Will Enforcing Encryption Backdoors Even Work?

jamescomeyfbi_lg.jpg?quality=80

FBI Director James Comey claims that Isis is exploiting end-to-end encryption.

Ever since the Internet emerged into public view in the 1980s, a key question has been whether digital technology would pose an existential challenge to corporate and governmental power. In this context, I am what you might call a recovering utopian – “utopian” in that I once did believe that the technology would put it beyond the reach of state and corporate agencies; and “recovering” in the sense that my confidence in that early assessment has taken a hammering over the years. In that period, technology has sometimes trumped politics and/or commercial power, but at other times it’s been the other way round.

The early battles were over intellectual property. Since computers are essentially copying machines, making perfect copies of digital goods became child’s play. As a celebrated trope put it: “Copying is to digital technology as breathing is to animal life.” So began the copyright wars, triggered by widespread piracy and illicit sharing of copyrighted files, which emasculated the music industry and led to the emergence of new corporate masters of the media universe – Apple, Spotify, YouTube and the rest – and the taming of the file-sharing monster. Result: Technology 1, Establishment 1.
The second battleground was the monitoring of network communications. The Internet enabled anyone to become a global publisher and to exchange information via email with anyone who had a network connection. And this posed acute difficulties for established powers that were accustomed to being able to control the flow of information to their citizens. Since nothing on the net in the early days was encrypted, everyone communicated using the virtual equivalent of holiday postcards – readable by everyone who handled them en route to their destination. The only difficulty that states experienced in monitoring this unprotected torrent was its sheer volume, but Moore’s Law and technological development fixed that. It became feasible to collect “the whole goddam haystack” (to quote a former NSA director) if you threw enough resources at it. So they did – as Edward Snowden revealed. Result: Technology 0 Establishment 1.
The biggest battle has always been about encryption. From the 1980s, public-key cryptography gave the technically savvy the ability to protect the privacy of their messages using military-grade encryption, which meant the state could no longer monitor all online communications. The first response was to outlaw dissemination of the technology. When that failed, in 1993 the Clinton administration tried a new tack – the “Clipper chip” proposal. 
This involved two things: the installation of a “doctored” chip in mobile phones; and (later) mandating that all encryption systems should lodge a copy of decryption keys with a trusted third party who would turn them over to the cops on production of a warrant (“key escrow”). The chip idea collapsed under the weight of its own absurdity, and in 1997 key escrow idea examined and demolished by a group of leading computer security experts and eventually Clinton quietly buried the idea. Result: Technology 1, Establishment 0.
But now it’s back, with a vengeance. Stung by the fact that, post-Snowden, Apple, Google and Facebook are implementing strong encryption, governments are starting to panic. Over in Washington, FBI director, James Comey, is infuriated that applications such as Facebook’s WhatsApp and Apple’s iMessage are now providing end-to-end encryption, a technology that Comey claims is being exploited by – guess who? – Isis. 
Comey wants companies to be forced to insert a “backdoor” for law enforcement into encryption software. Over here, David Cameron has been drinking the same Kool Aid. “In our country,” he asked in January, “do we want to allow a means of communication between people which we cannot read? My answer to that question is: no we must not.” Which either means either that he wants to ban services such as WhatsApp or iMessage or that he will demand a backdoor into them.
Since banning them is a non-starter, we’ve arrived at Clipper chip v2.0. And, as luck would have it, the same group of experts who demolished the original proposal have now had a look at the prospects for v2.0. Their report, Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications, is worth reading in full. It concludes that proposals for backdoors are “unworkable in practice, raise enormous legal and ethical questions, and would undo progress on security at a time when Internet vulnerabilities are causing extreme economic harm”.
In case you’re wondering what could be wrong with entrusting secret keys to the government for use “in exceptional circumstances”, just ponder this: a few months ago, hackers (suspected to be Chinese) stole the personnel records of 21.5 million US federal employees, including the records of every person given a government background check for the last 15 years.
Guardian: http://http://bit.ly/1I4rUP0

« Scientists Want to Keep AI Out of Weapons
Hacking Team Inside Job »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

National Defence Radio Establishment (FRA) - Sweden

National Defence Radio Establishment (FRA) - Sweden

The National Defence Radio Establishment (Försvarets Radioanstalt), is the Swedish national authority for Signals Intelligence, also providing Information assurance services to government authorities.

SecureDevice

SecureDevice

SecureDevice is a Danish IT Security company.

Averon

Averon

Averon's technology is the new gold standard for digital identity - the easiest, fastest and most secure verification solution for users on both WiFi and LTE.

Cansure

Cansure

Cansure is a leading insurance provider in Canada offering a broad range of property & casualty insurance solutions including Cyber & Data Breach insurance.

Rippleshot

Rippleshot

Rippleshot is a fraud analytics firm that detects mass card compromises faster, allowing issuers to execute more proactive fraud detection strategies.

Digital Management (DMI)

Digital Management (DMI)

DMI is a provider of mobile enterprise, business intelligence and cybersecurity services.

OpenZeppelin

OpenZeppelin

OpenZeppelin builds developer tools and performs security audits for distributed systems that power multimillion-dollar economies.

GV (Google Ventures)

GV (Google Ventures)

GV provides venture capital funding to bold new companies in the fields of life science, healthcare, artificial intelligence, robotics, transportation, cyber security and agriculture.

TierPoint

TierPoint

TierPoint delivers secure, reliable, and connected infrastructure solutions at the internet’s edge. We meet you where you are in your journey to solve for data storage, compute, and recovery.

Drip7

Drip7

Drip7 is a micro-learning platform that is re-inventing the way companies train their employees and build lasting cultural change around the importance of cybersecurity.

Alibaba Cloud

Alibaba Cloud

Alibaba Cloud is committed to safeguarding the cloud security for every business by leveraging a comprehensive suite of enterprise security services and products on the platform.

Oregon Systems

Oregon Systems

Oregon Systems is a Regional Leader & Distributor with value added services for OT, IoT, IIoT & IT Cybersecurity products, Solutions & professional services throughout the middle-east region.

Netox

Netox

Netox is a comprehensive IT service provider that combines IT support services, IT solutions and specialist services; specializing in cybersecurity solutions.

Hexagon

Hexagon

Hexagon is a global leader in digital reality solutions. We are putting data to work to boost efficiency, productivity, quality and safety.

Mindcore Technologies

Mindcore Technologies

Mindcore provide cyber security services, managed IT services and IT consulting services to businesses in NJ, FL, and throughout the United States.

OutKept

OutKept

OutKept offers the highest quality phishing simulation campaigns, supported by a community of ethical phishers, to build awareness, and maintain alertness.