‘Unworkable, questionable:’ MIT report slams US & UK govt plans to weaken encryption
The report, named ‘Keys Under Documents’ was published by the Computer Science and Artificial Intelligence Laboratory at Massachusetts Institute of Technology. It comes after political leaders in the UK and the US wanted internet systems to be redesigned, to give government better access to data, which includes encrypted data.
— MIT (@MIT) July 8, 2015
Messaging services such as WhatsApp and iMessage use encryption to ensure only the sender and receiver can read the contents. In January, British Prime Minister David Cameron threatened to ban the messaging services if government intelligence agencies could not access them. Meanwhile the FBI maintains that it is crucial that they can access the encrypted communication platforms, in order to help with the fight against terrorism.
“The need to grapple with these legal and policy concerns could move the internet overnight from its current open and entrepreneurial model to becoming a highly-regulated industry. Tackling these questions requires more than our technical expertise as computer scientists, but they must be answered before anyone can embark on the technical design of an exceptional access system,” the report added.
However, the group from MIT, which included security expert Bruce Schneier and Professor Ross Anderson from Cambridge University, said these demands might not prove to be viable and could cause the tech industry to suffer economically, as they try to rebuild their reputations following the fallout of the Edward Snowden revelations, of widespread snooping by the National Security Agency.
“These proposals are unworkable in practice, raise enormous legal and ethical questions, and would undo progress on security at a time when internet vulnerabilities are causing extreme economic harm,” the report notes.
In June, a report by the Information Technology & Innovation Foundation (ITIF) said the entire US tech industry has suffered and the actual economic losses will “likely far exceed” the $35 billion estimate, with many foreign companies now wary of using US products.
Foreign governments have responded by adopting protectionist policies locking out US vendors, and citing fears of digital surveillance to demand source codes from service providers. As a result, many US companies have embraced strong encryption for their mobile devices and cloud services, and have begun to oppose government initiatives to subvert or ban encryption.
The authors of the report are also worried that if governments were given access to encrypted files, this would not only increase the system complexity, but also could potentially be exploited by hackers, and let in the very people who the authorities are trying to keep out.
"Such access will open doors through which criminals and malicious nation states can attack the very individuals law enforcement seeks to defend,” the paper said.
These fears were compounded by internet pioneer Vint Cerf, who said in May that creating defects in encryption systems for law enforcement, often known as “back doors,” was “super, super risky” and not the “right answer.”
“If you have a back door, somebody will find it, and that somebody may be a bad guy or bad guys, and they will intentionally abuse their access,” said Cerf.