Cryptographers Fight FBI on Mobile Security
Source: Danny Yadron
James Comey, director of the Federal Bureau of Investigation.
Victor J. Blue
The U.S. government just lost highly classified security-clearance data to foreign hackers. Do Americans really want to trust Washington with the keys to their text messages?
That’s the question asked by Internet-security pioneers in a 33-page white paper published Tuesday by the Massachusetts Institute of Technology.
The cryptographers argue that making sure federal agents could decipher every WhatsApp message and unlock every iPhone, as the Federal Bureau of Investigation would like, would be technically impractical while exposing consumers and businesses to data breaches.
“These proposals are unworkable in practice, raise enormous legal and ethical questions, and would undo progress on security at a time when Internet vulnerabilities are causing extreme economic harm,” the cryptographers write.
For the tech community, it’s a rebuttal, long in the works, to FBI Director James Comey’s ongoing efforts to give law-enforcement authorities greater access to encrypted communications.
The 14 authors include security luminaries such as Matthew Green, a professor at Johns Hopkins University; Bruce Schneier, a fellow at Harvard Law School; and Whitfield “Whit” Diffie, who helped invent modern encryption.
Comey published on Monday a blog post arguing that “bad people can communicate with impunity in a world of universal strong encryption.” He plans to make his case on Wednesday before two congressional panels.
In an age when a Clinton and a Bush are running for president, the debate over encryption is yet another throwback to the 1990s, when the FBI argued unsuccessfully for a “clipper chip” that would allow the agency to unscramble a device’s encrypted contents. Some of the cryptographers behind Tuesdays paper also fought that proposal.
The FBI’s current stance is even more problematic, the security experts argue, because it remains vague. Comey hasn’t described technically how his agency should be able to decrypt messages. He’s arguing only that tech companies should figure out a way to make it happen.
One proposal discussed in Washington calls for technology companies, the government or another party store a special encryption key that would allow the government to decipher any user’s content if a warrant were issued.
Although that would be possible technically, such encryption keys instantly would become holy grails of hacking targets.
And considering the recent breach at the Office of Personnel Management, in which hackers stole personal data on millions of government employees, it’s not clear that anyone could keep such keys safe, the security experts argue.
| }
|