Home / Blogs

Officially Compromised Privacy

The essence of information privacy is control over disclosure. Whoever is responsible for the information is supposed to be able to decide who sees it. If a society values privacy, it needs to ensure that there are reasonable protections possible against disclosure to those not authorized by the information’s owner.

In the online world, an essential technical component for this assurance is encryption. If the encryption that is deployed permits disclosure to those who were not authorized by the information’s owner, there should be serious concern about the degree of privacy that is meaningfully possible. Potentially competing with an owner’s need for privacy are the legitimate investigation needs of law enforcement. Hence the current debate engendered by calls for “extraordinary access”—that is, the requirement for a backdoor to encrypted data.

When those making such calls are powerful government officials, effective opposition to them takes skill, credibility and gumption. In that regard, publication of “Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications” was an especially noteworthy event, both for its content and for its remarkable list of authors—all fifteen of them, representing three generations of senior security technical expertise, who offered careful explanations of the unavoidable technical and operational problems that are produced by any attempt to embed secondary, “exceptional” access to encrypted content.

In recognition of their singular effort and accomplishment, the authors were recently honored with the 2015 J.D. Falk Award from the Messaging Malware Mobile Anti-Abuse Working Group (M3AAWG). The award is given “recognizing a particularly meritorious project undertaken by a dedicated individual or group reflecting the spirit of volunteerism and community building.” It should be noted that the M3AAWG membership was enthusiastic about this award to the authors, in spite of the fact that pervasive encryption makes the work of M3AAWG members more difficult—encryption blocks some anti-abuse techniques.

The award event resulted in production of three videos discussing the content of the paper, the process of producing it, and its role in the public policy debate over exceptional access:

The essential concerns raised by the report’s authors are listed in its Executive Summary, noting that exceptional access would:

  • Force a U-turn from the best practices now being deployed to make the Internet more secure
  • Substantially increase system complexity and thereby increase risk
  • Create concentrated targets that could attract bad actors

The report was initially instrumental in altering public discussion about governmental exceptional access and in the plans for pursuing it. However some officials continue to press vigorously for this capability, although they do not detail the specifics they are seeking, and they do not address the basic technical and jurisdictional problems with such a capability. On the technical side, the assessment by the report’s fifteen experts is that the technical community simply does not know how to provide exceptional access in a manner that is sufficiently reliable and constrained.

Some government officials dismiss the aggregate expertise embodied in the report’s authors and instead say that technicians merely need to try harder. Given the many and continuing major breeches of government and private online systems and the documentation of unconstrained access already obtained through various persistent monitoring programs, such casual dismissal of the authors’ assessment is cavalier and does them—and us all—a serious disservice.

By Dave Crocker, Consultant

Filed Under


LEAF Todd Knarr  –  Nov 28, 2015 11:45 PM

They need only look back to how the Clipper chip and it’s LEAF field failed. 3 years from birth to death, it failed to provide reliable government access (it was easy to create an encrypted connection that appeared valid but whose key couldn’t be recovered from escrow), and it failed to be secure (it wasn’t too hard to use the LEAF information and various attacks on the ciphertext to recover the encryption key without access to the escrow database). The flaws were sufficiently fundamental that I don’t think it’s possible to work around them.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix


Sponsored byDNIB.com


Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC