Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Encryption Communications Government Privacy Security United States

Why Crypto Backdoors Wouldn't Work 105

An anonymous reader writes: Your devices should come with a government backdoor. That's according to the heads of the FBI, NSA, and DHS. There are many objections, especially that backdoors add massive security risks.

Would backdoors even be effective, though? In a new writeup, a prominent Stanford security researcher argues that crypto backdoors "will not work." Walking step-by-step through a hypothetical backdoored Android, he argues that "in order to make secure apps just slightly more difficult for criminals to obtain, and just slightly less worthwhile for developers, the government would have to go to extraordinary lengths. In an arms race between cryptographic backdoors and secure apps, the United States would inevitably lose."
This discussion has been archived. No new comments can be posted.

Why Crypto Backdoors Wouldn't Work

Comments Filter:
  • by Austerity Empowers ( 669817 ) on Tuesday April 28, 2015 @05:26PM (#49573141)

    I seem to recall that we went through this in the mid to late 90s, where the government insisted any use of strong cryptography should as a matter of law, have a backdoor for the government. Then suddenly they dropped it, and all of us paying attention knew they got their way by some other means. Now post-Snowden, I guess we know what that was, and they're back to beating this horse all over again.

    The answer should be no, with absolutely no further discussion.

    • by StikyPad ( 445176 ) on Tuesday April 28, 2015 @05:34PM (#49573183) Homepage

      They didn't get their way through other means really. Mass surveillance doesn't trump encryption -- on the contrary, encryption is the only protection against mass surveillance. I think it was more that encryption just wasn't used for most communications, so they realized it was a moot point. Now that companies are shifting toward end-to-end encryption, it's becoming relevant again.

      • by Anonymous Coward on Tuesday April 28, 2015 @05:43PM (#49573243)

        Snowden insisted the journalists remove the battery from their phones and put the phones in the fridge.

        That pretty much tells you how useful 'encryption' on Android would be against back doors. None, if you can't protect your speech near the phone you can't protect the password.

        • by monkeyzoo ( 3985097 ) on Tuesday April 28, 2015 @05:47PM (#49573255)

          Reading the article, it's very intersting. His argument is that you CAN'T backdoor a platform. Summarizing:
          1) Say Android rolls over and backdoors the encrypted filesystem.
          2) 3rd party apps can use the cryptography library, so Google would also have to backdoor that.
          3) Then apps could use a 3rd party crypto library, so gov't would have to compel google to monitor for at least respond to takedown requests for strong crypto 3rd party apps.
          4) But apps can easily download and incorporate new code, so Google would have to audit running apps with static and dynamic analysis.
          5) Even then, people could use other app stores or sideloads, so Google would have to have an app kill switch option. This would be HUGE INTRUSION and delete apps from people's phones (even innocent people).
          6) But how to identify apps? Sideloaded apps could generate a new appID with each download, so Google would have to scan for app characteristics (think antivirus software here).
          7) Even if the above worked, browser-based apps could be built that use secure data stores or end-to-end messaging. This would mean the gov't would have to block these web apps, i.e., Internet censorship.

          It's just not technically feasible if there is any respect for liberty, not to mention the significant technical challenges involved.

          • by Anonymous Coward

            A war usually solves that issue.

          • by Helix_Sky ( 1151027 ) on Tuesday April 28, 2015 @06:37PM (#49573539)

            I want to start by saying that I'm against these measures but while all that is true, it only gets that bad if you try to enforce 100% compliance. Simply making cryptographic systems without backdoors illegal would have a large deterrent effect. It'd be the equivalent of the fact that locks on your doors don't provide 100% security because windows are so easily broken, but we still lock our doors.

            First off making non-breakable crypto illegal would prevent such crypto from being used in traditional commercial products. Second, the government wouldn't have to attack the problem from the front like the article suggested. They could use their NSA spying capability (once gain no a big fan) to look for unauthorized encrypted communications. They already take special note of encrypted data use, and with it being made illegal they could directly legally target the users of such tech. The chilling effect of such a large scale NSA backed takedown would be huge.
             

            • by monkeyzoo ( 3985097 ) on Tuesday April 28, 2015 @06:57PM (#49573621)

              Making strong crypto illegal would only affect those in the US's jurisdiction. It would not affect the most desirable targets (outside US jurisdiction) and would have a chilling effect on demand for US technology products.

