Will Enforcing Encryption Backdoors Even Work?

Uploaded on 2015-07-28 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW

jamescomeyfbi_lg.jpg?quality=80

FBI Director James Comey claims that Isis is exploiting end-to-end encryption.

Ever since the Internet emerged into public view in the 1980s, a key question has been whether digital technology would pose an existential challenge to corporate and governmental power. In this context, I am what you might call a recovering utopian – “utopian” in that I once did believe that the technology would put it beyond the reach of state and corporate agencies; and “recovering” in the sense that my confidence in that early assessment has taken a hammering over the years. In that period, technology has sometimes trumped politics and/or commercial power, but at other times it’s been the other way round.

The early battles were over intellectual property. Since computers are essentially copying machines, making perfect copies of digital goods became child’s play. As a celebrated trope put it: “Copying is to digital technology as breathing is to animal life.” So began the copyright wars, triggered by widespread piracy and illicit sharing of copyrighted files, which emasculated the music industry and led to the emergence of new corporate masters of the media universe – Apple, Spotify, YouTube and the rest – and the taming of the file-sharing monster. Result: Technology 1, Establishment 1.
The second battleground was the monitoring of network communications. The Internet enabled anyone to become a global publisher and to exchange information via email with anyone who had a network connection. And this posed acute difficulties for established powers that were accustomed to being able to control the flow of information to their citizens. Since nothing on the net in the early days was encrypted, everyone communicated using the virtual equivalent of holiday postcards – readable by everyone who handled them en route to their destination. The only difficulty that states experienced in monitoring this unprotected torrent was its sheer volume, but Moore’s Law and technological development fixed that. It became feasible to collect “the whole goddam haystack” (to quote a former NSA director) if you threw enough resources at it. So they did – as Edward Snowden revealed. Result: Technology 0 Establishment 1.
The biggest battle has always been about encryption. From the 1980s, public-key cryptography gave the technically savvy the ability to protect the privacy of their messages using military-grade encryption, which meant the state could no longer monitor all online communications. The first response was to outlaw dissemination of the technology. When that failed, in 1993 the Clinton administration tried a new tack – the “Clipper chip” proposal. 
This involved two things: the installation of a “doctored” chip in mobile phones; and (later) mandating that all encryption systems should lodge a copy of decryption keys with a trusted third party who would turn them over to the cops on production of a warrant (“key escrow”). The chip idea collapsed under the weight of its own absurdity, and in 1997 key escrow idea examined and demolished by a group of leading computer security experts and eventually Clinton quietly buried the idea. Result: Technology 1, Establishment 0.
But now it’s back, with a vengeance. Stung by the fact that, post-Snowden, Apple, Google and Facebook are implementing strong encryption, governments are starting to panic. Over in Washington, FBI director, James Comey, is infuriated that applications such as Facebook’s WhatsApp and Apple’s iMessage are now providing end-to-end encryption, a technology that Comey claims is being exploited by – guess who? – Isis. 
Comey wants companies to be forced to insert a “backdoor” for law enforcement into encryption software. Over here, David Cameron has been drinking the same Kool Aid. “In our country,” he asked in January, “do we want to allow a means of communication between people which we cannot read? My answer to that question is: no we must not.” Which either means either that he wants to ban services such as WhatsApp or iMessage or that he will demand a backdoor into them.
Since banning them is a non-starter, we’ve arrived at Clipper chip v2.0. And, as luck would have it, the same group of experts who demolished the original proposal have now had a look at the prospects for v2.0. Their report, Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications, is worth reading in full. It concludes that proposals for backdoors are “unworkable in practice, raise enormous legal and ethical questions, and would undo progress on security at a time when Internet vulnerabilities are causing extreme economic harm”.
In case you’re wondering what could be wrong with entrusting secret keys to the government for use “in exceptional circumstances”, just ponder this: a few months ago, hackers (suspected to be Chinese) stole the personnel records of 21.5 million US federal employees, including the records of every person given a government background check for the last 15 years.
Guardian: http://http://bit.ly/1I4rUP0

« Scientists Want to Keep AI Out of Weapons
Hacking Team Inside Job »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Precursor Security

Precursor Security

Precursor Security are information security specialist, delivering all aspects of Security testing, Cyber Risk Management, and Continuous Security Testing.

US Digital Corps

US Digital Corps

The U.S. Digital Corps is a new two-year fellowship for early-career technologists where you will work every day to make a difference in critical impact areas including cybersecurity.

Comcast Business

Comcast Business

Comcast Business keeps businesses ready for what’s next with powerful connectivity, advanced cybersecurity solutions, and the right people at your side.

Cyber Bytes Foundation

Cyber Bytes Foundation

Cyber Bytes Foundation exists to establish and sustain a unique Cyber Ecosystem to accelerate the development of a strong Cyber workforce and support community outreach programs.

SecureStream Technologies

SecureStream Technologies

SecureStream Technologies have built the IoT SafetyNet - the Network Security Analytics platform to Eliminate Security Threats, Guarantee Privacy, Ensure Compliance, Simply & Easily.

Air IT

Air IT

Air IT are a responsive, client-focused and award-winning Managed Service Provider, helping clients achieve success and transformation through their IT and communications.

Strata Identity

Strata Identity

Strata is pioneering identity orchestration to unify on-premises and cloud-based authentication and access systems for consistent identity management in multi-cloud environments.

IBM Security

IBM Security

IBM manufactures and markets computer hardware, middleware and software, and offers hosting and consulting services in areas ranging from mainframe computers to nanotechnology.

Redington

Redington

Redington offer products and services in solution areas including digital transformation, hybrid infrastructure and cybersecurity.

Judy Security

Judy Security

Judy (formerly AaDya Security) provides smart, simple, effective, all-in-one cybersecurity for SMBs. Get the 24/7 protection and support you deserve, at a price you can afford.

Reaktr.ai

Reaktr.ai

Reaktr.ai is founded on the vision of using AI as a catalyst to propel industries into a future where we redefine what's possible. Fortify your cybersecurity defense with our AI-powered platform.

Icon Information Systems (ICONIS)

Icon Information Systems (ICONIS)

ICONIS is an integrated infrastructure and service provider, offering unified Information Technology (IT) solutions globally.

Skillfield

Skillfield

Skillfield is a Melbourne based Cyber Security and Data Services consultancy and professional services company.

Corgea

Corgea

Corgea is AI-powered security platform that finds, triages and fixes your insecure code.

iConnect IT Business Solutions DMCC

iConnect IT Business Solutions DMCC

iConnect is a trusted IT Solutions and Technology Services company, proudly serving clients across the Middle East and Africa.

Blockaid

Blockaid

Blockaid is the onchain security platform for monitoring, detecting, and responding to onchain and offchain threats.