Modern field guide to security and privacy

Opinion: Miscalculating the risk of crypto 'backdoors'

British and US officials argue that risk from tech companies giving law enforcement access to encrypted data is manageable. But the dangers from any flaws in cryptography outweigh the short-term benefit for police and spy agencies. 

Stefan Wermuth/Reuters
Britain's Prime Minister David Cameron. REUTERS/Stefan Wermuth

As Britain continues to debate its revised Investigatory Powers bill, which opponents deride as the "snoopers' charter," it seems increasingly evident that Prime Minister David Cameron is lockstep with many US law enforcement officials when it comes to the encryption debate. 

While Mr. Cameron's government claims that the bill doesn't mandate so-called "backdoors" into encryption on consumer devices, the bill suggests otherwise. It currently states that communication service providers must maintain the capability to remove "electronic protection" they apply to protect communications or data.

Sounds familiar, right? FBI Director James Comey recently testified that the FBI is working with the tech sector (which has publicly opposed weakening encryption standards) to find ways to decrypt communications so that investigators can more easily access it during criminal or terrorist investigations. 

Mr. Comey said the agency isn't pushing a legislative fix to compel tech companies to decrypt data that agency officials often refer to as "warrant proof," but pushing for backdoors behind closed doors won't make them any less risky.

Whether it's Britain or the US insisting that tech companies develop a mechanism to give police or spy agencies access to encrypted communications, backdoors put everyone at risk. And what’s at stake is far larger than whether the FBI, British investigators, local police departments,or foreign government officials can decipher information they've retrieved from an iPhone

Simply put, encryption backdoors introduce security vulnerabilities in our devices, degrading the cryptography that protects the integrity of systems. In our highly connected world, the security vulnerabilities in one device, such as a smartphone, are often the gateway used to attack another, such as our home or business automation systems.

In a recent experiment, for example, hackers took over a Jeep Cherokee through the onboard entertainment system while a Wired reporter drove the car on a freeway. The takeover was a planned experiment that exploited existing vulnerabilities in the entertainment system.

But the entertainment system could just as easily have been an iPhone, or other smartphone, which increasingly serve as the entertainment and communication centers in our cars, homes, and offices. If this seems far fetched, consider that in 2010 researchers were able to commandeer a Chevy Impala with a hack that began with a phone call to the OnStar computers and ended with them seizing control of the networked computers that control everything, including brakes and transmission.

Now, imagine adopting a policy that would make it easier for them to do so. That’s the policy law enforcement is pushing, and that's why we should reject it. 

As some of the world's top computer security experts forcefully argued in a paper released in July, crypto backdoors are a terrible idea. Advocates of backdoors create the impression that vulnerabilities can be contained, and access managed – that only the good guys will be able to use the doors.

This is nonsense, disproved by years of research and experience. Managing who can access and use those keys is a logistical and political nightmare and adding the backdoor functionality itself is much more likely to introduce additional vulnerabilities that bad actors can exploit.

Inevitably, malicious hackers will get copies of the keys or exploit new flaws in the much more complicated system, and the vulnerabilities in one device will support attacks on others, endangering personal information, critical infrastructure, and public health and safety. 

Though encryption is poorly understood and often considered a purely technical issue, in fact it's an essential building block of safety and security in the networked world. We need more encryption to reduce the hacks and breaches plaguing individual citizens, corporations, and governments – what’s at risk is far greater than our data and our privacy.

As vice chairman of the Joint Chiefs of Staff Adm. James Winnefeld recently remarked, "We are more vulnerable than any other country in the world, [due to] our dependence on cyber."

He summed up the hard but clear choice we must make, and came down firmly against making it easier for intelligence agencies to open back doors to encrypted files. "We would all win if our networks are more secure," Admiral Winnefeld said.

Like the world’s most experienced cybersecurity experts, the general knows that once the crypto backdoor is opened, it's nearly impossible to keep the bad guys out.

The Obama administration and the British Parliament should step out of the backrooms, abandon backdoors, and come out in support of strong encryption. Public health and safety, and individual privacy all depend upon it. As Winnefeld said, doing so would be a win for us all.

Deirdre K. Mulligan is an associate professor at the School of Information UC Berkeley, and coauthor with Kenneth Bamberger of "Privacy on the Ground: Driving Corporate Behavior in the United States and Europe," just out from MIT Press. 

 

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.