Tomorrow the Senate Judiciary Committee will hold a hearing, "Going Dark: Encryption, Technology, and the Balance Between Public Safety and Privacy," in which government snoops, ah, intelligence and law enforcement officials, will try to beg, cajole and frighten lawmakers into forcing telecommunications companies to eschew strong encryption that would protect the privacy of their customers. In addition, the would-be spies will demand "exceptional access" to data and communications by mandating the installation of "backdoors" in the products and services of telecommunications and data companies.
Fortunately, a group of prominent technologists have just released their counter-report, "Keys Under the Doormat: Mandating Insecurity by Requiring Government Access to All Data and Communications," that explains why this is a stupidly terrible idea. As the New York Times reports, federal government fears of "going dark" do …
…not justify putting the world's digital communications at risk. Given the inherent vulnerabilities of the Internet, they argued, reducing encryption is not an option. Handing governments a key to encrypted communications would also require an extraordinary degree of trust. With government agency breaches now the norm — most recently at the United States Office of Personnel Management, the State Department and the White House — the security specialists said authorities cannot be trusted to keep such keys safe from hackers and criminals. They added that if the United States and Britain mandated backdoor keys to communications, it would spur China and other governments in foreign markets to do the same.
The code specialists in their report note:
There are three general problems. First, providing exceptional access to communications would force a U-turn from the best practices now being deployed to make the Internet more secure. These practices include forward secrecy— where decryption keys are deleted immediately after use, so that stealing the encryption key used by a communications server would not compromise earlier or later communications. A related technique, authenticated encryption, uses the same temporary key to guarantee confidentiality and to verify that the message has not been forged or tampered with.
Second, building in exceptional access would substantially increase system complexity. Security researchers inside and outside government agree that complexity is the enemy of security — every new feature can interact with others to create vulnerabilities. …
Third, exceptional access would create concentrated targets that could attract bad actors. Security credentials that unlock the data would have to be retained by the platform provider, law enforcement agencies, or some other trusted third party. If law enforcement's keys guaranteed access to everything, an attacker who gained access to these keys would enjoy the same privilege. … Recent attacks on the United States Government Office of Personnel Management (OPM) show how much harm can arise when many organizations rely on a single institution that itself has security vulnerabilities.
They also observe that even if users could trust the U.S. government to protect and respect the privacy and free speech rights of citizens, the same cannot be said of other governments (China?, Russia?, Iran?) who would also demand access to communications of people they wish to watch, e.g., political dissidents and journalists.
"Such access will open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend," the report said. "The costs would be substantial, the damage to innovation severe, and the consequences to economic growth hard to predict. The costs to the developed countries' soft power and to our moral authority would also be considerable."
As cryptologist and co-author of the new report Bruce Schneier said in 2013 at the Cato Institute's conference on NSA surveillance:
"A secure Internet is in everyone's interests. We are all better off if no one can do this kind of bulk surveillance. Fundamentally, security is more important than surveillance."
Correct then and correct now.