The Least Worst Way of Letting the Government Read Encrypted Messages Is Still a Terrible Idea
A lawyer and cryptographer try to sketch out the most secure way to let the U.S. government intercept encrypted messages—and conclude it still won’t work.
Encryption technology is crucial for personal, corporate, and government communications.
In the past year or so the FBI, the Department of Homeland Security, and the White House have all said they want ways to break open encrypted communications. Many encryption and security experts have explained that any such “backdoor” in an encryption system would be easily abused and could be used by others than those it was intended for. But if you assume for a moment that the government will get what it asks for, what’s the least worst way to build it?
Information security attorney James Denaro thinks he has the answer. In a talk at the Black Hat computer security conference in Las Vegas on Wednesday he outlined a way U.S. authorities could be permitted to selectively unscramble encrypted messages, and suggested it should be built so the pros and cons of giving the government what it wants can be more fully understood.
Most discussion of how a government might get access to encrypted data has focused on designs with what you might call a direct backdoor – the government gets a master key or collection of keys that it can use to directly unlock encrypted messages. Opponents say that would make it too easy for the government to abuse its backdoor while also creating a very juicy target for hackers.
Denaro says more attention should be directed toward an alternative approach that doesn’t put so much power directly in the government’s hands. It would create a less direct backdoor—giving the government access into the system known as a keyserver that a company uses to manage the keys for an encrypted messaging system.
Under that approach, when the FBI wanted to target a person communicating via Apple’s iMessage—which strongly encrypts all messages—agents would have to go to Apple. On the presentation of a proper warrant, the company would use its keyserver to secretly switch the encryption keys used by the targeted person with a set that enabled the FBI to break open the messages.
Denaro says that wouldn’t provide authorities significantly different powers from those they have long enjoyed for earlier forms of communication. In the U.S., legislation that permits phone tapping and requires phone companies to enable it – within the bounds set by the Fourth Amendment – has been on the books for a long time. “To me it seems easily the less bad solution,” said Denaro. “I’d like to see a proof of concept.”
The cryptographer Matthew Green, an assistant professor at Johns Hopkins University, who shared a stage with Denaro at Black Hat, is less convinced. A keyserver backdoor works only for certain encrypted messaging systems, he pointed out. Specifically, ones with a design that requires you to entrust all control of your encryption keys to your messaging service provider – making encryption easier to use – such as with iMessage.
Green and Denaro are more in agreement about the negative consequences for the world were a keyserver backdoor to be introduced. Although abuse of such a system would be possible in the U.S., it should be reined in by legal protections and public scrutiny, said Denaro. But other countries that lack such protections would surely demand that tech companies gave them a similar backdoor.
“In countries without those safeguards they will use this to do whatever they want,” said Green. “That worries me.” And Denaro acknowledged that Apple would likely find it very difficult to say no to countries asking it to give them what it gave the U.S. The company received over $16 billion in revenue from China in its most recent quarter.
The U.S. government might not get much in return for handing unsavory governments a tool for oppression. The criminals most threatening to the U.S. at home and overseas are smart enough not to use any encrypted messaging system known or suspected to be backdoored, said Denaro. He says his proposed backdoor design could make the U.S. government realize that gaining new powers to chase minor criminals is not worth the negative consequences for democracy worldwide. “Maybe we want to say we don’t want to do this at all,” said Denaro.
Green doesn’t even think it’s worth kicking the tires on Denaro’s “less bad” solution. “It’s a terrible idea,” he said. “I think we should get used to the idea that private communications between people are not accessible.”
Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.Subscribe today