? I have no idea how many warrants are issued on a daily basis by thousands of law enforcement agencies, but managing the distribution of those keys is not simple and controlling them after they are distributed is next to impossible.
Remember, too, that if you do not use unique keys for every object, you now have to change the key since the warrant has a limited applicability time bounds, so you generate a whole new set of problems.
I am willing to go on record as saying that if we give the government 3.6 trillion keys (and maybe double or triple that number of objects if we split the keys), there will be breaches. No question in my mind.