Privacy vs The Government: Why backdoors are a security nightmare
I recently viewed the following debate regarding individual privacy against the government:
There are indeed valid arguments for why the government should have access to data necessary to ensure public safety and stop terrorism. But the question is at what cost does the government obtain this information? If I were debating for the proposition I might have referenced the fact that companies' infrastructure regularly gets compromised by both individuals and nation-state attackers. Are we really willing to have our information stored in a manner that can be obtained by stalkers, cybercriminals, terrorists, and nation-state adversaries?
It's not a matter of whether the government can access data. It's a matter of whether anyone can access it. There's no way to design a system such that only the “good guys” have access. It's a question of security vs insecurity. This is the opinion of most people who deal professionally with cryptography and communications security, and the government would do well to finally start taking the advice of these security people. What the government has expressly stated they want is not only access to information held by technology companies, but also a backdoor into information that technology companies don't have access to.
End-to-end encryption is designed to prevent companies providing service from reading messages. This is not an accident. This is a measure to ensure security against all attackers, government or otherwise, since it has been proven that it's too much to expect companies to store this data securely. Governments will have to deal with this, because the alternative is everything everyone says being vulnerable.
When one realizes individuals can compromise the databases of large companies, it becomes a matter of common sense that companies should not have such databases to begin with. Security online is, in its current state, an all-or-nothing thing. Attempts to introduce backdoors will not improve security, but worsen it.
While I'm on the topic of government backdoors into communications, I will use this opportunity to publicize communications made between myself and a representative in my state. The communication was first established when I submitted a letter opposing EARN IT to my state's representative.
- Abuse of power
- In this section, I explain the historical and political concerns with implementing a widespread backdoor in modern encryption
- Throughout history, governments have shown to vary wildly, ranging from wholly beneficial to their populous, to outright abusive; and it has been shown historically that governments can turn from benign to fascist/tyrannical at the drop of a hat. History rarely sees any terrible leaders acting in the beginning as the people they world later become; at least in a society that allows voting, it is historically impossible to convince a sufficient portion of the population to vote for you. Instead, such figures would start with a moderate position, then become more extreme over time. This allows people to get used to the changes over time, making each individual transition feel less extreme. This is what could happen, not just within the United States, but globally, if a precedent is set to allow backdooring of modern encryption. This is a dangerous precedent to set, as I will explain in my next point.
- The precedent of backdooring modern encryption is a dangerous one. This is not the traditional "slippery slope" argument, but instead a commentary on the historical cases where governments have implemented mass surveillance. To provide context, it should be let known that throughout history, the first, or one of the first, acts of any oppressive leader is usually to implement a secret police; effectively a mass surveillance program to keep track of people who disagree with the government. In Germany, this was the Gestapo and the SS. If one brings this up to date with the digital era, a backdoor on modern cryptography could be trivially repurposed as a tool for mass surveillance and oppression; instead of being used to combat societal threat actors such as pedophiles, terrorists, and violent criminals.
- The United States' population, at this time, largely shows mistrust for government and/or police services. While not everyone is so radical as to call for police defunding, the widespread reports of police abuse of power, combined with the general consensus that politicians are professional liars, creates a concerning state of affairs for the relationship between politicians and citizens. It should be made known that people often do not support politicians out of trust or genuine support, but instead out of party and the notion that "at least they're better than [insert political opponent]". An act such as EARN IT would fundamentally endanger the population, and could not be supported. There is no number of times it can be repeated that this act would capture pedophiles, terrorists, or violent criminals, that would make the benefits of such policy outweigh the risks and danger this poses to not only the United States, but the entire free world.
- Practical impossibilities
- In this section, I explain the practical and technological concerns of implementing a widespread backdoor of modern encryption
- Modern encryption is based on a few fundamental concerns:
- Information is forever. On the internet, there is no way to guarantee anything is ever lost. With the Summit supercomputer being individually able to store 250 petabytes of data, there exist individual computers with the capability to store a significant portion of the global internet's total traffic. An attacker unable to break modern encryption could store the data until they obtain the capabilities required to break the encryption. This is not currently a major concern, since it's generally assumed that the encrypted information would become useless over time, becoming of no value to an attacker who can break the encryption 20, 40, or 80 years later. However, this is not true in the case where encryption is backdoored en masse, since certain secrets do not become less sensitive over time.
