Keys Under Doormats: Mandating Insecurity by Requiring Government Access to All Data and Communications
At Enigma 2016, Ron Rivest presented one of his papers that discusses the idea of providing “exceptional access” in encrypted systems to law enforcement. Rivest explained why he and his coauthors think exceptional access by law enforcement would cause great damage for society.
In the 90s, the first crypto war occurred, as the US government expressed concern about the potential impact of the widespread use of encryption. In 1993, the government proposed a mandated use of a device named the Clipper Chip for encryption, which had a backdoor for government agencies to access content. The proposal was abandoned, in particular because Matt Blaze found ways to defeat the technique proposed. At that time, encryption benefits seemed to outbalance law enforcement concerns.
Since 2015, a second crypto wars is raging as law enforcement is troubled again by the use of encryption as a mean to defeat them. Their current proposal is to have exceptional access implemented in all encrypted systems. However, as the world is even more complicated than in the 90s, “the idea of providing exceptional access is even more dubious”.
One of the problem with the exceptional access proposal is that technical specifications are missing for the “exceptional access”. What would be the scope of things needing to be regulated: phones, apps,…? Furthermore, jurisdictional aspects can get quite complicated: “Can China access iPhones of traveling U.S. officials?” This problem cannot be addressed as a US-only problem anymore, it needs to be thought as a global problem.
“Exceptional access makes the internet less secure”
The second problem stems from the fact that the cure is worse than the disease. Imagine putting in place a solution to provide exceptional access. It would create new vulnerabilities both directly and indirectly. Direct vulnerabilities would be induced by the exceptional access, potentially allowing people to exploit it. Unintended vulnerabilities would eventually surface from the system’s greatly increased complexity.
“There is a huge engineering cost trying to provide exceptional access, it makes cryptography — an essential tool — more expensive and difficult to use. “
Furthermore, implementing an exceptional access would require violating best practices like forward security — compromise of long term keys do not compromise past session keys — and authenticated encryption — which simultaneously provides confidentiality, integrity, and authentication. Thus, it would eventually require a redesign of protocols like TLS. Finally, law enforcement with exceptional access could easily forge messages additionally to being able to access keys. This could lead to serious problems in applications like voting. Consequently, the long term damage is evident in terms of cryptography cost management.
There are many unanswered questions related to exceptional access for law enforcement: Is it sufficiently justified?, What would be its coverage (technical, jurisdictional)?, How to deal with human rights (privacy, anonymity)? Would it require the creation of new cryptographic standards? Could it eventually reduce the use of cryptography?
Please leave any comments you may have below or reach out to me on Twitter at https://twitter.com/NicolasPapernot