Alternatives to Government-Mandated Encryption Backdoors

Policy essay: "Encryption Substitutes," by Andrew Keane Woods:

In this short essay, I make a few simple assumptions that bear mentioning at the outset. First, I assume that governments have good and legitimate reasons for getting access to personal data. These include things like controlling crime, fighting terrorism, and regulating territorial borders. Second, I assume that people have a right to expect privacy in their personal data. Therefore, policymakers should seek to satisfy both law enforcement and privacy concerns without unduly burdening one or the other. Of course, much of the debate over government access to data is about how to respect both of these assumptions. Different actors will make different trade-offs. My aim in this short essay is merely to show that regardless of where one draws this line -- whether one is more concerned with ensuring privacy of personal information or ensuring that the government has access to crucial evidence -- it would be shortsighted and counterproductive to draw that line with regard to one particular privacy technique and without regard to possible substitutes. The first part of the paper briefly characterizes the encryption debate two ways: first, as it is typically discussed, in stark, uncompromising terms; and second, as a subset of a broader problem. The second part summarizes several avenues available to law enforcement and intelligence agencies seeking access to data. The third part outlines the alternative avenues available to privacy-seekers. The availability of substitutes is relevant to the regulators but also to the regulated. If the encryption debate is one tool in a game of cat and mouse, the cat has other tools at his disposal to catch the mouse -- and the mouse has other tools to evade the cat. The fourth part offers some initial thoughts on implications for the privacy debate.

Blog post.

Posted on July 25, 2017 at 6:52 AM • 33 Comments

Comments

CallMeLateForSupperJuly 25, 2017 8:27 AM

@All
Be Advised. The linked article looks ugly on my Firefox. Occasionally 203 words run over each other and are partially rendered in BOLD. One must squint and separate words, then re-read the sentence.

Tried d/l article. No joy; JavaScript required.

Gentleman's CJuly 25, 2017 8:36 AM

For a human rights scholar, Woods scopes his premise in an odd way. When Woods decides to set privacy against law enforcement he obscures an important distinction between two legal rights: freedom from privacy interference, ICCPR Article 17, and freedom from compelled testimony or confession, Article 14(g). If the state targets you for criminal investigation, you're not just defending your privacy anymore, you're resisting forced confession.

At this point, 'back door' coercion or sabotage of trusted service providers is the least of your problems. The urgent human rights issue is what DoJ calls compulsion: the state will do anything and everything, including physical torture, (for example by withholding or impeding medical treatment as in Afghanistan or the Boston Marathon Bombing investigation,) or mental torture by the threat of cruelly disproportionate sentences (euphemistically termed 'plea bargaining,') or arbitrary indefinite detention under color of contempt of court sanctions (as in Case 2:15-mj-00850-LFR.)

Woods is falling for that old Comey ploy, diverting his attention to privacy interference when the crucial issue is arbitrary compulsion asserted as state prerogative by internal security forces with no legislative authorization (like FBI, CIA, and NSA.) This is not cat and mouse, it's humans who need to be protected from overreaching states.

psychoJuly 25, 2017 8:41 AM

"First, I assume that governments have good and legitimate reasons for getting access to personal data."

...OK, I stopped reading right there.

David HessJuly 25, 2017 9:06 AM

Article unreadable and not downloadable. Why bother linking anything at scribd.com?

OldFishJuly 25, 2017 10:16 AM

Abrogation of one's 5th Ammendment rights is as police state as it gets. The option of invoking that right is removed before the need is evident. Evil is the correct term. Pure evil.

vas pupJuly 25, 2017 10:40 AM

@all - something good on encryption in China and related to the subject I guess

http://www.bbc.com/news/world-asia-40565722

'Unhackable' communication
If you send a message you want to keep secure from eavesdroppers, traditional encryption works by hiding the key needed to read the message in a very difficult mathematical problem.
But what is "difficult" in terms of maths? It means you have to think really fast to figure it out as you try endless combinations of long, numeric keys. In 2017, that means you need to use a very powerful computer
Steady improvements in computer power mean that the number-based keys have to be lengthened periodically. Encryption has a shelf life and is rapidly becoming more vulnerable.
There are also fears that the development of quantum computers, which effectively represent a massive step change in number crunching ability, will render much of modern encryption software vulnerable.
Quantum communication works differently:
 If you want to send your secure message, you first separately send a key embedded in particles of light
 Only then do you send your encrypted message and the receiver will be able to read it with the help of the key sent beforehand
The crucial advantage of this so-called quantum key distribution is that if anyone tries to intercept the light particles, they necessarily alter or destroy them.


