Government 'backdoors' to bypass encryption will make them vulnerable to attacks - industry experts
Amid a growing reliance within the tech industry to enable
customers to more easily encrypt their data and keep it protected
from prying eyes, police on local and federal levels say an
increase in personal security practices put criminal
investigations at risk.
The Committee on Oversight and Government Reform in the United States House held a hearing on Wednesday this week to discuss the issue, and before long lawmakers were told by panelists that designing a “backdoor” that can be exploited by authorities (but not anyone else) is far easier said than done.
“I can’t ignore the stark reality that it can’t be done safely,” Prof. Matt Blaze of the University of Pennsylvania’s school of engineering and applied sciences testified. In 1994, Blaze discovered fundamental technical flaws within Clipper Chip, an encryption system designed by the US National Security Agency to provide the government with backdoor access to encryption communications, and today he says it still remains true that intentional vulnerability may inevitably by exploited by unintended parties.
— Andrew Blake (@apblake) April 29, 2015
Law enforcement, particularly the Federal Bureau of Investigation, has increasingly advocated in recent years for a type of feds-only “backdoor” as criminals continue to adopt secure communication platforms that resembled science fiction during the days of Clipper Chip. Before the House, however, Blaze said the actual implementation, if even possible, would have “terrible consequences for our economy and national security.”
“We just can’t do what the FBI is asking without seriously weakening our infrastructure,” Blaze said, adding that ultimately the beneficiaries of those backdoors would be “criminals and rival nation states.”
“Attempting to build such a system would add incredible levels of complexity to our systems,” agreed Kevin Bankston, a police director for New America’s Open Technology Institute, and would “inevitably…lead to unanticipated vulnerabilities.”
Last year, smart phone giants Apple and Google began rolling-out products that emphasize personal security by encrypting most communications by default. Testifying on Wednesday, Amy Hess, the executive assistant director of the FBI’s science and technology branch, said that challenges for law enforcement and national security officials “has been heightened by the advent of default encryption settings.”
Asked who on the panel believes that it is possible to build a secure crypto backdoor, even the FBI witness didn't raise her hand.
— Christopher Soghoian (@csoghoian) April 29, 2015
It’s critical for police to “have the ability to accept or to receive the information that we might need in order to hold those accountable who conduct heinous crimes or conduct terrorist attacks,” Hess told the House panel, and that the bureau supports encryption, but not making potential evidence completely inaccessible to the authorities.
“Is there [such] a thing as creating a backdoor that is only for the good guys?” Rep. Robin Kelly (D-Illinois) asked at one point during Wednesday’s hearing.
“I am also not a technical expert – I am a policy expert – but based on what every expert in the field has said, not only in the current debate but also 20 years ago and a many multiyear debate…the answer is a clear no, and, in fact, a unanimous no,” responded Bankston.
Daniel Conley, a district attorney for Suffolk County, Massachusetts, countered by saying that if Americans can put a man on the moon, surely they could create a backdoor for authorities.