The Cost of Corroding Cryptography

In 2014, then-director of the FBI, James Comey warned about the ‘going dark’ problem: that strong encryption could hinder law enforcement’s ability to analyze digital communications and stored data.[2] Just a year later, in the wake of the San Bernardino Shooting, the FBI sued Apple, requesting that the court force Apple to recover the contents of an encrypted phone used by one of the shooters.[3] The FBI complained that due to the strong security of the iPhone, they were unable to complete their forensic investigation.

Figure 1: Encryption uses one or more ‘keys', large numbers that are generally kept secret, to make data readable by only those who have a copy of the matching decryption key. Source: Congressional Research Service

In light of this challenge, Senior Law enforcement officials have called for technology companies to provide ‘exceptional access mechanisms’ for encrypted devices and networks [4], often called ‘backdoors’.[5] These backdoors are software or hardware modifications that give law enforcement access to the encryption keys required to decrypt data that would otherwise be inaccessible.

Last October, Deputy Attorney General Rod Rosenstein called for “responsible encryption” that “protect[s] privacy and promote security without forfeiting access for legitimate law enforcement needs”.[6] While the arguments advanced by law enforcement appeal to legislators’ desire to balance competing concerns, leading computer scientists and policy experts agree that the policy’s ramifications for national security, both digital and economic are too great a cost to pay.[7, 8, 9, 10, 11]

This political zeitgeist is reminiscent of the first ‘crypto wars’ that took place in the mid to late 1990s, against the backdrop of the rapidly developing Internet. In response to growing use of encryption, both the Clinton Administration advocated for the adoption of key escrow technologies that would enable the government to read encrypted telephone calls. At the same time, the administration maintained long standing restrictions preventing firms from exporting cryptography that the NSA could not easily crack.

Experts widely panned these policies, predicting that the complexity of the proposed backdoored systems coupled with the intentional introduction of security flaws would decrease the overall security of the systems, opening them up to foreign and domestic hacking.[12] Over the years that followed, not only were the backdoored systems found to be vulnerable to simple attacks [13] but the inclusion of export-grade cryptography into domestic systems led to wide-scale hacks over the course of a decade and a half.[14, 15, 16, 17] As a result, cryptographers have concluded that any modern attempt to implement similar polices, will assuredly have similar results.[9] This fear was realized by a 2013 incident wherein an NSA backdoor in cryptography used by the second largest firewall manufacturer was co-opted by an unknown third party, allowing them to read Americans’ encrypted communications.[18] While the technological chaos caused by these policies can be easily detailed, it is also crucial to take stock of their likely economic impact.

In 1997 the U.S. Department of Commerce & the NSA, and in 1998 the Economic Strategy Institute, both studied the matter. They found respectively, that “not being able to participate at the early stage of [cryptographic] market development will be a tremendous obstacle to their future international competitiveness” [19] and that up to $95 billion dollars in sales would be forfeited through the mandated weakening of encryption.[20] These studies and others are highlighted in a 2015 New America report that warns against again making the mistakes of 1900s.[21] Today the impact of distrust in American data security policies is illustrated by recent moves among tech companies to move data storage facilities overseas. IBM recently spent $1.2 billion building datacenters overseas “to lure foreign customers” who are concerned about their data security.[22] Mandating encryption backdoors would only accelerate this process.

Since the 1990s encryption has transitioned from a business advantage to a business necessity.[23] This is indicated by the $96 billion that global businesses spend every year on cybersecurity of which encryption is a key part.[24] Currently, much of the $13 billion dollar market for encryption products [25] is driven by American innovation.[26] American businesses produce and consume security technologies, as well as embed encryption into their products to secure user and business data. If American businesses are no longer able to export or design strongly secured products, foreign entities may quickly switch to alternatives readily available, designed in other countries leading the space.

Beyond lost sales and overseas migration of technology companies, a backdoor mandate could dampen the development of novel security technologies. Innovative new uses of cryptography are already being implemented and the US must not miss out on the opportunities they present. One such technology may allow companies to securely process data without accessing the contents, preserving privacy.[27] Another allows users to circumvent barriers emplaced by censorious regimes.[28] Undermining these technologies by weakening encryption will stifle domestic innovation.[29]

To better conceptualize technical concerns with a backdoor mandate, it is helpful to consider the most commonly proposed backdoor system, known as key escrow. Key escrow functions by providing a non-law enforcement entity keys that can be used to decrypt otherwise secure communications. Such proposals [30, 31] permit law enforcement, with a proper warrant, to use the key, providing lawful access to encrypted data. Proponents argue that the those storing backdoor keys would be able to protect them, ensuring Americans’ privacy. They point to Apple’s use of a cryptographic key to digitally sign and validate authorship of software it allows on its mobile operating system, claiming that if Apple is able to safely store this ‘code signing key’, that an escrow agent should be able to safely store the decryption keys for American devices and communications.

Figure 3: This diagram shows a key escrow system designed for use with the clipper chip, proposed in the 1990s. The 'unit key' and 'global family key' were held in escrow to permit later law enforcement access to phone calls encrypted using this system. Source: Wikimedia

However, the code signing analogy fatally misrepresents the challenge of securing many billions of keys, each used frequently, in comparison to the efforts required to secure a single key, used only sparingly. Such backdoor key databases would represent targets of unimaginable value for hackers and the intelligence operations of American adversaries. If even the NSA is not capable of securing itself against data breaches [32], we should not expect our escrow agents to be immune. Our most advanced adversaries are even capable of breaking into facilities in which there is no outside network connection.[33] Expecting escrow agents to protect themselves against this level of sophistication is unrealistic. In 2017, one-quarter of American companies suffered data breaches costing an average of $4 million.[34] Policy makers would be well advised not to let escrow key compromise become part of this statistic.

Those concerned with the ‘going dark’ problem can take solace in the fact that law enforcement has repeatedly overstated the extent of the issue.[35] A number of researchers highlight that the use and availability of metadata collection technologies suggests that contrary to the FBI’s protestations, we are living in ’a golden era’ [36, 37] of investigative capabilities. While the FBI nonetheless faces novel challenges in deciphering previously unencrypted communications, the prevalence of metadata and historically unmatched legal hacking capabilities [38] provide viable options for countering reduced law enforcement access to data.

Figure 4: This figure taken from the US Government Accountability Office shows the increase in data breaches reported to the US government between 2008-2011 Source: US Government Accountability Office

National security goes beyond law enforcement agencies catching evildoers — it extends to ensuring that the data and intellectual property of our nation’s businesses are protected, and that their ability to innovate is not impeded for little gain in safety. To insist on misguided and dangerous policies that weaken encryption is to undermine America’s interests - both economic and technological.

References

  [1] Charlie Savage. “Justice Dept. Revives Push to Mandate a Way to Unlock Phones”. In: (Mar. 2018).

  [2] James Comey. Going Dark: Are Technology, Privacy, and Public Safety on a Collision Course? https://www.fbi.gov/news/speeches/going-dark-are-technology-privacy-and-public-safety-on-a-collision-course. 2014.

  [3] Government’s Ex Parte application for order compelling Apple Inc. to assist agents in search; memorandum of points and authorities; declaration of Christopher Pluhar, Exhibit. https: //www.epic.org/amicus/crypto/apple/In-re-Apple-FBI-AWA-Application.pdf. 2016.

  [4] Andrew Blake. “AG Jeff Sessions says Congress may need to ’take action’ on encryption issue”. In: The Washington Times (May 2018).

  [5] CIS201. The Ethics (or not) of Massive Government Surveillance. https://cs.stanford. edu/people/eroberts/cs201/projects/ethics-of-surveillance/tech_encryptionbackdoors. html.

  [6] Rod Rosenstein. Remarks on Encryption at the United States Naval Academy. https://www. justice.gov/opa/speech/deputy-attorney-general-rod-j-rosenstein-delivers-remarks-encryption-united-states-naval. 2017.

  [7] An Open Letter from US Researchers in Cryptography and Information Security. http: //people.csail.mit.edu/rivest/pubs/Ax14.pdf.

   [8] Alexa Wainscott. “A Golden Key to Pandora’s Box: The Security Risks of Government-Mandated Backdoors to Encrypted Communications”. In: N. Ky. L. Rev. 44 (2017), p. 57.

  [9] Harold Abelson et al. “Keys under doormats: mandating insecurity by requiring government access to all data and communications”. In: Journal of Cybersecurity 1.1 (2015), pp. 69–79.

   [10] Riana Pfefferkorn. “The Risks of “Responsible Encryption””. In: The Center For Internet And Society (2018).

   [11] IEEE Board of Directors. IEEE Statement In Support Of Strong Encryption. http:// globalpolicy.ieee.org/wp-content/uploads/2018/06/IEEE18006.pdf.

   [12] Hal Abelson et al. “The risks of key recovery, key escrow, and trusted third-party encryption.” In: World Wide Web Journal 2.3 (1997), pp. 241–257.

   [13] Matt Blaze. “Protocol failure in the escrowed encryption standard”. In: Proceedings of the 2nd ACM Conference on Computer and Communications Security. ACM. 1994, pp. 59–67.

   [14] Benjamin Beurdouche et al. “A messy state of the union: Taming the composite state ma-chines of TLS”. In: Security and Privacy (SP), 2015 IEEE Symposium on. IEEE. 2015, pp. 535–552.

   [15] David Adrian et al. “Imperfect forward secrecy: How Diffie-Hellman fails in practice”. In: Pro-ceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM. 2015, pp. 5–17.

   [16] Nimrod Aviram et al. “DROWN: Breaking TLS Using SSLv2.” In: USENIX Security Sym-posium. 2016, pp. 689–706.

   [17] Luke Valenta et al. “Factoring as a Service”. In: International Conference on Financial Cryp-tography and Data Security. Springer. 2016, pp. 321–338.

   [18] Stephen Checkoway et al. “A systematic analysis of the Juniper Dual EC incident”. In: Pro-ceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM. 2016, pp. 468–479.

   [19] U.S Department of Commerce and National Security Agency. “A study of the international market for computer software with encryption”. In: The electronic privacy papers. John Wiley & Sons, Inc. 1997, pp. 629–634.

   [20] Erik R Olbeter and Christopher Hamilton. Finding the Key: Reconciling National and Eco-nomic Security Interests in Cryptography Policy. Economic Strategy Institute, 1998.

   [21] Danielle Kehl, Andi Wilson, and Kevin Bankston. “Doomed to repeat history”. In: Lessons from the Crypto Wars of the 1990s (2015).

   [22] Claire Cain Miller. Revelations of N.S.A. Spying Cost U.S. Tech Companies. Mar. 2014. url: https://www.nytimes.com/2014/03/22/business/fallout-from-snowden-hurting-bottom-line-of-tech-companies.html.

   [23] Klint Finley. Apple’s Noble Stand Against the FBI Is Also Great Business. June 2017. url: https://www.wired.com/2016/02/apples-noble-stand-against-the-fbi-is-also-great-business/.

   [24] Gartner Inc. Gartner Forecasts Worldwide Security Spending Will Reach $96 Billion in 2018, Up 8 Percent from 2017. https://www.gartner.com/newsroom/id/3836563.

   [25] Encryption Software Market worth 12.96 Billion USD by 2022. https://www.marketsandmarkets. com/PressReleases/encryption-software.asp.

   [26] Ryan Hagemann and Josh Hampson. “Encryption Trust, and the Online Economy”. In: Niska-nen Center, November 9 (2015).

   [27] Oded Goldreich. “Secure multi-party computation”. In: Manuscript. Preliminary version 78 (1998).

   [28] Paul Syverson, R Dingledine, and N Mathewson. “Tor: The secondgeneration onion router”. In: Usenix Security. 2004.

   [29] The Chertoff Group. The Ground Truth About Encryption and the Consequences of Extraordi-nary Access. https://www.chertoffgroup.com/files/238024-282765.groundtruth.pdf.

   [30] Steven Levy. Can This New Encryption Method Finally Crack the Crypto War? https: //www.wired.com/story/crypto-war-clear-encryption/. May 2018.

   [31] MattTait. An Approach to James Comey’s Technical Challenge. https://www.lawfareblog. com/approach-james-comeys-technical-challenge. Apr. 2016.

   [32] Selena Larson. NSA’s powerful Windows hacking tools leaked online. http://money.cnn. com/2017/04/14/technology/windows-exploits-shadow-brokers/index.html.

   [33] Kim Zetter. Countdown to Zero Day: Stuxnet and the launch of the world’s first digital weapon. Broadway books, 2014.

   [34] Ponemon Institute. Cost of data breach study: Global analysis. https://www.ibm.com/ security/data-breach. 2017.

   [35] Charlie Savage. F.B.I. Admits Overstating Locked Phone Problem, and Critics Pounce. May 2018. url: https://www.nytimes.com/2018/05/23/us/politics/fbi-going-dark-cellphones-total-overstated.html.

   [36] Elaine McArdle. “The New Age of Surveillance”. In: Harvard Law Bulletin Spring (2016).

   [37] Peter Swire. Going Dark: Encryption, Technology, and the Balance Between Public Safety and Privacy. July 2015.

   [38] Steven M Bellovin et al. “Going bright: Wiretapping without weakening communications infrastructure”. In: IEEE Security & Privacy 11.1 (2013), pp. 62–72.