Government 'backdoors' to bypass encryption will make them vulnerable to attacks - industry experts
At a congressional hearing on Wednesday, witnesses said creating a way to grant authorities access to encrypted communications to aid in criminal probes will inevitably be exploited by adversaries.
Amid a growing reliance within the tech industry to enable
customers to more easily encrypt their data and keep it protected
from prying eyes, police on local and federal levels say an
increase in personal security practices put criminal
investigations at risk.
The Committee on Oversight and Government Reform in the United
States House held a hearing on Wednesday this week to discuss the
issue, and before long lawmakers were told by panelists that
designing a “backdoor” that can be exploited by authorities (but
not anyone else) is far easier said than done.
“I can’t ignore the stark reality that it can’t be done
safely,” Prof. Matt Blaze of the University of
Pennsylvania’s school of engineering and applied sciences
testified. In 1994, Blaze discovered fundamental technical flaws
within Clipper Chip, an encryption system designed by the US
National Security Agency to provide the government with backdoor
access to encryption communications, and today he says it still
remains true that intentional vulnerability may inevitably by
exploited by unintended parties.
"I can’t ignore the stark reality that it can’t be done safely" -@mattblaze on myth of backdoors for the "good guys." http://t.co/B2JytGPr9G
— Andrew Blake (@apblake) April 29, 2015
Law enforcement, particularly the Federal Bureau of
Investigation, has increasingly advocated in recent years for a
type of feds-only “backdoor” as criminals continue to adopt
secure communication platforms that resembled science fiction
during the days of Clipper Chip. Before the House, however, Blaze
said the actual implementation, if even possible, would have
“terrible consequences for our economy and national
security.”
“We just can’t do what the FBI is asking without seriously
weakening our infrastructure,” Blaze said, adding that
ultimately the beneficiaries of those backdoors would be
“criminals and rival nation states.”
“Attempting to build such a system would add incredible levels of
complexity to our systems,” agreed Kevin Bankston, a police
director for New America’s Open Technology Institute, and would
“inevitably…lead to unanticipated vulnerabilities.”
Last year, smart phone giants Apple and Google began rolling-out
products that emphasize personal security by encrypting most
communications by default. Testifying on Wednesday, Amy Hess, the
executive assistant director of the FBI’s science and technology
branch, said that challenges for law enforcement and national
security officials “has been heightened by the advent of
default encryption settings.”
Asked who on the panel believes that it is possible to build a secure crypto backdoor, even the FBI witness didn't raise her hand.
— Christopher Soghoian (@csoghoian) April 29, 2015
It’s critical for police to “have the ability to accept or to
receive the information that we might need in order to hold those
accountable who conduct heinous crimes or conduct terrorist
attacks,” Hess told the House panel, and that the bureau
supports encryption, but not making potential evidence completely
inaccessible to the authorities.
“Is there [such] a thing as creating a backdoor that is only for
the good guys?” Rep. Robin Kelly (D-Illinois) asked at one
point during Wednesday’s hearing.
“I am also not a technical expert – I am a policy expert –
but based on what every expert in the field has said, not only in
the current debate but also 20 years ago and a many multiyear
debate…the answer is a clear no, and, in fact, a unanimous
no,” responded Bankston.
Daniel Conley, a district attorney for Suffolk County,
Massachusetts, countered by saying that if Americans can put a
man on the moon, surely they could create a backdoor for
authorities.