Wednesday, July 31, 2019

Government encryption backdoors are are a seriously bad idea

Attorney General Robert Barr has floated making government backdoors in encryption software mandatory.  I've posted about this before:
The choice for the Fed.Gov is this:  live with crypto that they can't (easily) break, or destroy encryption (and the Internet economy that depends on it).

I know that they want a backdoor that only they know about.  I want a unicorn that farts 93 octane into my gas tank.  And remember: they would ask us in the security community to trust them after the Snowden revelations showing how we can't trust them.
There is an excellent overview from Robert Graham that covers this in some detail:
Cryptographers don't know how slightly weak crypto that's only 99% secure instead of 100% secure, because any small weakness inevitably gets hacked into an enormous gaping hole.

Barr derides our concerns as being only "theory", but it's theory backed up my a lot of experience. It's like asking your doctor to prove that losing weight and exercising will improve your health. Our experience from cryptography is that there is no such things as a little bit weak. We know of no way to implement the government's backdoor in such a way that won't have grave impacts. I might not be able to immediately point out the holes in whatever scheme you have concocted, but that doesn't mean I believe your backdoor scheme doesn't have weaknesses. My decades of experience tells me it's only a matter of time before those weaknesses explode into gapping holes that hackers exploit.
I would add the note that Edward Snowden shows that a secret like this could not possibly remain secret.  What would the Chinese and Russians do with access to this?  Which leads to Graham's policy argument:
China and Russia show us the answer to this question. Both have cracked down on encrypted communications. China mandates devices have a backdoor whereby the government can access anything on a phone, encrypted or not. Russia has cracked down on Telegram, an encrypted messaging app popular in Russia. Both cases have been motivated by their desire to crack down on dissidents.


Thus, the debate isn't whether the U.S. government should have this power, but whether governments in general should have this power. If it were only the U.S., we might trust them with backdoors, because the U.S. is a free country and not a totalitarian state. But that's the same as saying that we trust our current government to regulate speech because they'd never restrict political speech the way they do in China and Russia.
Of course, there is a long list of where the US Government has violated many laws and Constitutional mandates.
So now let's go back and revisit what sounds like a reasonable argument that the Fourth Amendment balances privacy and security.

There is no evidence of an imbalance. Crime rates aren't increasing, clearance rates (of solving crimes) aren't decreasing [Note: Graham's post has data to back this up - Borepatch]. Far from "going dark", we live in a Golden Age of Surveillance, were police are able to grab our GPS records, credit card receipts, phone metadata, and other records, often without a warrant. It's impractical to travel anonymously in the United States, as the government gets a copy of plane and train records, and is increasingly blanketing the country with license plate readers to track our cars. If a rebalancing of the "privacy vs. security" equation is needed, it's in favor of privacy.

But we aren't talking about that balance. We are instead balancing "security vs. security". It has become obvious that privacy of security communications is a wholly separate concern from other privacy issues. Even though we rely upon government to provide for public safety, we are in danger from governments that abuse their power to repress citizens. It is every much as important for political dissidents that we protect private communications (with encryption) as we protect their right to public communications (free speech).
There are very few things that make me distrust our Law Enforcement community more than the persistent proposal that we destroy encryption.  The mathematics of cryptography is subtle and really easy to screw up in unpredictable ways.   It's impossible to predict, but it's entirely possible that a backdoor that lets the Government read your email could also let them write emails.  The Russians and the Chinese would have a field day with this once the secret inevitably leaks - allowing them to forge incriminating emails about politicians to undermine trust in our political system or forge bogus financial transactions to wreak havoc with the economy.  Among other things.

Quite frankly, this is a glaring example of why the Swamp needs to be drained.


Gorges Smythe said...

Aw, come on, you KNOW that we can trust the government!

Sherm said...

It also fails the "Jew in the attic" test rather spectacularly.

Eric Wilner said...

Alas, political animals are unclear on the concept of "impossible in principle," or for that matter "what you are demanding does not even make sense."
See also "The Expert". Drawing a red line with transparent ink, oh yes.