Crypto Crisis: Fear over Freedom

Yesterday, President Obama spoke at SXSW on topics including the oft-discussed fight between Apple and the FBI – what he called for, while more thoughtful than some of the other comments that we have been hearing from Washington, was still tragically misinformed. He repeated the call for a compromise, and by compromise, he meant backdoors.

Here, I feel I must paraphrase one of my favorite authors to properly express the magnitude of what’s being discussed here:

Tell me, ‘friend’, when did the United States abandon reason for madness?!

Cryptography is critical is every aspect of modern life – from shopping to protecting national secrets, from medical devices to the phones that diplomats use, from your home router to the infrastructure that powers global communication. Cryptography is ubiquitous and essential to keep everything from foreign powers to bored teenagers from wreaking unimaginable havoc. And world leaders are proposing that we replace real security with a TSA-style show that looks secure, but isn’t actually effective (beyond providing a false sense of security).

Mr. President

In one simple statement, he made his position perfectly clear:

[T]here has to be some concession to the need to be able get into that information somehow.

This is, quite honestly, a binary issue, a backdoor is present or it isn’t – there’s no partial backdoor, there is no technology that only allows access to the backdoor if there’s a court order, there’s no technology to ensure that the backdoor isn’t abused. You have a backdoor, or you don’t. That simple.

He did acknowledge some of the issues here:

So we’re concerned about privacy. We don’t want government to be looking through everybody’s phones willy-nilly, without any kind of oversight or probable cause or a clear sense that it’s targeted who might be a wrongdoer.

What makes it even more complicated is that we also want really strong encryption. Because part of us preventing terrorism or preventing people from disrupting the financial system or our air traffic control system or a whole other set of systems that are increasingly digitalized is that hackers, state or non-state, can just get in there and mess them up.

It’s good that he understands that strong cryptography is critical, but that doesn’t stop him from saying that backdoors must be added. Like so many that aren’t familiar with how these technologies actually work, he is hoping that some new value between True and False will be found – that you can somehow have a backdoor, but control it. Unfortunately for him, or perhaps for everyone if he gets his way, there is no ItDepends value sitting between those two.

There is some sign that he has heard the reality of the situation, and states it fairly clearly:

Now, what folks who are on the encryption side will argue, is that any key, whatsoever, even if it starts off as just being directed at one device, could end up being used on every device. That’s just the nature of these systems. That is a technical question. I am not a software engineer. It is, I think, technically true […]

This should have been the end of the discussion, if you add a backdoor, it can be abused. But it wasn’t. He acknowledges that the kind of magical backdoor that the government wants isn’t possible, and then goes on to repeat that there has to be compromise, there has to be a way for the government to access data, there has to be backdoors:

My conclusions so far is that you cannot take an absolutist view on this. So if your argument is “strong encryption no matter what, and we can and should in fact create black boxes,” that, I think, does not strike the kind of balance that we have lived with for 200, 300 years. And it’s fetishizing our phones above every other value. And that can’t be the right answer.

Looking forward…

Let us assume for a moment that the US Government gets what it wants, what does that mean, how does that impact the US and the rest of the world?

We are being watched.

From the beginning of the case, officials from other governments have chimed in to support the FBI – it’s clear that governments around the globe are waiting to see what happens here. Apple has offices in several countries, it is not only possible, but likely that they would serve Apple with sealed orders to provide them with access to the backdoor, for their own use.

Based on the same decision, Microsoft could be forced to add a backdoor to BitLocker, to allow government access to encrypted desktops and laptops. If you want to actually encrypt your device, there’s always VeraCrypt (they are based in France, so maybe not). This also raises serious questions around things like LUKS – could US-based developers even be allowed to contribute to it?

Economic impact.

If backdoors are mandated, it would become impossible to recommend any product made by a company with offices in the US – to do so would be unethical, as the security would be known to be compromised. For any organization that is interested in the security of their systems, the logical option would be to look for solutions in other parts of the world, avoiding anything coming from the US. This leads to a very unfortunate outcome – to remain competitive globally, it would be in the best interest of US-based technology companies to move their offices out of the country.

Unknown threats.

There aren’t many people who are able to build effective backdoors; the crypto community is fairly small, and only a small percentage of that group is capable of building a backdoor that wouldn’t be an immediate disaster (though still likely a disaster in the long-term). This leads to two possible outcomes:

  • Backdoors are built by people who don’t know what they are doing, and open systems immediately to attackers.
  • Backdoors are contracted out to a very small number of consulting firms, making them a huge target for attacks.

Either way, what you have is a situation where you, as a consumer, or a corporate buyer, a consultant, etc. have no idea about any of these:

  • How well was the backdoor designed? Is it only obscurity that protects it? Will it be broken once reviewed by the crypto community?
  • How is access to the backdoor restricted?
  • How many people have access? The developers could have maintained copies, an employee could have walked out with a copy before being fired, an attacker could have targeted the developers to steal a copy – this goes on and on.
  • How many organizations have access? If a consultant was brought in to develop the backdoor, did they keep a copy?
  • How many governments have access? The reasonable assumption would have to be that every country that the company has offices in, has requested a copy.

I suspect that the answer is going to come down to how do we create a system where the encryption is as strong as possible. The key is as secure as possible. It is accessible by the smallest number of people possible for a subset of issues that we agree are important.

Secure as possible, except against the unknown list of people and various governments that have access to the backdoor. That isn’t security, and isn’t in the long-term interest of anyone.