A friend used to run a server room at a medium-sized company. The main door had a heavy pushbutton combination lock – it looked secure. The back door, however, was left open as the room got too hot when it was closed. Everyone went in and out the back door. The locked door was simply ignored.
I wrote on this blog in 2013 about the dangers of backdoor access. My friend Bob Cromwell wrote about it here in 2014. There is renewed interest in governments mandating backdoor access again according to The New York Times on government access to encrypted information. It was a bad idea when we wrote about it before and it is a bad idea now. In fact, a group of computer and security luminaries wrote a paper to that effect in response to these new demands for backdoors: “Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications”.
Law enforcement agencies have a legitimate need to access data, some of which is encrypted, in order to protect citizens from crime and terrorism. Bad actors use encryption to hide communication and information about illegal activities. Law-abiding citizens have a legitimate need to protect their private data from others for business and personal reasons. In many – perhaps most – cases the tools are the same. This clearly creates a conflict.
I read somewhere that requiring an encryption backdoor is like requiring homeowners to give their house keys to the police in case they need them. In either case, bad actors could get access to the keys with potentially disastrous results. Do you want your keys stored where Edward Snowden or the OMB hackers could get them? Can any government ensure that the keys will be well protected? I am reminded of the quote, “A secret shared is a secret no longer.”
I echo the call of the authors of the paper I mentioned above that “anyone proposing regulations should first present concrete technical requirements, which industry, academics, and the public can analyze for technical weaknesses and for hidden costs.” We cannot afford to have a system or systems where criminals and terrorists can access private data easily.
In Learning Tree’s System and Network Security Introduction we discuss how corporate encryption systems can be configured so a company can access data from employees who have left through termination, resignation, or death. These solutions do not work for government access as the keeping of the “management key” or key parts is problematic and potentially subject to compromise.
A solution is needed and I await one that provides real security to individuals and companies, without compromising legitimate government access. I am not, however, holding my breath.
I welcome your thoughts in the comments below.
To your safe computing,