News Stay informed about the latest enterprise technology news and product updates.

Is "responsible encryption" the new answer to "going dark"?

“Three may keep a Secret, if two of them are dead.”

So wrote Benjamin Franklin, in Poor Richard’s Almanack, in 1735. Franklin knew a thing or two about secrets, as well as about cryptography, given his experience as a diplomat for the fledgling United States, and he’s right: a secret shared is a secret exposed.

But it’s 2017 now, and the Department of Justice and the FBI are still hacking away at encryption, and the conversation about encryption and the need for the government to be able to access any and all encrypted data continues to hit the same talking points as when then FBI Director Louis Freeh and Attorney General Janet Reno were pushing them in the 1990s — and, we might imagine, the same arguments could have been offered by King George’s government in the run-up to the Revolutionary War.

FBI Director Christopher Wray and Deputy Attorney General Rod Rosenstein have been taking the latest version of the “strong encryption is bad” show on the road, again, with a new buzzword: “responsible encryption.” While phrasing continues to morph, the outline is the same: the forces of evil are abusing strong encryption and running wild, destroying our civilization.

Some things have changed since the first battles in the crypto wars were waged more than 25 years ago. For example, the FBI and DOJ have listed money launderers and software pirates alongside the terrorists, human traffickers and drug dealers as part of the existential threat posed by unbreakable encryption.

It all boils down to a single question: Should law-abiding citizens be forbidden to defend themselves with encryption so strong that not even a government can break it, just so criminals can be denied it?

Rosenstein makes it clear that any piece of encrypted data subject to a valid court order must be made accessible to law enforcement agencies. “I simply maintain that companies should retain the capability to provide the government unencrypted copies of communications and data stored on devices, when a court orders them to do so,” he said at the 2017 North American International Cyber Summit, in Detroit on October 30.

If the person who encrypted the data chooses not to unlock it, Rosenstein and Wray believe the company that provided the encryption technology must be able to make that data available upon presentation of a warrant.

In the 1990s, the government demanded a key escrow platform through which all encryption could be reversed on demand. The resulting Clipper Chip was a spectacular failure, both technically and politically. And during the 2015 campaign, former FBI Director James Comey promoted the term “going dark” into the conversation.

This time around, we’re offered the concept of “responsible encryption.” This is presumably some form of encryption that includes some (as yet undetermined) mechanism by means of which lawful access is provided to the encrypted data. The phrase itself is not new — it seems to have originated in 1996 Senate testimony by Freeh:

The only acceptable answer that serves all of our societal interests is to foster the use of “socially-responsible” encryption products, products that provide robust encryption, but which also permit timely law enforcement and national security access and decryption pursuant to court order or as otherwise authorized by law.

As for how that might be achieved, well, that’s not the business of the government, Rosenstein now tells us. Speaking in Detroit, he said, “I do not believe that the government should mandate a specific means of ensuring access. The government does not need to micromanage the engineering.”

However, he does seem to think that the answer is not as difficult as the experts would have us believe — and it would not be necessary to resort to back doors, either. Rosenstein said:

“Responsible encryption is effective secure encryption, coupled with access capabilities. We know encryption can include safeguards. For example, there are systems that include central management of security keys and operating system updates; scanning of content, like your e-mails, for advertising purposes; simulcast of messages to multiple destinations at once; and key recovery when a user forgets the password to decrypt a laptop. No one calls any of those functions a “backdoor.” In fact, those very capabilities are marketed and sought out.”

It seems Rosenstein is suggesting these functions — key management, data scanning, “simulcast” of data and key recovery — can each be a part of a “responsible encryption” solution. And since these features have already been deployed individually in commercial products, tech firms need to “nerd harder” and come up with a “responsible encryption” solution by:

  • maintaining a giant key repository database, so all encryption keys are accessible to government agents with court orders — but also secure enough to protect against all unauthorized access
  • scanning all content before it is encrypted, presumably to look for evidence of criminal activity — but hopefully without producing too many false positives
  • “simulcasting” all data, either before it is encrypted or maybe after it is encrypted and the keys are stored for government access — so it can be retrieved or scanned at the government’s leisure
  • deploying “key recovery” for encrypted laptops, but for all laptops, everywhere, and accessible to authorized government agents only

Unfortunately, the answers the government provides can’t make key escrow scalable or secure. There are many, many reasons the law enforcement community’s demand for breakable encryption is not a reasonable (or even practical) solution, but two spring to mind immediately:

  • Key escrow schemes are massively complicated and produce huge new attack surfaces that could, if successfully breached, destroy the world’s economy. And, they would be breached (see Office of Personnel Management, Yahoo, Equifax and others).
  • “Responsible encryption” means law-abiding organizations and people can no longer trust their data. With cryptography backdoored, forget about privacy; there no longer is any way to verify that data has not been altered.

