It should not come as a surprise, but President Trump’s selection for U.S. Attorney General wants to have backdoors in encryption. Here’s the basic math. Any backdoor into encrypted files means no encrypted file is safe. Senator Jeff Sessions, Trump’s AG nominee:
Encryption serves many valuable and important purposes. It is also critical, however, that national security and criminal investigators be able to overcome encryption, under lawful authority, when necessary to the furtherance of national-security and criminal investigations.
Uh oh. This is a statement from someone who does not understand how encryption works, the underlying benefits of personal privacy and security, and the ramifications of what happens when encryption has backdoor access.
First the basics on the issue of encryption.
In cryptography, encryption is the process of encoding messages or information in such a way that only authorized parties can access it. Encryption does not of itself prevent interference, but denies the message content to the interceptor. In an encryption scheme, the intended information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. It is in principle possible to decrypt the message without possessing the key, but, for a well-designed encryption scheme, large computational resources and skill are required. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.
That’s technospeak for ‘proper encryption’ which cannot easily be decrypted without the key or password. What Sessions and others in government want is a law which demands encryption backdoors to help track down lawbreakers. Or, potential lawbreakers. Or, anyone the government deems a threat to national security. Or, well, anyone it chooses.
What is encrypted these days? If you use FileVault on your Mac, your Mac is encrypted. There is no backdoor. All you get is a password and a key. Lose them and the data on your Mac is subject to a footnote in history and Apple cannot help. The same holds true for other devices where encryption is employed to lock up and secure personal information. A backdoor to the encrypted files– ostensibly for government spooks– means all spooks have access because backdoor keys get lost, stolen, duplicated, and eventually used by those not in power but who want to exercise even more power, personal privacy rights be damned.
Worse, the very criminals, terrorists, hackers, and foreign entities that the U.S. government’s own spooks would seek to compromise will be able to generate backdoor-less encryption. That is easy to the point of trivial.
You and I won’t be safe from government intrusion when encryption backdoors are common, but the bad guys– the terrorists, criminals, and foreign entities the government wants– will be safe from backdoor intrusion.
Anybody see a problem with that scenario?
What is also interesting here is that those lawmakers and government officials in charge of making policy have no understanding of the underlying technology yet are willing to put everyone at risk with a sure-to-fail policy.
At one time cryptography— from which encryption is derived– was considered munitions by the U.S. government, and export was restricted.
Due to the enormous impact of cryptanalysis in World War II, these governments saw the military value in denying current and potential enemies access to cryptographic systems. Since the U.S. and U.K. believed they had better cryptographic capabilities than others, their intelligence agencies tried to control all dissemination of the more effective crypto techniques. They also wished to monitor the diplomatic communications of other nations, including those emerging in the post-colonial period and whose position on Cold War issues was vital.
Amazingly, not much has changed in 70 years except rock solid encryption is free and everywhere, yet the government still wants to maintain control with backdoor access. Why is encryption so prevalent today?
The First Amendment made controlling all use of cryptography inside the U.S. illegal, but controlling access to U.S. developments by others was more practical — there were no constitutional impediments.
Various government policies became impossible to enforce and the free encryption generation was born. In the face of terrorist enemies, the government wants to turn back the clock. Here’s the problem. The clock cannot be turned back. The genie will not go back into the bottle. Toothpaste just makes a mess for those who want it to go back into the tube.
There is value to encryption backdoors. But only for government spooks, courts, criminals, foreign entities, and terrorists, but not for you or me.