              • by myowntrueself ( 607117 ) on Tuesday April 28, 2015 @08:31PM (#49573999)

                Making strong crypto illegal would only affect those in the US's jurisdiction. It would not affect the most desirable targets (outside US jurisdiction) and would have a chilling effect on demand for US technology products.

                Theres already a chilling effect on demand for US technology products.

                I'd like to see a company in a privacy-respecting nation such as Netherlands to release some decent network hardware...

                • by johanw ( 1001493 ) on Wednesday April 29, 2015 @03:50AM (#49575143)

                  " a privacy-respecting nation such as Netherlands"

                  Ouch... You don't live in The Netherlands, do you? We have, like most western countries, our share of privacy attacks from the government. Mostly to satisfy the tax service, like storing all license plates of cars who drive on the highways or park in a private parking garage (to catch drivers of a leasecar who claim they use it only for business and don't pay the extra income tax). And there is discussion about forcing people to give up their encryption keys if the police wants them, ignoring laws that you have the right to remain silent (except when...).

          • by Anonymous Coward

            Another problem would be that the USA would not be the only country wanting access.
            Do phones now become "Zoned" ? How will that impact international travellers ?
            Do the phones come with multiple backdoors so each country can access the devices ?
            Do Americans travelling overseas want foreign governments to have access to their phones ?
            Could China kill Apps that they dont like on any phone in the world ?

            What is needed is better police, intelligent, diligent, honest, capable police. What we have is dull thugs w

            • What is needed is better police, intelligent, diligent, honest, capable police. What we have is dull thugs who shoot first and ask questions later.
              What is needed is a professional police force, independent from political whim. We need a police conduct authority independent of political whim and police
              who must investigate EVERY police weapons discharge.
              What we need is politicians who are not on the take and use police to enforce their dishonesty.
              What we need is honest, intelligent politicians FFS Michelle Bachman.... please, why ?

              Yes, we do. I would also like a pet unicorn.

            • I believe that the head of the NSA has already indicated that he believes there should be a framework to give, eg the Chinese, access.

          • by John Howell ( 2861885 ) on Tuesday April 28, 2015 @07:50PM (#49573817)
            And the even simpler argument. I'm not a U.S. Citizen. Why would I be happy the U.S. Has the ability to backdoor my app?
            • by Anonymous Coward

              SNAP.

              Why should the US Government be able to cripple/spy on my phone when I did not purchase it from an American company, do not live in America or communicate with American agencies?

              In fact, under EU law - it is almost certainly illegal for the US government to spy on my personal data when I'm in the EU, and a naturalised EU resident.

              Is the US willing to force US law on the entirety of the EU?

          • by fustakrakich ( 1673220 ) on Tuesday April 28, 2015 @08:37PM (#49574021) Journal

            It's just not technically feasible if there is any respect for liberty...

            *Ah, there's the rub, isn't it?*

          • by ShanghaiBill ( 739463 ) on Tuesday April 28, 2015 @09:14PM (#49574123)

            8) People will only buy tech made outside of America, costing America jobs and draining away expertise.

          • by Anonymous Coward

            Or they could just criminalise customer usage of non-backdoored crypto.

          • Re: (Score:3, Insightful)

            by Anonymous Coward

            3) Then apps could use a 3rd party crypto library, so gov't would have to compel google to monitor for at least respond to takedown requests for strong crypto 3rd party apps ...

            And this is where you get off track. The whole point is to backdoor enough of the system that there's a means to collect 90% of the information from 99% of people. There is no presumption for a "technically feasible" way to collect 100% of the necessary information from 100% of the people. If there were--and presuming we had a jus

          • Don't forget (8) and upwards : people use something other than Android. Even something from outside the country, or at least outside the reach of the US govt.
        • >> Snowden insisted the journalists remove the battery from their phones and put the phones in the fridge.

          >> That pretty much tells you how useful 'encryption' on Android would be against back doors.