What this means is that any attempt at hacking will immediately be noticed by the original sender and the intended receiver - hence its description as "unhackable".

Leaving the West behind
If quantum communication can help to secure online communications, why is China so far ahead?
"For a long time people simply didn't think it was needed," says Prof Myungshik Kim of Imperial College, London, adding that it was not clear whether there was a commercial market for this technology.
"The mathematical difficulty of the current coding system was so high that it was not thought necessary to implement the new technology," he says.
The research itself is not new and China does not have an edge over the competition. Where it does have an advantage is when it comes to applications.
"Europe has simply missed the boat," says Prof Anton Zeilinger, a quantum physicist at Vienna University in Austria and a pioneer in the field.
He says he tried to convince the EU as early as 2004 to fund more quantum-based projects but it had little effect.
"Europe has been dragging its feet and this has hindered us from being able to compete," he says.
There are quantum key-based networks operating in the US and Europe but most are being carried out as research projects, rather than with commercial partners.

"We have to admit that when China invests into something, they have the financial power and manpower that is beyond probably anything else in the world except the US military," says Valerio Scarani, a physicist with Centre for Quantum Technologies at the National University of Singapore.[!!!!]
Last year, it [China] launched a satellite equipped to test quantum communication over large distances that cannot be bridged by cables. There has also been a link established between the country's two main hubs, Beijing and Shanghai, so both ends can communicate and know when others are listening in.

DanielJuly 25, 2017 11:02 AM

@Gentleman's C

An excellent point regarding compulsion. There is another point that needs to be taken into account which is that not all alternatives to backdoors are created equal. @Bruce has claimed more than once that what the FBI needs is not backdoors but expertise. The problem is that expertise is inefficient and scales poorly. This means that expertise is costly. The difficulty with imposing such costs is that the people who have to bear such costs resent it. The harsh truth is that expertise is inefficient compared to backdoors.

So it is beyond to fact that "the state will do anything and everything" it is that the state will always seek what it perceives to be the most efficient and most convenient solution. The poster child for this truth is the current state of the 4th Amendment in America. Superficially it requires the government to only engage in "reasonable searches" but over the years courts have invented all sorts of silly doctrines so in order not to put cost barriers in the state's way. "Reasonable" in American privacy law is inseparable from law enforcement financial efficiency.

So every time someone like @Bruce babbles on about "expertise" what the FBI hears is: "you are gonna have to do with catching less criminals." It can't come as any shock that law enforcement is not going to accept such assertions quietly given that their fundamental mandate is to catch as many crooks as possible as cheaply as possible.

PhJuly 25, 2017 11:07 AM

I was thoroughly unimpressed by his essay.
He is just stating the obvious, no surprises.
If he would have spend a bit (more) reading this blog he would have a lot more to add.

EtienneJuly 25, 2017 12:05 PM

Wow, that web page is a convoluted, link-fest.

I mean, they really want your information. The only way you can download the article is if you sell them your first born child.

Otherwise it is a java script, front-end to get your internet information.

Avoid.

Ross SniderJuly 25, 2017 12:23 PM

Or you know, your data could only be subject to collection if you are under a criminal investigation. That seems like a nice line to draw. It's the line our country's entire legal system is based on.

RhysJuly 25, 2017 12:46 PM

Without some focus or structure, Woods' meandering of principles of human rights (privacy) and security tools doesn't lead to any satisfying conclusion. Muddies the water, IMHO.

