In the past week, U.S. Deputy Attorney General Rod J. Rosenstein delivered two talks that implored the technology industry to embrace what he deems “responsible encryption.”
When he spoke at the United States Naval Academy, he cloaked his commentary in hyperbole and innuendo, as if he was trying to draw battle lines between industry and law enforcement: “… the tools we use to collect evidence run up against technology that is designed to defeat them.”
He continued, “But there has never been a right to absolute privacy.”
What is Rosenstein Smoking?
Encryption is an integral part of maintaining individual privacy. And yes, we are entitled to privacy. Improvement of encryption algorithms is not taking place to thwart the investigative efforts of the Department of Justice (DOJ) or any other law enforcement entity around the globe. Improvements to encryption (or any other technology) are designed to provide the same service better, faster and more securely. Technology advances—and as such, vulnerabilities into what was once thought secure sometimes are revealed.
How Should Encryption Be Used?
Rosenstein suggested, “Responsible encryption can involve effective, secure encryption that allows access only with judicial authorization,” then went on to provide exemplars including centralize key management systems used by corporations and the utility of one-time passwords. He omitted the fact that universal key escrow will put a target the size of Jupiter on that dataset for every criminal entity and nation state.
Then just a few days later, Rosenstein, speaking to the Global Cyber Security Summit in the United Kingdom, gave a second speech, finishing with exactly the same argument for “responsible encryption.”
In doing so, he hoped to create a groundswell among other governments to call for the same capability. Naïve and uninformed thinking is using as a parallel the current lawful intercept laws across the globe. The question for all is, Should law enforcement have the ability to pierce any encryption encountered?
Here’s what he actually asked for at the Naval Academy and again at the global summit: key escrow. Key escrow is an arrangement wherein keys are held in escrow so that under certain circumstances, such as with approval by a court, an authorized party may gain access to the keys to decrypt a protected communication.
Having repositories of encryption keys will bring new meaning to “capture the flag” games.
Why Do We Encrypt?
We encrypt to protect our data—protecting information for the sake of confidentiality (trade secrets, medical information, national security, financial transactions, etc.) and security. In doing so, we provide assurances that the data being used is authentic and being provided to or within an authorized audience.
One-time pad is a secure means of encrypting data, it doesn’t scale. But if the encryption key is used only once and is not shared beyond the intended recipient and creator, the message is not going to be compromised. The compromise of the Soviet spy rings in the late-1940s, was largely due to the fact that the Soviet Union could not produce a secure cryptographic key and so reused a crypto key from prior years for communication with their U.S.-based spies.
Having government access to escrowed cryptographic keys would produce these same results for any adversary’s cryptographic analyst. They are the magic keys to the kingdom of secured information.
It is for this reason that many companies guard their key escrow as they do the crown jewels. For companies, having key escrow or shared keys make sense as it provides privacy and confidentiality to the company’s transactions, strategy and tactics. For many companies, beyond the greater shared encryption the most sensitive data is encrypted while at rest, be it on a laptop, thumb drive or shared data store. Inadvertent disclosure is mitigated, and a stolen laptop containing personal sensitive information of individuals that had been fully encrypted is considered a “loss of a laptop” event, not a “loss of data” event.
Furthermore, as every international traveler is aware, you are always faced with the possibility of being subjected to inspection as you transit international borders. While many show little or no interest in your device(s), others require that all electronic devices and storage media be produced for inspection (duplication). Encrypted data, even if confiscated, is protected.
What is DOJ Smoking?
Entrust the DOJ to protect the “master keys” of encryption used around the globe? The plethora of data breaches within the U.S. government, including arguably the most sensitive data stores of the land—OPM and the nation’s cleared security personnel’s background files, the NSA and CIA and the cybertools they use—were all provided the best security available, right? Yet they were compromised. Who will protect these “master keys”?
Does this also mean we should also trust the “master keys” to be used responsibly by the FSB in Russia, the MSS in China, the DGSE in France, MI-5 in the UK and so on? In this writer’s opinion, this is a recipe for disaster.
What Do Others Think?
Matthew Green, a professor at Johns Hopkins University and renowned in the world of applied cryptography, in an op-ed piece published in Slate, wrote:
“If American law enforcement gains access to encryption, then other nations’ security agencies will demand the same capability. And when they don’t get access, they could ban our products. In democratic nations, granting this access could be an acceptable trade-off. But inevitably, the same requests will come from authoritarian regimes like China, Russia, and others with a very different approach to human rights. With these capabilities mandated by the United States, our firms will have no way to decline.”
He pointed to suspicions hovering over Kaspersky and its antivirus software, which will paint every U.S. technology firm producing security tools with the same brush.
He concluded, “Software with encryption can secure your data, and in the long run this—properly deployed and verified—can help our software industry spread competitively across the world. This will not be without costs: It will make (some) crimes harder to solve. But the benefits will be real as well.”
We asked Tom Kellermann, CEO of Strategic Cyber Ventures, via an email exchange, for his view on the pros and cons of “warrant proof encryption.” Kellermann, said: “The con is that other countries will require the same access. The pro is that cyber investigations can remain viable. For the privacy advocates who fear this shift, they must appreciate that the U.S. government does not have a monopoly on being big brother. In the absence of cybersecurity, there exist dozens of big brothers. Privacy cannot exist without cybersecurity and given that 50 percent of crimes have a digital component (according to GCHQ UK), law enforcement must be empowered.”
In Kellermann’s opinion, “responsible encryption” can be achievable; with the presence of a warrant, keys could be exchanged. In response to the plausibility of a government required key escrow evolving, he said: “I do think it is real possibility once Silicon Valley appreciates that the No. 1 thing between the theft of their intellectual property by foreign nation states is collaboration with the U.S. government.”
She found Rosenstein’s comments surrounding the technology being created to defeat law enforcement to be misleading and incorrect, and agreed that encryption tools are not designed to defeat government investigations.
Herold said Rosenstein’s inflammatory comments are designed to anger those who don’t understand encryption and then leverage that anger to weaken public demand for strong encryption. “Instead of continuing to promote this flawed reasoning in an attempt to force U.S. technology providers to create weak encryption, they should instead look at all the ways they can obtain data that have been successful for centuries,” she said.
“Strong encryption does NOT undermine the rule of law,” Herold said. “The existing written, and largely outdated, law to which Rosenstein references was written by largely uninformed lawmakers in the context of a time before strong encryption was an important and necessary tool to protect privacy and support safety and security.”
Sadly, DOJ is not Alone
As stated in a recent CNET story, other countries are also calling for “responsible encryption.” The UK and Australia have both made the call for adjustments to how cryptography is used, and making the case that “end-to-end” encryption stymies investigations.
As Herold pointedly said, use of better investigative techniques by law enforcement is required, not weaker encryption. As Green said, some crimes will be harder to solve. This is why Tom Kellerman’s call for Silicon Valley to work with government to evolve a solution is both judicious and wise.
Issuing master keys as the responsible encryption solution to the governments of this world is not a “solution.” It is lunacy. Benjamin Franklin famously said: “Three can keep a secret, if two of them are dead.” No government, regardless of flag, should have the master key to all encryption. The stakes are just too high.