The world’s best cryptologists are warning the U.S. government that its desire to have privileged access to encrypted data is potentially damaging to worldwide privacy and security.
Such access would “pose far more grave security risks, imperil innovation on which the world’s economies depend, and raise more thorny policy issues than we could have imagined when the Internet was in its infancy,” argues a report released Tuesday.
The team of coding specialists is timing their new report to fall a day before FBI Director James Comey makes his most high-profile case that locking government investigators out of encrypted communications will allow criminals to operate with impunity.
Comey will deliver his message Wednesday before both the Senate Judiciary and Intelligence Committees. The FBI head has been pressing for Congress to give investigators a legal framework that would give the government “exceptional access,” with a warrant, to encrypted data. Many have pushed back, arguing any such guarantee ruins encryption, creating a vulnerability for nefarious actors to exploit.
Tuesday’s report is the first time many of these elite coders have convened since 1997, when they came together to urge the government not to require companies to install the Clipper chip.
The small hardware chip would have created a permanent access point for the government to unveil any masked communications. But the government backed down at the behest of coders, who argued such a practice was difficult to implement and would make products unsecure.
While the Clipper chip would have been bad, “the damage that could be caused by law enforcement exceptional access requirements would be even greater today,” the report says.
“In the wake of the growing economic and social cost of the fundamental insecurity of today's Internet environment, any proposals that alter the security dynamics online should be approached with caution,” it adds.
Any type of guaranteed access is technologically unfeasible, the cryptographers argue.
Proponents have argued that the government could have exclusive access to a private key that would allow only them to unlock encrypted data.
That contradicts a basic encryption practice, in which keys are deleted immediately after use, the cryptologists said.
“It would be the equivalent of taking already-read, highly sensitive messages, and, rather than putting them through a shredder, leaving them in the file cabinet of an unlocked office,” said Daniel Weitzner, head of the MIT Cybersecurity and Internet Policy Research Initiative, who coordinated the report. “Keeping keys around makes them more susceptible to compromise.”
Guaranteed access would also inherently make systems more complex, creating a high likelihood of introducing accidental security flaws, the report maintains.
“Given that the new mechanisms may have to be used in secret by law enforcement, it would also be difficult, and perhaps illegal, for programmers to even test how these features operate,” said Weitzner, a former deputy chief technology officer at the White House, in a release.
The researchers insist that an exclusive access point would give devices such as smartphones a “single point of failure.” If nefarious actors discovered this one point, they would get access to everything on the device.
Lawmakers on both sides of the aisle have been sympathetic to these arguments in previous hearings on encryption. FBI officials' testimony, in particular, has not been well received.
Wednesday will give Comey his best chance yet to sway opinions on Capitol Hill. Technologists everywhere are hoping lawmakers won’t be convinced.
“At a time when we are struggling to make the Internet more secure, these proposals would take a step backward by building weakness into our infrastructure,” Weitzner said.
“It’s like leaving your house keys under the doormat: Sure, it may be convenient, but it creates the opportunity for anyone to walk in the door.”