SUBSCRIBE

Experts says government access to encrypted data will backfire

Risks of more spying, hacking called high

Win McNamee/Getty Images /File 2015

Admiral Michael Rogers, NSA director, proposed that companies create a digital key but split it so it couldn’t be used by any one person.

By Nicole Perlroth New York Times  

SAN FRANCISCO — An elite group of code makers and code breakers is taking American and British intelligence and law enforcement agencies to task in a new paper that evaluates government proposals to maintain special access to encrypted digital communications.

On Tuesday, the group — 13 of the world’s pre-eminent cryptographers, computer scientists, and security specialists — were to release the paper, which concludes there is no viable technical solution that would allow the US and British governments to gain “exceptional access” to encrypted communications without putting the world’s most confidential data and critical infrastructure in danger.

Advertisement

The report was to be released a day before James B. Comey Jr., director of the FBI, and Sally Quillian Yates, deputy attorney general, are scheduled to testify before the Senate Judiciary Committee on the concerns they have about “going dark” — the fear that new encryption technologies will prevent them from monitoring the communications of kidnappers, terrorists, and other adversaries.

The authors of the report said such fears did not justify risking the world’s digital communications.

Given the inherent vulnerabilities of the Internet, they argued, reducing encryption is not an option. Handing governments a key to encrypted communications would also require an extraordinary degree of trust. With government agency breaches now the norm — most recently at the Office of Personnel Management, State Department, and White House — the security specialists said authorities cannot be trusted to keep such keys safe from hackers and criminals. They added that if the United States and Britain mandated backdoor keys to communications, it would spur China and other governments in foreign markets to do the same.

“Such access will open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend,” according to the report. “The costs would be substantial, the damage to innovation severe, and the consequences to economic growth hard to predict. The costs to the developed countries’ soft power and to our moral authority would also be considerable.”

While government pleas for exceptional access to encrypted files have drawn plenty of criticism from privacy advocates and technology companies, the report is the first in-depth, technical analysis of government proposals by leading cryptographers and security thinkers. The group — which includes Whitfield Diffie, a pioneer of public key cryptography, and Ronald L. Rivest, the “R” in the widely used RSA public cryptography algorithm — fought a similar proposal for encryption access in 1997.

Advertisement

Back then, the group analyzed the technical risks and practical shortcomings of a proposal in the Clinton administration called the Clipper chip. Clipper would have poked a hole in cryptographic systems by requiring technology manufacturers to include a small hardware chip in their products that would have ensured the government would always be able to unlock scrambled communications.

The group of cryptographers won that round. The Clinton administration, which had pushed for the Clipper chip, abandoned the effort after the group’s analysis showed it would have been technically unfeasible. An unlikely coalition of technologists, liberals, conservatives, and even evangelicals argued that the chip would destroy privacy. The final nail in the coffin came after Matthew Blaze, then a 32-year-old computer scientist at AT&T Bell Laboratories, discovered a flaw in the Clipper system that would have allowed anyone with technical know-how to get access to the key to encrypted communications. Now the group of cryptographers has convened for the first time since 1997.

“The decisions for policy makers are going to shape the future of the global Internet and we want to make sure they get the technology analysis right,” said Daniel J. Weitzner, head of the MIT Cybersecurity and Internet Policy Research Initiative. and a former deputy chief technology officer at the White House, who coordinated the latest report.

If US and British government proposals were carried out, those companies would have to ease such programs. In Britain, Prime Minister David Cameron has threatened to ban encrypted messaging apps.

In the United States, Michael S. Rogers, director of the NSA, has proposed that technology companies be required to create a digital key that could unlock encrypted communications, but divide the key so that it couldn’t be used by one person or government agency alone.