How many have attempted the study of ancient texts defining, what is transcribed to our modern English, as privacy?

Not just in Aramaic speaking cultures but, in China- the focus was on the preservation of "solitude".

Encryption is just a tool. Not the only tool. Only a small sampling of tools which is visited in Woods' essay.

Tools and techniques will only accelerate leaving the expectation of persistent surveillance unsatisfied. Adapt, improvise, overcome is in our nature, our dialogue- is it not?

It's a technophobic bureaucrat who would postulate that surreptitious access via any vehicle, backdoors cited here, would be trustworthy, reliable, and unmonitored.

Government is a "tool" of society. Some use a Government of laws vs of men. Again, not the only tools.

The issue being skirted by Woods' is- where, and what, is the boundary between the 'solitude' of the individual and the accountability for tolerable social interaction?

When is dissent, or any orthogonal viewpoint, "intolerable"? At the point of action? Or at the point of postulation? To prove "intent", to increase the penalty- can any veil be penetrated and all cigar boxes emptied of elephants?

Lincoln had one standard- Bush/Ashcroft had quite another.

Not every Government, even in the US has matching lines of delineation.

The conflict of interest, by design, between the interests of a civil society and the maintenance of the privacy of the individual has never been immutable.

Efficiency vs effectivity has been a long standing trade, too. Efficiency seems also to decay into very myopic bounding. To serve the narrow interests of a tactical agenda.

Concurrently is the assumption that prosecution leads to justice. (It was, after all, a foundational principle of the American Revolution.)

Some articulated that it was better for "society" that some guilty escaping justice at the cost of one innocent wrongly made to suffer was a threshold. {English jurist William Blackstone in his seminal work, Commentaries on the Laws of England, published in the 1760s}

The solutions are not as simple as Government officials attempt to sell to its constituents. The response by many constituents is then to expect benevolent intervention, such as experienced within the atomic family unit, then projected onto their officials. Leading to continual disappointment and disillusionment.

Adults should know, "you can't go home again". (T. Wolfe/ Ella Winter)

Richmond2000July 25, 2017 12:58 PM

the article missed a MAJOR issue for the evaluation of the "alternatives"
and that is unauthorized 3RD party access
the iPhone "issue" option one bruteforce the device option 2
the option 1 is HARD for a 3RD party to do and "safer" for society at large
option 2 involves LARGE social risk including creating NEW crime vectors

John CampbellJuly 25, 2017 3:01 PM

Admittedly, seeing:

"First, I assume that governments have good and legitimate reasons for getting access to personal data. These include things like controlling crime, fighting terrorism, and regulating territorial borders."

kind of makes me break out in hives.

I may be incredibly naive, here, but... Any "real" crimes will have effects OUTSIDE OF A COMPUTER. Even the exchange of kiddie porn requires either a communications channel or a physical hand-off of media that can, if an investigator is willing, be followed and/or traced.

Perhaps the sentence should be re-phrased as:

"First, I assume that governments have an interest in being able to peruse the contents of all as-yet-unindicted subjects' computers in order to catch them while just _thinking_ about commiting a crime, be it terrorism, espionage or money laundering."

The basic problem is the idea we are being seen as subjects rather than citizens.

John CampbellJuly 25, 2017 3:07 PM

Y'know, if the _government_ provided all of the computers (paid for via taxes) we use (issued to each person with appropriate authentication and authorization) and there was no non-governmental computing equipment available for purchase, you can argue that we're all transparent to the government's oversight.

I'm not sure, but, really, would EVERYONE, including those at the top of the financial food-chain, accept this transparency? Where the government has their systems working to discover criminal schemes?

Who do any of us trust? Can any of us, as individuals, trust, especially TODAY, *ANY* portion of the US Government?

VJuly 25, 2017 3:12 PM

I'll continue to discuss the issue in stark, uncompromising terms, thank you very much.

J.D. KUBARK U.July 25, 2017 5:07 PM

This paper shows how Ivy League indoctrination works. First the paper distorts the security issue as a strawman conflict with government-issue boilerplate: privacy absolutists versus law enforcement. Then the paper purports to mediate the reductive artificial conflict it sets up. It's a rehash of the standard statist 'balance the objectives' crap.

