Four Impossible Things Before Key Escrow

Also available in German thanks to Christian Pietsch.

Earlier today, I remarked:

In response to which I encountered, as always happens, the following sentiment:

It is certainly true that the most obvious way to inspect the encrypted communications of many Internet users is for each one of them to register a private key with some government agency. This is roughly equivalent to changing your registered address at the DMV. (If you screw up and lose or otherwise compromise your own private key, then it’s back to the DMV with you.) South Korea, a nation of 50 million people — about a sixth the population of the US — already tried something analogous to this. When a famous actress committed suicide after ruthless Internet bullying, the South Korean federal government instituted a nationwide “real names” law, requiring users of sites with over 100,000 hits per day to input their national ID numbers on each such site they visited. Three years later, after criminals stole 35 million users’ credentials, the Korean courts ruled the law unconstitutional and remarked, “The system does not seem to have been beneficial to the public.”

Whether I’m looking at systems made of computers, systems made of humans, or systems made of humans and computers, I look at them the same way: as systems. I look at the inputs, I run them through the system, and if none of the outputs that can be obtained from the inputs are the outputs that the people asking for the system want, then I consider it completely reasonable to describe the desired outputs as “impossible.” Apparently this reasoning is opaque to the people who most need to understand it — the people who are asking for the system. I hope the following adds some clarity to your thinking, and theirs.

1. The people you want to catch won’t use it.

Users are an input to the system. But a cryptographic key is nothing but a number, at the end of the day, so how do you propose to ensure that only escrowed keys are used to secure communications? Arrest everyone who uses an unregistered key? That assumes that it’s possible to correlate an IP address to the person who sent a message from it, and this simply doesn’t hold for computers at libraries, schools, hotel business centers, FedEx stores, internet cafes, airport kiosks, and the hundreds of other places where people share computers. So long as general computation remains available to everyone, the free software that already exists is more than enough to ensure that anyone who refuses to escrow a key still has all the crypto they need. Moreover, so much of that same free software is absolutely vital to corporate and national infrastructures worldwide that it will always remain up-to-date, so even forcing law-abiding citizens onto a proprietary system doesn’t gain anything.

2. The people who do use it will hate it.

How do you set things up so that users with escrowed keys can use them conveniently, particularly on multiple (and mobile) devices? Give them cards with client certificates? Great, we’re back to the DMV again. I live in Belgium, where my national ID card has a smart chip that I use to electronically sign my tax return and other government forms. In 2013, it took so long for the government to issue my ID card that my visa actually expired and I had to apply for another one. Bureaucracy in the US might not be as bass-ackwards as it is in Belgium — but what happens when you lose your card? If I lose my driver’s license and get pulled over, I can tell the police officer my license number and they can look it up to determine whether my license is valid. If I lose my copy of my escrowed key and need to escrow a new one, I can’t (legally) encrypt anything at all until the registration goes through and I have the keys in hand.

And how does a smart card even work on mobile? NFC? Great, one carefully-constructed antenna and I just stole your private keys. Store the key material on the device instead? Even better, because all I have to do is get you to associate to a rogue CDMA or GSM base station that I control or open an image or video that I provide you (even via a link over the internet — and although Stagefright is patched, there are hundreds more vulns like it waiting, some undiscovered). Bam, I’ve 0wned your device and I just stole your private keys again. Which means I can do anything I want and make it look like your fault. You’ll hate that even more.

Which leads us directly into …

3. You don’t know how to keep information private.

35 million compromised South Korean national ID numbers is more than half the population of South Korea. People use the Internet a lot! We’ve known since July of this year that the United States Office of Personnel Management lost 21.5 million personnel records, including confidential information, to a data breach. The State of Georgia lost the private data, including Social Security numbers, of over six million citizens. (There are 10 million people in Georgia, so they’re almost up there with South Korea.) And people honestly think we can keep track of three hundred million records? Sorry, not buying it. As cyber attacks go, data breaches are some of the easiest to get away with, because our existing laws don’t truly incentivize the government to be careful with people’s data. If you’re in favor of key escrow, are you sure you really want to put the keys to everyone’s online purchasing and online messaging in a vault and then hand the keys to the vault to these jokers? An uncompromised key escrow vault is only a key escrow vault that hasn’t been compromised yet.

4. You already have more information than you can use.

Despite the calls to increase the reach of the surveillance state that immediately followed the Paris attacks earlier this month, there is absolutely no evidence that further surveillance would have thwarted the attackers or indeed that the attackers were using encryption at all. If you’re going to go through everyone’s encrypted communications, you still have to sort through the enormous haystack of perfectly harmless Facebook and WhatsApp chats, PayPal purchases, emails, and other communications that you think your terror needle is hiding in. Good luck with that. I work in natural language processing, specifically natural language semantics — the problem of getting computers to figure out what a written passage means — and the field is definitely not there yet. Sussing out meaning even in a single problem domain, like medicine, is a fiendishly difficult problem. If your policy decisions rely on the availability of general AI, your policy is going to fail. And since we’ve already established that the bad guys won’t even use your fancy key escrow system, your policy is about sifting through a stack of all hay and no needles to begin with. How does this help anyone?


I could go on, and perhaps I will, if journalists and politicians can get it into their heads that banging their heads against the same wall they’ve been banging them into since 1993 isn’t going to get them any better results. “Impossible to do securely,” when you’re talking about a security system, means impossible full stop. Backdoored encryption is not a viable solution, for technological reasons. The fact that the reasons key escrow is not a viable solution are partially social does not make it any less impossible of a solution. Give the public and the business world a break, America, and stop calling for either of them.