A ban on end to end encryption in commercial tech products will only prevent consumers from enjoying the benefits — it won’t prevent criminals and threat actors from using it.

We shouldn’t be surprised that this or any government is interested in having unfettered, universal access to all encrypted data (subject, of course, to lawful court orders).

However, once we allow the government to legislate weaker encryption, we’re lost. As Franklin wrote in the 1741 edition of Poor Richard’s Almanack:

“If you would keep your secret from an enemy, tell it not to a friend.”

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

There is no need to weaken encryption to assist law enforcement with obtaining cell phone data once they have a lawfully-obtained warrant if cell phones were being designed a little differently.  Allow the data to be sent across the 'air' in encrypted form with no back door.  Us the strongest possible encryption and upgrade it over time.  Do it perfectly so there are no software weaknesses.  All that's needed is a minor design change to the cell phone.

Sooner or later someone will come to Apple pleading to get data from their deceased loved one's phone and Apple's design goal appears to honestly be 'it can't be done without the user's password/pin.'  How would you feel if it were your loved one who died?  What if the CPU in your cell phone died and you haven't backed it up anywhere and you have something really important on your phone?  You can't get your data back.  It does not have to be this way.

Crack open a phone and look at the circuit board.  It's hopeless for a hobbyist to re-use integrated circuits in a cell phone.  They have far too many connections over a miniscule space even if you can see them.  They are multi-layer circuit boards.  You can't drill from the backside to probe one chip without killing other chips or connections.  You need a very expensive, very low production volume machine to remove an integrated circuit if you want any hope of attaching it to another circuit board that would in turn allow you to access the data in the integrated circuit.  Those machines won't fit in a hobbyist's garage, won't fit a wealthy hobbyist's budget and will require more power than most homes can provide.

We're talking about cell phones, not data vaults.  We don't need to prevent an engineer/cryptologist team from 400 years in the future from accessing data on our cell phones.  Keep the data in the cell phone in un-encrypted form on a memory chip that can be removed if you have access to one of those million dollar machines that can remove a chip without damage.  They have to decrypt the data to display it to the user anyway.  Store it unencrypted on a memory or memory management chip. 

Law enforcement can't use data obtained without a warrant.  If the phone were designed this way, they could get the data but they would need a very expensive machine, an operator sufficiently skilled to operate it and a court order.  Your communications would be secure and we can end this debate over encryption.  Without probable cause, law enforcement can't get a warrant.  Why is that not good enough security?

As we discovered last month, even while the FBI was arguing that the only way it could possibly access the San Bernardino shooter's iPhone was with Apple's help, they found a way to gain access without Apple's help.

Nothing about doing information security for complex systems can be considered simple, and for reasons that go far beyond any technical questions of security.

Which agencies, beside the FBI, are given access to this backdoor? Department of Defense? Department of Commerce? State police agencies? How many organizations -- and people -- need this access? 

Which nations get access? What about autocratic countries that are carrying out campaigns of repression? What about corrupt regimes that would use the access to carry out attacks on "enemies of the state"?

How are the people who have access to the backdoor screened to prevent criminal or enemy agents from gaining access? How to screen out unscrupulous individuals who would use such access to spy on their partners or co-workers?

It would be one thing if we'd already solved all the problems involved with making systems secure. But we haven't: every day we find out about more vulnerabilities in systems thought to be safe. Adding more complexity to allow access to a secure system without authorization from the owner just makes it more likely that those systems are no longer protected.

For some time now, I tried to address your questions point-by-point.  That grew beyond four pages.  Then I realized this debate is futile.  I am an engineer, not a debater.

