Opinion: Miscalculating the risk of crypto 'backdoors'
British and US officials argue that risk from tech companies giving law enforcement access to encrypted data is manageable. But the dangers from any flaws in cryptography outweigh the short-term benefit for police and spy agencies.
As Britain continues to debate its revised Investigatory Powers bill, which opponents deride as the "snoopers' charter," it seems increasingly evident that Prime Minister David Cameron is lockstep with many US law enforcement officials when it comes to the encryption debate.
While Mr. Cameron's government claims that the bill doesn't mandate so-called "backdoors" into encryption on consumer devices, the bill suggests otherwise. It currently states that communication service providers must maintain the capability to remove "electronic protection" they apply to protect communications or data.
Sounds familiar, right? FBI Director James Comey recently testified that the FBI is working with the tech sector (which has publicly opposed weakening encryption standards) to find ways to decrypt communications so that investigators can more easily access it during criminal or terrorist investigations.
Mr. Comey said the agency isn't pushing a legislative fix to compel tech companies to decrypt data that agency officials often refer to as "warrant proof," but pushing for backdoors behind closed doors won't make them any less risky.
Whether it's Britain or the US insisting that tech companies develop a mechanism to give police or spy agencies access to encrypted communications, backdoors put everyone at risk. And what’s at stake is far larger than whether the FBI, British investigators, local police departments,or foreign government officials can decipher information they've retrieved from an iPhone
Simply put, encryption backdoors introduce security vulnerabilities in our devices, degrading the cryptography that protects the integrity of systems. In our highly connected world, the security vulnerabilities in one device, such as a smartphone, are often the gateway used to attack another, such as our home or business automation systems.
In a recent experiment, for example, hackers took over a Jeep Cherokee through the onboard entertainment system while a Wired reporter drove the car on a freeway. The takeover was a planned experiment that exploited existing vulnerabilities in the entertainment system.
But the entertainment system could just as easily have been an iPhone, or other smartphone, which increasingly serve as the entertainment and communication centers in our cars, homes, and offices. If this seems far fetched, consider that in 2010 researchers were able to commandeer a Chevy Impala with a hack that began with a phone call to the OnStar computers and ended with them seizing control of the networked computers that control everything, including brakes and transmission.
Now, imagine adopting a policy that would make it easier for them to do so. That’s the policy law enforcement is pushing, and that's why we should reject it.
As some of the world's top computer security experts forcefully argued in a paper released in July, crypto backdoors are a terrible idea. Advocates of backdoors create the impression that vulnerabilities can be contained, and access managed – that only the good guys will be able to use the doors.
This is nonsense, disproved by years of research and experience. Managing who can access and use those keys is a logistical and political nightmare and adding the backdoor functionality itself is much more likely to introduce additional vulnerabilities that bad actors can exploit.
Inevitably, malicious hackers will get copies of the keys or exploit new flaws in the much more complicated system, and the vulnerabilities in one device will support attacks on others, endangering personal information, critical infrastructure, and public health and safety.
Though encryption is poorly understood and often considered a purely technical issue, in fact it's an essential building block of safety and security in the networked world. We need more encryption to reduce the hacks and breaches plaguing individual citizens, corporations, and governments – what’s at risk is far greater than our data and our privacy.
As vice chairman of the Joint Chiefs of Staff Adm. James Winnefeld recently remarked, "We are more vulnerable than any other country in the world, [due to] our dependence on cyber."
He summed up the hard but clear choice we must make, and came down firmly against making it easier for intelligence agencies to open back doors to encrypted files. "We would all win if our networks are more secure," Admiral Winnefeld said.
Like the world’s most experienced cybersecurity experts, the general knows that once the crypto backdoor is opened, it's nearly impossible to keep the bad guys out.
The Obama administration and the British Parliament should step out of the backrooms, abandon backdoors, and come out in support of strong encryption. Public health and safety, and individual privacy all depend upon it. As Winnefeld said, doing so would be a win for us all.
Deirdre K. Mulligan is an associate professor at the School of Information UC Berkeley, and coauthor with Kenneth Bamberger of "Privacy on the Ground: Driving Corporate Behavior in the United States and Europe," just out from MIT Press.