White House Floats Idea Of Crypto Backdoor... If The Key Is Broken Into Multiple Pieces

from the crossing-the-threshold dept

Recently, the head of the National Security Agency provided a rare hint of what some U.S. officials think might be a technical solution. Why not, said Adm. Michael S. Rogers, require technology companies to create a digital key that could open any smartphone or other locked device to obtain text messages or photos, but divide the key into pieces so that no one person or agency alone could decide to use it?



“I don’t want a back door,” said Rogers, the director of the nation’s top electronic spy agency during a speech at Princeton University, using a tech industry term for covert measures to bypass device security. “I want a front door. And I want the front door to have multiple locks. Big locks.”

“The basic question is, is it possible to design a completely secure system” to hold a master key available to the U.S. government but not adversaries, said Donna Dodson, chief cybersecurity advisor at the Commerce Department’s National Institute of Standards and Technologies. “There’s no way to do this where you don’t have unintentional vulnerabilities.”

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

It's no secret that some in the law enforcement and intelligence communities are hell bent on stopping encryption from being widely deployed to protect your data. They've made it 100% clear that they want backdoors into any encryption scheme. But when actual security folks press government officials on how they're going to do this without undermining people's own security and privacy, we get a lot of bureaucratic gobbledygook in response. Either that or magical fairy thinking about golden keys that basically any security expert will tell you are impossible without weakening security.Not surprisingly, the law enforcement and intelligence communities are not giving up yet. The latest is that the White House appears to be floating a proposal to setup a backdoor to encryption that requires multi-party keys . That is, rather than just having a single key that can decrypt the content, it would require multiple parties with "pieces" of the "key" to come together to unlock it:Of course, this proposal is nothing new. As Declan McCullagh points out, during the first "Crypto Wars" of the 1990s, the NSA proposed the same sort of thing with two parties holding parts of the escrow key. It was a dumb idea then and it's a dumb idea now.Thebeing floated here is that by setting up such a system, it's less open toby government/law enforcement/intelligence communities. And maybe that's true. It makes itless likely to be abused by the government.it can still be abused quite a bit. It's not like we haven't seen multiple government agencies team up to do nefarious things in the past, or even federal officials and private companies. Hell, just look at the recent discussions about the DEA's phone records surveillance program , where the DEA later teamed up with the NSA. And, also, that program required the more or less voluntary cooperation of telcos. So the idea that the requirement of multiple parties somehow lessens the risk seems like a stretch.But, even if it actually did reduce the risk of direct abuse, it doesn't get anywhere near thewith this approach. If you're building in a back door,that others will eventually be able to exploit. You are flat out weakening the system -- whether or not you split up the key. You're still exposing the data to those with nefarious intent by weakening the overall system.Thankfully, at least some in the government seem to recognize this:So, now the questions is if the White House will actually listen to the cybersecurity experts at NIST -- or the people who want to undermine cybersecurity at the NSA and the FBI?

Filed Under: backdoors, crypto, cryptowars, encryption, key escrow, mobile encryption, multiple piece, nist, nsa, threshold