          Not this manure again. What if I told you, that those phones could easily be bugged physically, by adding a little mic with an antenna, that would feed of phone's main battery, sure it requires some legwork, but Snowden is high enough on US's list of targets to actually do soome physical snooping. Th

    • I seem to recall that we went through this in the mid to late 90s, where the government insisted any use of strong cryptography should as a matter of law, have a backdoor for the government. Then suddenly they dropped it,

      I recall reading that a researcher figured out a way to spoof the "Law Enforcement Access Field" shortly before the US government dropped their push.

    • Does nobody remember the Clipper Chip debacle? - http://en.wikipedia.org/wiki/C... [wikipedia.org]

      Funnily enough the sort of person that would be happy to hand law enforcement the spare keys to their house is not the sort of person that law enforcement's interested in investigating... Seems that memories are short in the NSA
  • Would it work for the government to have access to everyone's cars? Cars can be used for criminal activities. Ditto for keys; should we have to al give the government access to our homes?
    • Re: (Score:3, Insightful)

      by Anonymous Coward

      ... have access to everyone's cars?

      Police and government have promoted remote-controlled kill switches on cars for the last 20 years. Although it exists via General Motors OnStar, it's not practical. That will change with vehicle-assisted driving and driver-less cars.

      ... give the government access to our homes?

      The government already has access via hand-held battering rams and 14 tonne, wheeled wrecking-balls (AKA assault vehicles). Big money and brute force doesn't work on encryption, unless they turn it into rubber-hose decryption (Oblig. XKCD [xkcd.com]). But the three-letter agencies can'

      • by Meshach ( 578918 )

        The government already has access via hand-held battering rams and 14 tonne, wheeled wrecking-balls (AKA assault vehicles). Big money and brute force doesn't work on encryption, unless they turn it into rubber-hose decryption (Oblig. XKCD [xkcd.com]). But the three-letter agencies can't do that 200 times a day, so they want a cheap, simple solution that labels the common people as criminals without rights.

        There are law about that though - a warrant is required for the police to enter my home. DHS is not going to get a warrant to snoop on me.

        • Re: (Score:2, Interesting)

          by Anonymous Coward

          I heard a scream come from inside your house, and one of the windows is broken, I think that gives me enough cause the break in.

        • Re:Car analogy (Score:5, Insightful)

          by Jason Levine ( 196982 ) on Tuesday April 28, 2015 @07:52PM (#49573831) Homepage

          But warrants are [whining voice]SOOOO HAAARD. You have to show probable cause and all that stuff. It's too much work.[/whining voice]

          Plus, [overly paranoid voice]in the time it takes to get a warrant, a criminal could enact another 9-11 or could destroy the evidence that they were planning that.[/overly paranoid voice].

          Those are the reasons why law enforcement needs access to stuff without a warrant. The whiny, paranoid reasons why.

      • by vux984 ( 928602 )

        But the three-letter agencies can't do that 200 times a day, so they want a cheap, simple solution that labels the common people as criminals without rights.

        This is needlessly cynical. I don't dispute the TLAs love mass surveillance. But there is a legitimate concern where law enforcement can justify and obtain a legal warrant for someone's electronic records/communications but not have any way to actually legally act on the warrant.

        Ie... if they have your encrypted laptop AND a warrant they ARE allowed to break into it, but they can't. This is a legitimate issue.

        "Rubber hose decryption" is not legal, nor should it ever be.

        In a sense, encrypted data is like the

        • by Agripa ( 139780 )

          If law enforcement and national security had not been unconstitutionally seizing and searching everything they could call third party data then there would not be a push for ubiquitous encryption. There was a group at the NSA who pointed out that this would happen damaging their ability to do lawful intercepts if they were caught. Since they were willing to lie about what was going on and break the law before, why would we trust any government only backdoor scheme or what they say now?

          It does not matter h

    • by vux984 ( 928602 )

      No the car analogy isn't valid, because the police do have access to everyone's cars and homes. They get a warrant. They bring a crowbar. Done.

      That's the issue with encryption, they can get a warrant giving them the legal right to get in. But there is no crowbar.

      I'm not in favor of this, but we do need to understand it is a somewhat unique situation. Strongly encrypted data is not like other property.

  • by Anonymous Coward on Tuesday April 28, 2015 @05:34PM (#49573187)

    They can read your RAM
    Intel Active Management Technology
    (aka vpro, aka vt)

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      And 3G to continually update the microcode that scans memory for known password signatures.....

      http://www.infowars.com/91497/

  • doesn't matter anyway. never done 'backdoor'. likely, never will.
    • by Anonymous Coward

      i tried it but it made my phone stinky

  • invalid premise (Score:1, Redundant)

    by chill ( 34294 )

    Two words: key escrow. Google "secret sharing" for interesting details and concepts.

  • Just make encryption that isn't ridiculously easy to crack illegal, or subject to severe regulation and taxation. Get an expert devoid of care for privacy (say, Dorothy Denning) to endorse the law on the Sunday Morning talk shows. Cast anyone who cares about secure encryption as a bitter and deranged malcontent. Tell people it's for the Common Good.

    Problem solved.

  • by BitterOak ( 537666 ) on Tuesday April 28, 2015 @05:59PM (#49573317)
    I just read the entire article and the author forgot one other solution: the British solution Instead of putting the burden on app developers to include backdoors, or on Google to block apps that don't, put the burden on end users to turn over their keys to police when asked. I'm not saying I like this solution, but it is a solution the author of the article didn't consider. If you make the sentence for non-cooperation long enough, it doesn't really matter if the police find what they're looking for: they can just lock you up for not handing over the keys.
    • by pushing-robot ( 1037830 ) on Tuesday April 28, 2015 @06:09PM (#49573385)

      They could do that, but it wouldn't be a backdoor.

    • by Nonesuch ( 90847 ) on Tuesday April 28, 2015 @06:15PM (#49573415) Homepage Journal

      I just read the entire article and the author forgot one other solution: the British solution Instead of putting the burden on app developers to include backdoors, or on Google to block apps that don't, put the burden on end users to turn over their keys to police when asked. I'm not saying I like this solution, but it is a solution the author of the article didn't consider. If you make the sentence for non-cooperation long enough, it doesn't really matter if the police find what they're looking for: they can just lock you up for not handing over the keys.

      In the USA, this would likely require a constitutional amendment, it is widely held that the Fifth Amendment "Right Against Self-Incrimination" protects the right not to divulge an encryption key. [upenn.edu]

      • Simple enough - just require that all phones in the US use a fingerprint scanner for unlocking. The courts seem to be ruling that police can require you provide your fingerprint for phone access.

        Which, by the way, is a good reason to restart your iPhone the moment you think you just might get some unwanted attention from the constabulary.

        • "I'm sorry Officer, my fingerprint scanner doesn't work...my wife got fingernail polish remover on it and melted it a bit" or whatever excuse you want to use after purposely disabling / ruining that hardware. Problem solved!
      • by dcollins117 ( 1267462 ) on Tuesday April 28, 2015 @07:53PM (#49573835)

        In the USA, this would likely require a constitutional amendment...

        ... and a government that recognizes constitutional authority and the limits it places on government actions. First things, first.

      • by BitterOak ( 537666 ) on Tuesday April 28, 2015 @08:04PM (#49573891)

        If you had read the article you link to (and I just did) you'd see that it does not conclude the same thing you do. Instead the article points out that it is far from a settled question on whether or not a defendant or suspect can be compelled to decrypt files. The Supreme Court has yet to deal with that issue directly, and the Circuit Courts of Appeal that have considered the issue have adopted a standard in which the government must first show they know the location and existence of encrypted data. If they've seized a suspect's phone, they certainly can know these two things, so the Fifth Amendment, under that analysis, would offer no real protection.

        • > and existence of encrypted data

          I don't think it's possible to reliably show that encrypted data certainly exists. I also do not think it is always possible to prove that someone has the capability of decrypting data --- Bruce Schneier has proposed a scenario for people crossing borders where a long random key is used which is sent to the destination ahead of time so that any request for a decryption key could be truthfully answered with "I don't have the key". Assuming the trusted third party has been

    • Only they can't do that.

      Here on the other (this) side of the pond, we have constitutional protections from self-incrimination. Which means that we can't be compelled to reveal something that we choose not to. And if it happens, the evidence acquired by such means can (and likely would) be thrown out in court.

      Now, these protections don't extend to stupidity, so the cops usually get what they want anyway. Which is all the more reason why circumvention of strong encryption and mass surveillance largely is unju

      • by Anonymous Coward

        Only they can't do that.

