After a spectacular election win for the Conservative Party, there is now concern that UK authorities will tamper with encryption. Back in January, on a visit to the US, David Cameron indicated his strong desire for intelligence agencies such as GCHQ, to have the capability to eavesdrop on encrypted communications.
Some have advocated for authorities gaining an encryption backdoor. In software engineering terms, backdoor generally refers to the concept where the software developer deliberately writes into the code a secret method for bypassing protection to provide access to the data. Backdoors are frowned upon in production code due to the maxim that there is no security through obscurity i.e. an unauthorised person will eventually discover the backdoor.
Although UK authorities have not yet specified exactly how they wish to attain access to encrypted data, the focus is not on traditional code backdoors, but on the concept of key escrow. This involves the storage of the key to decrypt the data with an independent party, or segments of the key with separate neutral parties. Intelligence agencies wishing to decrypt a communication would need to obtain the key from these parties, after going through due process such as a court order.
The concept of key escrow is not new, however it was not designed for implementation on a mass scale for this purpose. There are several major downsides.
Firstly, key escrow on a mass scale is not without risk. It introduces new points of failure. Vulnerabilities will be exploited by unauthorised parties. The widespread introduction of mass key escrow to allow intelligence agencies to eavesdrop on encrypted communication would immediately become the focus of intense attack from every major criminal network and state-sponsored attacker around the world. It is inevitable that exploits would emerge, thus weakening communications and putting everyone at risk.
Key escrow was at the heart of the Clipper Chip technology designed by the NSA in the early 1990s. Serious vulnerabilities in this technology led to it’s demise after only three years.
Another drawback of a key escrow system is the relative ease with which it could be circumvented. The bad guys would easily find a way around it to keep their communications confidential. Encryption technology is open source and freely available for download by anyone anywhere in the world. If key escrow is legislated in one country, it is relatively simple for the bad guys to download and subsequently modify an encryption method in order to thwart intelligence agency eavesdropping. A terrorist organisation could grow-their-own encryption methodology for use within their own application. Authorities would then need to ban all encryption methods that do not place their keys in escrow – technically, a monumental task for enforcement.
Even if authorities successfully managed to ban encryption within the country borders, methods are still available for the bad guys to securely communicate. The online world does not lend itself to respecting country borders very well. For example, a foreign terrorist head office wishing to communicate confidentially with a local cell could place an encrypted message on a web page, and then communicate the key and the url through stenography by for example concealing the data within a Facebook photo. Intelligence agencies would not even know that communication had taken place.
On 12 January this year David Cameron said: “The first duty of any government is to keep our country and our people safe”. Citizens and corporations use encryption for security and privacy – to keep communications and data confidential. By weakening encryption such as through a system of key escrow, citizens and corporations will be less secure rather than more secure.
Brighton-based ind.ie have said they intend relocating out of the UK because of increased government interference in this area. Many information security practitioners are concerned that if governments weaken encryption, other tech, ecommerce and finance companies that rely on strong encryption, could follow.
Strong encryption is based on mathematics. Now that mankind has discovered it’s mathematics, no amount of legislation can un-discover it. As veteran information security expert Steve Gibson summarised: “You cannot kill secure crypto – it now exists”.