Security experts warn against encryption 'backdoors'

A group of computer code experts said that law enforcement cannot be given special access to encrypted communications without op
A group of computer code experts said that law enforcement cannot be given special access to encrypted communications without opening the door to "malicious" actors

A group of computer code experts said Tuesday that law enforcement cannot be given special access to encrypted communications without opening the door to "malicious" actors.

A research report published by the Massachusetts Institute of Technology challenges claims from US and British authorities that such access is the policy response needed to fight crime and terrorism.

Providing this kind of access "will open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend," said the report by 13 scientists.

The paper was released a day after FBI Director James Comey called for public debate on the use of , saying Americans may not realize how radical groups and criminals are using the technology.

Comey argued in a blog post that Islamic State militants are among those using encryption to avoid detection.

The New York Times, which reported earlier on the study, said Comey was expected to renew a call at a congressional hearing for better access to encrypted communications to avoid "going dark."

The computer scientists said, however, that any effort to build in access for law enforcement could be exceedingly complex and lead to "unintended consequences," such as stifling innovation and creating hostility toward new tech products.

"The costs would be substantial, the damage to innovation severe, and the consequences to economic growth difficult to predict," the report said.

"The costs to developed countries' soft power and to our moral authority would also be considerable."

In the 1990s, there was a similar debate on the "clipper chip" proposal to allow "a trusted third party" to have access to encrypted messages that could be granted under a legal process.

The clipper chip idea was abandoned, but the authors said that if it had been widely adopted, "it is doubtful that companies like Facebook and Twitter would even exist."

The computer scientists said the idea of special access would create numerous technical and legal challenges, leaving unclear who would have access and who would set standards.

"The greatest impediment to exceptional access may be jurisdiction," the report said.

"Building in exceptional access would be risky enough even if only one law enforcement agency in the world had it."

The British government is considering legislation to compel communications service providers, including US-based corporations, to grant access to British law enforcement agencies.

"China has already intimated that it may require exceptional access," the report said.

"If a British-based developer deploys a messaging application used by citizens of China, must it provide exceptional access to Chinese ?"

Among the report's authors are Daniel Weitzner, director of the MIT Computer Science and Artificial Intelligence Laboratory, and well-known MIT cryptographer Ronald Rivest.


Explore further

FBI chief urges 'robust debate' on encryption

© 2015 AFP

Citation: Security experts warn against encryption 'backdoors' (2015, July 7) retrieved 15 September 2019 from https://phys.org/news/2015-07-experts-encryption-backdoors.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
995 shares

Feedback to editors

User comments

Jul 08, 2015
"The costs to developed countries' soft power and to our moral authority would also be considerable."

Moral authority? They think they still have a moral authority after what they pulled the last half century? Really? Delusion must be such a grand state to live in.

Jul 08, 2015
Uhhh, this sounds a LOT like the plot of the Dan Brown novel "Digital Fortress" from 1998 where the NSA releases an un-crackable encryption standard to the world with a secret backdoor built in that only the NSA knows about.

Ridiculous.

Jul 08, 2015
Ridiculous.

Ridiculous?

Random number generator attacks:
https://en.wikipe...bversion
One of the generators, Dual_EC_DRBG, was favored by the National Security Agency.[7] Dual_EC_DRBG uses elliptic curve technology and includes a set of recommended constants. In August 2007, Dan Shumow and Niels Ferguson of Microsoft showed that the constants could be constructed in such a way as to create a secret backdoor to the algorithm.[8] In 2013, Reuters reported that documents released by Edward Snowden indicated that the NSA had paid RSA Security $10 million to make Dual_EC_DRBG the default in their encryption software, and raised further concerns that the algorithm might contain a backdoor for the NSA.


It's already happening.

Jul 09, 2015
Practically unbreakable encryption has been available to all for some time to anyone that wants it. There has been a fair bit of open source encryption software that can modified to your needs, if you have the necessary skills. Encryption software is not going away anytime soon.

Laws limiting encryption will only hurt the innocent and businesses. The criminals and terrorists are not going to give up encryption.

The Internet once operated without encryption, then client to server encryption became the standard and now end to end encryption is demanded by the public. Overly broad and invasive spying by security agencies and law enforcement that targets everyone, not just the terrorists, has actually changed public attitudes. Treating everyone like a potential terrorist is offensive.

The number of massive security breaches into business and government networks show we need better security not weaker security.

Jul 09, 2015
Practically unbreakable encryption has been available to all for some time to anyone that wants it.

Practical, unbreakable SOFTWARE encryption? Yes.
But if the hardware is compromised then that means less than nothing (because it just gives you a false sense of security). With gag orders in place any company can be made to include hardware vulnerabilities and none of us would ever know. And with big hardware manufacturers sitting in the countries that are most likely to force implementation of something like this (e.g. Intel in the US, various manufacturers in China, ... ) I wouldn't be surprised if it's already done.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more