Thursday, July 16, 2015

The FBI Wants the Key to Your Data

by Jacob Sullum

Testifying before the Senate Judiciary Committee last week, FBI Director James Comey argued that data should never be transmitted or stored in a way that frustrates government snooping. Comey warned that encryption is a boon to criminals and therefore must be designed so that law enforcement agencies can decode it when the need arises.


As a panel of computer security experts pointed out in a report issued two days before that hearing, Comey's argument founders on the practical difficulties of facilitating access by government officials without facilitating access by "bad actors." Another problem: Sometimes the bad actors are government officials.

Comey's insistence that the world be arranged to make his job easier should sound familiar to anyone who recalls the debate over encryption controls during the Clinton administration, which wanted telecommunications companies to incorporate a wiretap-enabling "Clipper chip" into their devices. The initiative was abandoned after experts pointed out that the key escrow arrangement required by the Clipper chip was technically impractical and risky, making communications vulnerable to malicious hackers.

Many of the same experts—including Harold Abelson, Matt Blaze, John Gilmore, Peter Neumann, and Ronald Rivest—collaborated on last week's report, which comes to similar conclusions while emphasizing that the stakes are much higher today because "the scale and scope of systems dependent on strong encryption are far greater, and our society is far more reliant on far-flung digital networks that are under daily attack." Abelson et al. conclude that proposals for "exceptional access" to encrypted data by law enforcement agencies "are unworkable in practice, raise enormous legal and ethical questions, and would undo progress on security at a time when Internet vulnerabilities are causing extreme economic harm."

In addition to the threat posed by identity thieves, blackmailers, commercial spies, and saboteurs who might take advantage of the weaknesses introduced by exceptional access, Abelson and his co-authors worry about demands for encryption controls from governments that treat dissidents as criminals. Comey concedes the danger in his written testimony, saying "any steps that we take here in the United States may impact the decisions that other nations take—both our closest democratic allies and more repressive regimes."

As the National Security Agency's illegal mass collection of our telephone records illustrates, it is not just foreign governments we need to worry about.



No comments: