Wednesday, January 25, 2017

Encryption backdoors are still a bad idea

It was a bad idea under the Obama administration, and it's still a bad idea:
US President Donald Trump's pick for his Attorney General and head of the FBI will have security specialists nervous, since both believe breaking encryption is a good idea. 
Senator Jefferson Beauregard "Jeff" Sessions III (R‑AL) is Trump's pick for the top legal job in the US. In congressional testimony, he outed himself as a committed backdoor man when it comes to encryption. In the written testimony [PDF] to Senator Patrick Leahy, (D‑VT) he laid out his position. 
"Encryption serves many valuable and important purposes," Sessions wrote. "It is also critical, however, that national security and criminal investigators be able to overcome encryption, under lawful authority, when necessary to the furtherance of national security and criminal investigations." 
That's going to be bad news for people who favor strong encryption. The finest minds in cryptography have repeatedly pointed out the impossibility of building a backdoor for law enforcement into secure encryption, since there's no way to stop others from finding and exploiting the Feds-only access.
The Federales have been pushing for crypto backdoors since the early 1990s (remember the Clipper chip?) and it has always floundered on the rock of "there's no way to keep the bad guys from learning the backdoor".

The choice for the Fed.Gov is this:  live with crypto that they can't (easily) break, or destroy encryption (and the Internet economy that depends on it).

I know that they want a backdoor that only they know about.  I want a unicorn that farts 93 octane into my gas tank.  And remember: they would ask us in the security community to trust them after the Snowden revelations showing how we can't trust them.


Ted said...

Ok let's assume that the Goverment successfully legislates that all communication software in the US has to have a "Backdoor".

How long would it take for some "off shore" vendor to start selling private "unbreakable " encryption" add on's.

........ your answer can be in minutes if you want.

Old NFO said...

Yep, the ongoing battle... Privacy is an 'almost' unobtainable goal, but there will always be those who want it... :-)

Eric Wilner said...

I remember downloading strong crypto from Finland, back in the day.
And, being a sneaky rascal, I have a dastardly plan for planting unbreakably-encrypted files in the browser caches of those who visit my web site. They could be anything! Plans for nuclear weapons! Video clips of [omitted]! Or just random bits; you just can't tell.
Hand over the keys for these files we found on your computer, Or Else!

LindaG said...

A unicorn with wings would be better. ;-)

There is no way we could trust a government that could get into any system it wanted to. We couldn't trust the people that work for it, either.
Snowden did us a favor.