        Here on the other (this) side of the pond, we have constitutional protections from self-incrimination. Which means that we can't be compelled to reveal something that we choose not to. And if it happens, the evidence acquired by such means can (and likely would) be thrown out in court.

        Now, these protections don't extend to stupidity, so the cops usually get what they want anyway. Which is all the more reason why circumvention of strong encryption and mass surveillance largely is unjustified and should be fought against tooth and nail. It has no bearing on successfully catching real criminals, but it certainly will pick up undesired thinking.

        Yet, you can be compelled to open a safe, a safety deposit box, produce your company's books.. the list is endless. Currently, it depends on which circuit court you are in as to whether or not you will be in contempt of court for not producing your encryption keys. It should be noted that contempt of court has no minimum nor maximum time associated with it. it is usually "you are in contempt of court until such time as you produce ". So the question becomes which gets you more time in jail contempt or

    • Surprised nobody posted this [xkcd.com] yet.
    • You are assuming the goal is to gather evidence for a police investigation. For that purpose your suggestion works. However if you assume the goal is to spy on everyone all the time, then your suggestion won't work.
  • Since When... (Score:5, Insightful)

    by Stormy Dragon ( 800799 ) on Tuesday April 28, 2015 @06:05PM (#49573363)

    ...has the fact a program simply won't work deterred the Government from attempting it anyways?

  • Encrypt More (Score:5, Insightful)

    by duke_cheetah2003 ( 862933 ) on Tuesday April 28, 2015 @06:45PM (#49573579) Homepage

    Seems to me, everytime they talk about this kind of thing, it does exactly what I want. Raise crypto awareness. Keep trying guberment. The more you preach for backdoors, the more people you make aware of the usefulness of crypto. Streisand effect anyone?

  • to make ... apps just slightly more difficult ... and just slightly less worthwhile ... the government would have to go to extraordinary lengths.

    Ahh, well there's your problem: you expect resource restrictions and common sense from government.

    "the government would have to go to extraordinary lengths" Really!?! When has that ever stopped them from doing anything?

  • Examine carefully the 'Trusted Computing' hardware and software components for new computers. Governmental agencies already have access to not only the escrowed keys, but to the master keys used to revoke and authorize other new keys. For personal security, it's quite troubling.

  • by iamacat ( 583406 ) on Tuesday April 28, 2015 @11:26PM (#49574571)

    Lots have been caught with plaintext browser history on their hard drives listing Google queries like "how to dispose of a body". That despite tools to clear or not record such history are easily available. To such end, having a half hearted, optional key escrow may do a lot of good. Let smartphones be encrypted by default, with a copy of the key encrypted with a public key of a cloud company that has an excellent security record. Then if someone forgets their password, and shows up at Apple or Verizon store with a valid ID, they can have their vacation photos back. So can law enforcement if they produce a valid and narrow scope search warrant.

    At the same time, people can install custom ROMs that support encryption that is potentially impractical to crack. That's important for many reasons including personal freedom and keeping country's technological edge by encouraging people to develop and understand software. Whistleblowers will get to keep their privacy, and so will a few criminal masterminds. But chances are, the later will have dumb associates who will set their password to 12345. I think a bet that smart people are generally also well intentioned is a good one for our society to make. In the meantime, we don't have to make life of the next Scott Peterson too easy.

    • > make life of the next Scott Peterson too easy

      Had never heard of him, and after searching I discovered that he is on death row, even though there was no "hard" evidence that he murdered his wife. Could you explain, then, how he is a good example to use to justify weakening encryption for all of society? His case would seem to be exactly the opposite --- a good example how, even if encryption of all our devices were impregnable, most criminals are stupid and it wouldn't help them anyway (hey, that's even

  • The neighbor has a camera, hack into his internet and lets see it.

    First, you need his IP address, then is his router even port mapped to his camera to allow internet viewing and what port, what brand is his brand and model is the camera so you can get the right viewing software and what about the username and password he likely has to access the cameras ? Or does a CSI team have universal backdoor access to all devices.

    Give me 5 seconds....Ok Im in, Im pulling up lastnight's video now....

If you have a procedure with 10 parameters, you probably missed some.

Working...