The paper was published July 7, the day before FBI Director James Comey and Deputy Attorney General Sally Quillian Yates were scheduled to testify before the Senate Judiciary Committee on the dangers they believe new encryption technologies pose in preventing law enforcement from monitoring criminals, terrorists and adversaries.
The paper contends providing law enforcement with `exceptional access` to encrypted data would pose grave security risks, imperil innovation and raise thorny issues for human rights and international relations.
`Building backdoors into all computer and communication systems is against most of the principles of security engineering, and it also against the principles of human rights,` one of the paper`s authors, University of Cambridge Professor Ross Anderson, writes in his blog.
Three Obstacles
The paper`s authors identify three problems with providing law enforcement and intelligence agencies with exceptional access to decrypt data:
1. Providing exceptional access would force a U-turn from the best practices being deployed to make the Internet more secure. These practices include forward secrecy, in which decryption keys are deleted immediately after use, so that stealing them would not compromise other communications. A related technique, authenticated encryption, uses the same temporary key to guarantee confidentiality and to verify that the message has not been forged or tampered with.
2. Building in exceptional access would substantially increase system complexity. Security researchers see complexity as the enemy of security; each new feature can interact with others to create vulnerabilities. To achieve widespread exceptional access, new technology features would have to be deployed and tested with hundreds of thousands of developers all around the world, creating an extremely complex computing environment.
3. Exceptional access would create concentrated targets that could attract bad actors. Security credentials that unlock the data would have to be retained by the platform provider, law enforcement agencies or a trusted third party. If law enforcement`s keys guaranteed access to everything, an attacker who gained access to these keys would enjoy the same privilege. Law enforcement`s stated need for rapid access to data would make it impractical to store keys offline or split keys among multiple keyholders, as security engineers would normally do with extremely high-value credentials. As the recent Office of Personnel Management breach demonstrates, much harm can arise when many organizations rely on a single institution that itself has security vulnerabilities.
Clipper Chip Debate Revisited
This isn`t the first time security experts have voiced joint opposition to government efforts to bypass encryption. In 1997, the cryptographic community lobbied against the proposed Clipper Chip, which sought to have all strong encryption systems retain a copy of keys necessary to decrypt information with a trusted third party that would turn over keys necessary to decrypt data to law enforcement with a court order. The government eventually abandoned its Clipper Chip initiative.
Read original article
No comments:
Post a Comment