Relax, he says, the state can get what it wants in other ways. This of course is tacit approval of the current US policy of duplicity maintained by state secrets: methods of illegal warfare like espionage and sabotage, directed against the domestic population. Then pass the fruit of the poisoned tree to internal security forces in denial of your rights of trial.

In this loony INGSOC, US officials can carry on with their sabotage of critical shared global infrastructure:

The way NSA sabotaged encryption tools by tampering with Dual_EC_DRBG;

The way NSA sabotaged isolation infrastructure with FLASK,

http://invisiblethingslab.com/resources/bh08/part2-full.pdf

slipping a pernicious security module into Xen and suppressing a patch by omitting any reference to security;

The way CIA sabotaged the products of US firms like Apple, Cisco, IBM, and Dell in defiance of the federal law explicitly denying them internal security functions.

https://our.wikileaks.org/Identifying_Hacking_Targets_of_CIA

This paper is beltway hackwork by a fake human rights expert.

ThothJuly 25, 2017 7:39 PM

@all

What many debates of civilian usage of encryption, exceptional access and backdoors have mostly failed to debate about is the what-ifs and fallout effect of creation of access methods or hoarding of access methods and this gives rise to things like the Petya virus family derived from NSA's tools.

If some developer or companies creates certain means of access or weaknesses, the debate simply stops at "it breaks security" and doesn't go further as it seems intuitive and obvious enough that weaknesses and special access methods would weaken or even break security but the effects are never discussed.

What the politicos do not consider in their quest for more power to subvert societies is the fact that software codes and hardware are now of dual-use nature where the Government and people will highly likely use the same devices and software.

Governments will still use Linux and Microsoft OSes and they will still use AES encryption and OpenSSL library or some COTS crypto library.

Are there a risk of creating exceptional access mechanisms or weakening or removing of crypto going to backfire on themselves as they are highly reliant on COTS and outsourced contrscts which will inevitably use some COTS product which will have these deliberately inserted weakened or non-existing security mechanisms.

That is the other not so well known aspect that arises and the current outbreak of Petya family of ransomware that also ravages Government systems of many countries which ironically the original form of Petya is a Government hacking tool by NSA is a very real threat.

Arguments against backdoors, frontdoors, exceptional access and such has to be framed in the structure and take into consideration the fallout effects of these measures that will come back and haunt those who created these backdoors, frontdoors and whatever it is called.

There is also the case relating to precedent and what if every country or Government seeks their own backdoors in the products (which is more commonly discussed but not enough effort to push the point).

Another issue that is not sufficiently discussed in the public is the possibility that allowing a single targetted surveillance and targetted exceptional access might give rise to additional demains for mass surveillance and mass exceptional mass in realtime for thoughtcrime. One real life example is the current hypocrisy of Europe which prides itself to be the standard of privacy and security (with special note to Germany) and now it reverts closer to authoritarian measures seeking to quell the so-called hate speech which is essentially a step closer to the authoritarian practices of authoritarian Governments. The Europe (especially Germany) which prides itself have fallen to such an extend and same goes for USA :) .

The once highly respected ITSecurity Made in Germany label that used to be a coverted label on German ITSec products does not hold the same value anymore and as per usual, these German Golden Stickers does not really proof high assurance security anyway and now with such changes in the political climates in Europe and Germany, it is better to buy the products from China as they are catching up in the technological level :) .

I would like to congratulate USA and EU for their downward spiral in their standards of privacy, freedom and personal security to become that of Asia, China, Singapore, Southeast Asia, North Korea et. al. whom are well known for very low scores or even non-existant scores regarding personal privacy, security and freedom.

The debate on exceptional access and backdoors are still flawed and insufficient and for now no compromises on security must ever be made to disallow precedence.