Objective truths can be resolved to almost any desired accuracy.  But in this matter we're dealing with opinions and personal preferences.  Everyone has their own opinion and no opinion is wrong.  That can lead to lively debates that cannot be resolved by facts. 

Your article asked "Is responsible encryption the new answer to "going dark"?"  I offered a different solution.  My solution supports law enforcement while also avoiding any need to weaken encryption of communications.  What I suggested would allow communications to be maximally encrypted while in transit between the source and destination.  In that gap, you cannot be assured of privacy and you can't be certain that what you sent is what the recipient received.  You can't even be certain that the response was sent by the person you were conversing with. 

We both agree that no weakening of encryption is acceptable.  Here's our primary difference:

You want your smart phone to be a data vault impervious to access without the access code(s). 

I want to treat the smart phone like any other object which could be lawfully seized as evidence. 

You're not wrong.  Your preference results in the possibility that the world could be locked out of the phone if something impairs the owner's memory or if he has died.  Their phone could be 'bricked' and data could be wiped as they try in desperation to access their phone.  You could record your own murder with perfect audio and perfect video and then lock law enforcement out of the evidence they need to prosecute your killer.  If that's what you want for your smart-phone, then buy that smart phone. 

The FBI found a way into the cell phone because of one or more defects in a consumer-grade device for which they had a valid need to access and a valid court-order.  They were trying to investigate a person who had committed an act of terror on US soil on behalf of a terrorist organization.  It wasn't even a current generation phone so there was no need to 'spin' that as unbreakable. 

Millions of our tax dollars were spent to access data the FBI had legal right to access for this one smart-phone.  Many thousands of smart-phones across the US are in law enforcement custody with criminal prosecutions made impossible because the phones are secured.  As a tax-payer and law-abiding citizen, I find some discomfort in that.

Perhaps we could offer the public types of designs and allow them to decide.  One allows law enforcement to seize and access un-encrypted data subject to the appropriate lawful warrant.  That phone should provide a tax cut to the owner as we're volunteering to cooperate with law enforcement under the law. 

Those who want the data vault can pay the extra taxes needed for law enforcement to gain the lawful access they need.  I don't want to subsidize that type of phone though we're all required to do so now. 

Law enforcement / Government / Military members who misbehave are subject to the same laws.  The media focuses on people misbehaving because that is what sells advertising.  No one cares that a million police officers neither fired their weapons nor injured a suspect being taken into custody today.  Everyone's focus is on the tiny minority that did.  Not citing the number of 'boring' events can give citizens an unbalanced view of how bad things have become.  Believing things are worse than they are can lead to responses that are not well tethered to reality.

We can't resolve the issue of smart-phone security for the entire world.  All governments control what can be imported into their countries.  A solution that works for us in our environment would be a major step forward.  Let's look at our environment.

US citizens who have not been found guilty of a felony are lawfully allowed to own personal arsenals including weapons with significantly more firepower than elephant guns.  We can legally own tanks, bullet-proof cars and all sorts of aircraft.  If you want something that would make Dirty Harry cry, contact SSK Hand Cannons for guns that can kill anything that ever walked on Earth with one shot.  We can buy rifles that fire 50 caliber Browning machine gun rounds legally and even bigger stuff than that, all legally.  You could kill with one shot a T-Rex even if it had body armor and you would not even have to let it get particularly close to you.  Those legal weapons are lethal at hundreds of yards distance even if they hit the most protective part of body armor.  We can make or purchase any quantity of gun powder or ammunition in any caliber we want. 

If we want to be quiet about it, knives, swords, axes and any tool ever made are legal to purchase and own without limits to quantity.  We're also allowed body armor. 

Our environment includes a very powerful monitoring group from whom nothing can be hidden for long.  Our news media and journalists are allowed to publish freely and they are rewarded for discovering misbehavior.  The longer misbehavior is hidden, the harder they work to uncover it.  As a member of those groups, I thank you for helping to maintain our freedom at the highest level in the entire world and I hope that you continue to act as a guardian of our freedom.   

Within our environment, our freedoms cannot be easily trampled upon by any Government or military including our own for as long as we remain within our country's borders where those laws have effect. In our environment, I don't feel that I need a smart phone data vault.  But's that is only my opinion.