Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Intelligent Machines

The Least Worst Way of Letting the Government Read Encrypted Messages Is Still a Terrible Idea

A lawyer and cryptographer try to sketch out the most secure way to let the U.S. government intercept encrypted messages—and conclude it still won’t work.

Encryption technology is crucial for personal, corporate, and government communications.

In the past year or so the FBI, the Department of Homeland Security, and the White House have all said they want ways to break open encrypted communications. Many encryption and security experts have explained that any such “backdoor” in an encryption system would be easily abused and could be used by others than those it was intended for. But if you assume for a moment that the government will get what it asks for, what’s the least worst way to build it?

Information security attorney James Denaro thinks he has the answer. In a talk at the Black Hat computer security conference in Las Vegas on Wednesday he outlined a way U.S. authorities could be permitted to selectively unscramble encrypted messages, and suggested it should be built so the pros and cons of giving the government what it wants can be more fully understood.

Most discussion of how a government might get access to encrypted data has focused on designs with what you might call a direct backdoor – the government gets a master key or collection of keys that it can use to directly unlock encrypted messages. Opponents say that would make it too easy for the government to abuse its backdoor while also creating a very juicy target for hackers.

Denaro says more attention should be directed toward an alternative approach that doesn’t put so much power directly in the government’s hands. It would create a less direct backdoor—giving the government access into the system known as a keyserver that a company uses to manage the keys for an encrypted messaging system.

Under that approach, when the FBI wanted to target a person communicating via Apple’s iMessage—which strongly encrypts all messages—agents would have to go to Apple. On the presentation of a proper warrant, the company would use its keyserver to secretly switch the encryption keys used by the targeted person with a set that enabled the FBI to break open the messages.

Denaro says that wouldn’t provide authorities significantly different powers from those they have long enjoyed for earlier forms of communication. In the U.S., legislation that permits phone tapping and requires phone companies to enable it – within the bounds set by the Fourth Amendment – has been on the books for a long time. “To me it seems easily the less bad solution,” said Denaro. “I’d like to see a proof of concept.”

The cryptographer Matthew Green, an assistant professor at Johns Hopkins University, who shared a stage with Denaro at Black Hat, is less convinced. A keyserver backdoor works only for certain encrypted messaging systems, he pointed out. Specifically, ones with a design that requires you to entrust all control of your encryption keys to your messaging service provider – making encryption easier to use – such as with iMessage.

Green and Denaro are more in agreement about the negative consequences for the world were a keyserver backdoor to be introduced. Although abuse of such a system would be possible in the U.S., it should be reined in by legal protections and public scrutiny, said Denaro. But other countries that lack such protections would surely demand that tech companies gave them a similar backdoor.

“In countries without those safeguards they will use this to do whatever they want,” said Green. “That worries me.” And Denaro acknowledged that Apple would likely find it very difficult to say no to countries asking it to give them what it gave the U.S. The company received over $16 billion in revenue from China in its most recent quarter.

The U.S. government might not get much in return for handing unsavory governments a tool for oppression. The criminals most threatening to the U.S. at home and overseas are smart enough not to use any encrypted messaging system known or suspected to be backdoored, said Denaro. He says his proposed backdoor design could make the U.S. government realize that gaining new powers to chase minor criminals is not worth the negative consequences for democracy worldwide. “Maybe we want to say we don’t want to do this at all,” said Denaro.

Green doesn’t even think it’s worth kicking the tires on Denaro’s “less bad” solution. “It’s a terrible idea,” he said. “I think we should get used to the idea that private communications between people are not accessible.”

Get stories like this before anyone else with First Look.

Subscribe today
Already a Premium subscriber? Log in.

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Intelligent Machines

Artificial intelligence and robots are transforming how we work and live.

Want more award-winning journalism? Subscribe and become an Insider.
  • Insider Plus {! insider.prices.plus !}* Best Value

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

    Bimonthly digital/PDF edition

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special interest publications

    Discount to MIT Technology Review events

    Special discounts to select partner offerings

    Ad-free web experience

  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning print magazine, unlimited online access plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

  • Insider Online Only {! insider.prices.online !}*

    {! insider.display.menuOptionsLabel !}

    Unlimited online access including articles and video, plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.