ThothJuly 25, 2017 7:54 PM

@all

What if China and Russia were to subpoena Microsoft et. al. for US and Israeli former and currenr Intel and BlackOps chiefs' information to charge them for mass hacking of Chinese and Russian information systems and meddling in affairs of Chinese and Russian domestic and foreign affairs, will Microsoft et. al. provide such special access :) ?

ThothJuly 25, 2017 8:43 PM

@all

Now that Comey have been fired by Trump due to the Russia investigation, it is most likely that Trump would allocate lots of surveillance resources against Comey to ensure "things don't leak out". Those surveillance resources would highly likely include assets and knowledge that Comey have helped pushed and managed and now that the hunter becomes the hunted, those surveillance, exceptional access, hacking tools and other assets he might have helped to equip the agency with would highly likely be used against him.

I wonder if he would eat back his words on what he said when he was then a FBI director and now he is an extremely high value civilian target who have some sort of knowledge of the Russia investigation.

Clive RobinsonJuly 25, 2017 10:59 PM

@ John Campbell,

The basic problem is the idea we are being seen as subjects rather than citizens.

Err no. There are a number of nations with monarchs as heads of state. In many the citizens enjoy rather more democracy than those of Republics with self serving politicos / tyrants as heads of state.

I suspect what you mean is not "subjects" but the lower orders bound in tutelage by a feudal system, known as "serfs" they were in quite a number of respects considerably worse off than slaves.

Our host @Bruce has passed comment on this in the past. Others have noted how corporations are using political lobbying to get what is effectively "serfdom" by the "backdoor" by having various forms of unjustified "Rent seeking" activities enshrined in legislation in the pretence of "Rights holding on Intellectual Property (IP)". especially where the IP rights havr been obtained by coercion or cartel behaviour (see academic research publishing both in the forms of "research papers" and "books" as but one example).

ShavedMyWhiskersJuly 26, 2017 1:05 AM

Interesting... the premis is jarring.
Two issues are missed in the discussion.
*) consequences.
*) parallel reconstruction.
Should we shred data transfer encryption to catch a "criminal" would that loss of encryption cause greater loss. It is important to enumerate the specific reasons for data security. A key need is commerce and trade, i.e. Payments. The foundations of iTunes, iPay, Amazon, on line banking all demand a sufficiently secure platform like the iPhone. The consequences of universal disabling of device security would be hard to calculate. Taxes are paid on line, so the entire US tax base would be one of many line items. And one should toss in votor fraud on a national scale. Consequences was at the heart of Apple's posture. The court was demanding a lot of Apple, Apples customers and stock holders.

Second..
Parallel reconstruction is enabled by wholesale shredding of privacy. Sufficiently enabled anyone could be charged, tried and convicted of something criminal and have no defense. The prosecutor could craft a story that none can dispute with facts privately known to the accused because there is no privacy. This is obvious once a person understands that a court is a contest between two story tellers. Movie makers understand continuity and blunders are caught as lies. Parallel reconstruction uses data to eliminate discernible flaws in the case. Prosecutors work to have jurors suspend critical thinking at times and believe or disbelieve evidence or a witness.

Back to the first ... digital content could be planted on any compromised device and apparently has been (Geek Squad style). Such hacking could compromize anyone as there are no footprints left when a forensic evidence tool is used to plant evidence. Most machines can be hacked so the evidence they seek seems as if it is not sustainable. News at 11.

ChuckbJuly 26, 2017 6:07 AM

The policy implications of the essay are characterized well in the Conclusion:
1. The analysis is wrong,
2. There are no implications for policy.

Suspected subverterJuly 26, 2017 8:38 AM

Only when Unit 61398 will become notorious enough will US politicians start realizing the issue. Today, under NSA's hegemony, the perspective of staying in power by leveraging mass surveillance might seem appealing. However, when all their dirty secrets will start leaking through the state-required backdoors (or front doors with golden keys, anti-terrorism gates or whatever you call it), they'll suddenly take a stance for encryption.
The only thing I can hope for is that a "Chinese Snowden" leaks some slides about their ability to easily penetrate AMT, along with some example files from US lawmakers' laptops. Otherwise, we'll stick to this "nothing to hide" mentality.