- A backdoor on modern encryption provides a single point of failure. To implement a backdoor on modern encryption, one must use a centralized backdoor key. This key must be protected for as long as any encrypted data remains in existence, or until the data is no longer useful to any attacker. This cannot be guaranteed by any government, no matter how strict the security controls are. If governments could reliably keep control of their secrets, there would have been no Snowden leaks, no EternalBlue leak, no 2017 WannaCry worldwide attack, and no WikiLeaks. In a world where governments regularly lose control over their own secrets, implementing such a backdoor just asking for a global disaster.
- There is no way to revoke keys. On the modern internet, information is effectively permanent. All it takes to copy encrypted information is to simply be able to read the ciphertext (the gibberish result intended to be unreadable). Once the ciphertext is known, any valid key can be used to convert it back to plaintext. However, unlike online accounts, which allow changing passwords by means of a central server that controls access, cryptography provides no means to revoke keys. Once ciphertext exists, the keys it is encrypted with are the keys it will always be encrypted with. Some systems implement a feature that behaves similarly to key revocation, but in none of these cases can an attacker be denied access to already-encrypted data. When the encrypted data in question is the internet traffic of the entire Unites States, or more likely, the majority of the world, the inability to revoke compromised keys creates a risk/reward ratio that cannot possibly be reasonably justified to be a net benefit.
- _NSAKEY was a cryptographic backdoor implemented into Windows NT 4.0 SP5. and discovered in 1999. While Microsoft tried many times to deny that it was used to allow cryptographic backdoors, many still believe that it was exactly that.
- Dual_EC_DRBG was a CSPRNG standardized in NIST SP 800-90A in 2006.
- Dual_EC_DRBG was standardized in 2006, but the backdoor was actually discovered in 2004:
- The 2016 Compliance with Court Orders Act (alternatively known as the CwCOA) was a proposed anti-security, anti-privacy bill much like EARN IT. The CwCOA caused significant outrage at the time, and was never passed.
- "While trying to find creative ways to keep the service up, I consulted a group of friends who are very active in the network incident response field. Some of these are the people who warn the world about new network attacks. Others are very experienced at tracking down denial-of-service attacks and their associated command-and-control (C&C) servers. I asked them if they could help me find the source of the attack. 'Sure,' they replied. They just needed my IP address."
- "I read off the address: '152 dot' and they repeated back '152 dot'. '19 dot' '19 dot' and then they told me the rest of the network address. (I was stunned.) Tor is supposed to be anonymous. You're not supposed to know the IP address of a hidden service. But they knew."
- "The problem with this theoretical God's eye vantage point is that it isn't theoretical -- and the random shuffling isn't good enough. The people I consulted about my DDoS issue included people with real God's eye views. One claimed to see over 70% of all internet traffic worldwide. Another claimed over 50%. Moreover, these people are not nation-states or governments; they are corporate."
December 3, 2020
Dear Mr. Anderson,
Thank you for contacting me to discuss the Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) Act of 2020. I appreciate you taking the time to write and helping me serves as your representative. Your input is valuable.
The Internet is no longer merely a helpful tool to supplement research or watch videos; it has become a necessity for living in the modern world. Without access to the internet, New Mexico’s people, educational institutions, and businesses cannot compete with the rest of the world. End-to-end encryption has established itself as an essential tool to keep private information secure, allowing us to use the internet for education and telehealth services and to support small businesses through e-commerce. Unfortunately, encryption makes it easier for predators and criminals to carry out their operations.
Over time, sexual predators have used the internet and its encryption to increasingly trade in illicit material. Senators Graham, Blumenthal, Hawley, and Feinstein introduced the Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) Act in an attempt to combat this increase in crime. This legislation mandates the creation of best practices related to identifying and reporting online child sexual exploitation, which would be approved by the Attorney General and Secretary of Homeland Security. Companies that fail to comply with these best practices would be liable to lawsuits. I understand your concerns that this legislation may unjustly censor online speech and allow the Attorney General to mandate government backdoors in encryption. Please rest assured I take these concerns seriously and I will work to find legislative solutions that can put an end to sexual predation online while not infringing on the rights of legitimate users of the internet. As we approach the 117th Congress, I am eager to work alongside the Biden Administration to enact comprehensive reforms that do just that.
Again, thank you for sharing your thoughts on this important subject. Please contact me again in the future as Congress debates issues that we all care about.
If you are interested in following my work for you more closely, please sign up for my newsletter here. You can also follow me @RepDebHaaland on Twitter, Facebook, and Instagram. I look forward to working for you and hope to hear from you again in the future.
Member of Congress