Efforts to Limit Encryption Are Bad for Security
By Bruce Schneier
October 1, 2001
In the wake of the devastating attacks on New York's World Trade Center and the Pentagon, Sen. Judd Gregg (R-N.H.), with backing from other high- ranking government officials, quickly seized the opportunity to propose limits on strong encryption and "key-escrow" systems that insure government access. This is a bad move because it will do little to thwart terrorist activities and it will also reduce the security of our critical infrastructure.
As more and more of our nation's critical infrastructure goes digital, cryptography is more important than ever. We need all the digital security we can get; the government shouldn't be doing things that actually reduce it. We've been through these arguments before, but legislators seem to have short memories. Here's why trying to limit cryptography is bad for e-business:
- You can't limit the spread of cryptography. Cryptography is mathematics, and you can't ban mathematics. All you can ban is a set of products that use mathematics, and that's very different. You might be able to control cryptography products in a handful of industrial countries, but that's not enough to keep them out of the hands of the bad guys. Any terrorist organization with a modicum of skill can write its own cryptography software.
- Cryptography is one of the best security tools that protects our electronic world from eavesdropping, unauthorized access, meddling and denial of service. Sure, by controlling the spread of cryptography you might be able to prevent some terrorist groups from using the technology. But you'll also prevent all the good guys from using it while the terrorists get their hands on it elsewhere. We've got a lot of electronic infrastructure to protect, and we need all the cryptography we can get our hands on. If anything, we need to make strong cryptography more available if companies are going to continue to put our nation's critical infrastructure online.
- Key escrow doesn't work. The bad guys won't use it, and it will significantly reduce the level of protection the good guys who do use it enjoy. All key-escrow systems require the existence of a highly sensitive and highly available secret key or collection of keys that must be maintained in a secure manner over an extended time period. These systems must make decryption information quickly accessible to law enforcement agencies without notice to the key owners.
Does anyone really think we can build this kind of system securely? We can't build a secure operating system, let alone a secure computer and secure network. As attractive as it sounds, building a workable key-escrow system is difficult and expensive for most applications and users. Additionally, stockpiling keys in one place is a huge risk just waiting for attack or abuse.
Granted, the recent tragic events have convinced a lot of people that we live in dangerous times and that we need more security. They're right; security has been dangerously lax in many areas of our society. As more of our society goes digital, cryptography has a role to play in increasing our security. But we need to recognize it as part of the solution, not as part of the problem.
earlier essay: The Real Lesson of Code Red: Insecurity Is a Way of Life
later essay: Protecting Privacy and Liberty
categories: Computer and Information Security, Laws and Regulations, National Security Policy
back to Essays and Op Eds
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..