Elite code group reforms after 18 years to oppose government
Source: Nicole Perlroth
Peter Neumann, a computer security pioneer and co-author of an upcoming paper that evaluates government proposals to maintain special access to encrypted digital communications. Photo: Jim Wilson / The New York Times
An elite group of code makers and code breakers is taking American and British intelligence and law enforcement agencies to task in a new paper that evaluates government proposals to maintain special access to encrypted digital communications.
On Tuesday, the group ― 13 of the world's pre-eminent cryptographers, computer scientists and security specialists ― were to release the paper, which concludes there is no viable technical solution that would allow the US and British governments to gain "exceptional access" to encrypted communications without putting the world's most confidential data and critical infrastructure in danger.
The report was to be released a day before James Comey, the director of the FBI, and Sally Quillian Yates, the deputy attorney general at the US Justice Department, are scheduled to testify before the Senate Judiciary Committee on the concerns that they and other government agencies have about "going dark" ― the fear that new encryption technologies will prevent them from monitoring the communications of kidnappers, terrorists and other adversaries.
The authors of the report said such fears did not justify putting the world's digital communications at risk.
Given the inherent vulnerabilities of the internet, they argued, reducing encryption is not an option. Handing governments a key to encrypted communications would also require an extraordinary degree of trust. With government agency breaches now the norm ― most recently at the US Office of Personnel Management, the State Department and the White House ― the security specialists said authorities cannot be trusted to keep such keys safe from hackers and criminals. They added that if the United States and Britain mandated backdoor keys to communications, it would spur China and other governments in foreign markets to do the same.
"Such access will open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend," according to the report. "The costs would be substantial, the damage to innovation severe, and the consequences to economic growth hard to predict. The costs to the developed countries' soft power and to our moral authority would also be considerable."
While government pleas for exceptional access to encrypted communications have already drawn plenty of criticism from privacy advocates and technology companies, the report is the first in-depth, technical analysis of government proposals by leading cryptographers and security thinkers. The group ― which includes Whitfield Diffie, a pioneer of public key cryptography, and Ronald Rivest, the "R" in the widely used RSA public cryptography algorithm ― fought a similar proposal for encryption access in 1997.
Back then, the group analysed the technical risks and practical shortcomings of a proposal in the Clinton administration called the Clipper chip. Clipper would have poked a hole in cryptographic systems by requiring technology manufacturers to include a small hardware chip in their products that would have ensured the government would always be able to unlock scrambled communications.
The group of cryptographers won that round. The Clinton administration, which had pushed for the Clipper chip, abandoned the effort after the group's analysis showed it would have been technically unfeasible. An unlikely coalition of technologists, liberals, conservatives and even evangelicals argued that the chip would destroy privacy. The final nail in the coffin came after Matthew Blaze, then a 32-year-old computer scientist at AT&T Bell Laboratories, discovered a flaw in the Clipper system that would have allowed anyone with technical know-how to get access to the key to encrypted communications.
Now the group of cryptographers has convened for the first time since 1997.
"The decisions for policymakers are going to shape the future of the global internet and we want to make sure they get the technology analysis right," said Daniel Weitzner, head of the MIT Cybersecurity and Internet Policy Research Initiative and a former deputy chief technology officer at the White House, who coordinated the latest report.
Encryption has been gaining momentum ― and been hotly debated ― over the past few years, after several security breaches and revelations by Edward Snowden, the former National Security Agency contractor, which showed the extent to which the United States and its allies were siphoning and spying on digital communications. Leading technology companies, including Microsoft, Facebook and Twitter, have been moving to transient messaging plans that dispose of the encryption key to customers' messages once their session ends.
If US and British government proposals were carried out, those companies would have to ease such programs. In Britain, Prime Minister David Cameron has threatened to ban encrypted messaging apps altogether. In the United States, Michael Rogers, the director of the NSA, has proposed that technology companies be required to create a digital key that could unlock encrypted communications, but divide and secure the key into pieces so that no one person or government agency could use it alone.
"The government's proposals for exceptional access are wrong in principle and unworkable in practice," said Ross Anderson, a professor of security engineering at the University of Cambridge and the paper's sole author in Britain. "That is the message we are going to be hammering home again and again over the next few months as we oppose these proposals in your country and in ours."
| }
|