|
The essence of information privacy is control over disclosure. Whoever is responsible for the information is supposed to be able to decide who sees it. If a society values privacy, it needs to ensure that there are reasonable protections possible against disclosure to those not authorized by the information’s owner.
In the online world, an essential technical component for this assurance is encryption. If the encryption that is deployed permits disclosure to those who were not authorized by the information’s owner, there should be serious concern about the degree of privacy that is meaningfully possible. Potentially competing with an owner’s need for privacy are the legitimate investigation needs of law enforcement. Hence the current debate engendered by calls for “extraordinary access”—that is, the requirement for a backdoor to encrypted data.
When those making such calls are powerful government officials, effective opposition to them takes skill, credibility and gumption. In that regard, publication of “Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications” was an especially noteworthy event, both for its content and for its remarkable list of authors—all fifteen of them, representing three generations of senior security technical expertise, who offered careful explanations of the unavoidable technical and operational problems that are produced by any attempt to embed secondary, “exceptional” access to encrypted content.
In recognition of their singular effort and accomplishment, the authors were recently honored with the 2015 J.D. Falk Award from the Messaging Malware Mobile Anti-Abuse Working Group (M3AAWG). The award is given “recognizing a particularly meritorious project undertaken by a dedicated individual or group reflecting the spirit of volunteerism and community building.” It should be noted that the M3AAWG membership was enthusiastic about this award to the authors, in spite of the fact that pervasive encryption makes the work of M3AAWG members more difficult—encryption blocks some anti-abuse techniques.
The award event resulted in production of three videos discussing the content of the paper, the process of producing it, and its role in the public policy debate over exceptional access:
The essential concerns raised by the report’s authors are listed in its Executive Summary, noting that exceptional access would:
The report was initially instrumental in altering public discussion about governmental exceptional access and in the plans for pursuing it. However some officials continue to press vigorously for this capability, although they do not detail the specifics they are seeking, and they do not address the basic technical and jurisdictional problems with such a capability. On the technical side, the assessment by the report’s fifteen experts is that the technical community simply does not know how to provide exceptional access in a manner that is sufficiently reliable and constrained.
Some government officials dismiss the aggregate expertise embodied in the report’s authors and instead say that technicians merely need to try harder. Given the many and continuing major breeches of government and private online systems and the documentation of unconstrained access already obtained through various persistent monitoring programs, such casual dismissal of the authors’ assessment is cavalier and does them—and us all—a serious disservice.
Sponsored byRadix
Sponsored byCSC
Sponsored byIPv4.Global
Sponsored byWhoisXML API
Sponsored byVerisign
Sponsored byVerisign
Sponsored byDNIB.com
They need only look back to how the Clipper chip and it’s LEAF field failed. 3 years from birth to death, it failed to provide reliable government access (it was easy to create an encrypted connection that appeared valid but whose key couldn’t be recovered from escrow), and it failed to be secure (it wasn’t too hard to use the LEAF information and various attacks on the ciphertext to recover the encryption key without access to the escrow database). The flaws were sufficiently fundamental that I don’t think it’s possible to work around them.