Chairman MaoJuly 26, 2017 1:22 PM

@ Clive , @ Campbell

I suspect what you mean is not "subjects" but the lower orders bound in tutelage by a feudal system, known as "serfs" they were in quite a number of respects considerably worse off than slaves.

Like "tenant" in a "Cloud" system.

Our host @Bruce has passed comment on this in the past. Others have noted how corporations are using political lobbying to get what is effectively "serfdom" by the "backdoor" by having various forms of unjustified "Rent seeking" activities enshrined in legislation in the pretence of "Rights holding on Intellectual Property (IP)". especially where the IP rights havr been obtained by coercion or cartel behaviour (see academic research publishing both in the forms of "research papers" and "books" as but one example).

Like "tenant" in an IBM, Google, Apple, or Microsoft Cloud:

1) Slaves have no right to withhold property from their owners.
2) Slaves have no right to privacy. (Encryption)
2) Slaves have no right to defend themselves. (Keep and bear arms).
3) And, in addition, "the rent" in Spanish legal system is called "rentistas." In English/American common law, it's known as "peonage."

Slaves don't pay rent. (Worse)

Slaves are not allowed to encrypt, either.

Slaveowners are legally allowed to enter their slaves' bedrooms whenever they want.

What we now have is the blending of slavery with peonage.


TheloniousJuly 27, 2017 5:07 AM

Wannacry is only the begining. History will teach us in the future many valuable lessons about theses issues that are just now emerging, for instance when large amount of personal data held by a coorporation or a goverment is used to target a particular group of civilians in a war context. Or when AI engines attack networks and terminals using goverment enabled backdoors and weaken networks. Snowden revelations only confirms that the first aim of any form of goverment, even democratic ones, is to reach omnipotent control of population by any means. Computer power and compromised digital networks are the means of that control, and these means evolve at exponential rates, which is a key point IMO. Soon goverment will have real time surveillance of any public space and will use that as evidence against anybody, anytime. Our old laws are not made to confront this powerful mass surveillance tools. The only lines of defense we have are anonymity, noise and encryption. Only when personal data held under encryption is considered as an extension of our personal thoughts, then this debate starts to make some sense.

DroneJuly 27, 2017 6:44 AM

The essay is barking up the wrong tree. The title should read:

"Alternatives to Governments that Mandate Encryption Backdoors"

beleesterJuly 31, 2017 10:56 AM

@John Campbell: "I may be incredibly naive, here, but... Any "real" crimes will have effects OUTSIDE OF A COMPUTER. Even the exchange of kiddie porn requires either a communications channel or a physical hand-off of media that can, if an investigator is willing, be followed and/or traced."

How can the investigator follow that communications channel without reading the information communicated within it? How do they know that they even need to follow it, without the digital evidence?

Also, there's a difference between "there is a non-computer action that someone could see if they were in the room at the time" and "there is a non-computer action that a police investigator could reliably find with the resources available to them."

Here's a concrete example - there's a terrorist group, consisting of a bomb-maker and a couple of bombers. The bomber plants the bomb and blows something up, but we catch him afterwards. This is a pretty common scenario - terrorist cells are hard to find, and you won't catch all of them before they succeed. So, now that you have the bomber locked up, how do you find the bomb-maker, and any other bombers who are preparing?

The answer isn't "find the physical contact between the bomber and his supplier." Because that connection happened in the past, and you don't have a time machine. And now that the bomber's in jail, nobody's going to give him a second bomb. And he's a low-level flunky, he doesn't know the bomber's real name or address.

A better option would be to look at past records of his actions, such as the bomber's email and phone contacts, or CCTV recordings of his movements. And then you could say "Hey, the bomber was talking to this guy a lot, I wonder if he's the bomb-maker?", get a search warrant, and see if he has a second bomb in his apartment.

Yes, in the end, they find the bomb-maker by physical evidence. But they wouldn't have known where to look in the first place without the digital records. That's the key insight you're missing - just because something leaves a physical trace doesn't mean that investigators can always find it.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.