Intelligence and Law Enforcement: Back Doors and Golden Keys in Cryptography

This past week, we’ve had some very engaging and interesting discussions about the desire for, reasons against, and possibility of having back doors or golden keys in cryptography (a back door is way of subverting an encryption algorithm and a golden key is a theoretical key that would allow the holder to break any of the specified encrypted data). I’ll start this blog post by first setting up the context of the discussion as well as defining some key terms. First, the context of this discussion comes following the “Crypto Wars” of the 1990s [read here] in which parts of the US government were wrestling with private companies and individuals about the use of strong cryptography, which was at the time considered a firearm that one could not legally export (a bizarre law that lead to much confusion and difficulty given that other countries already had strong cryptography and the enforceability was also difficult and the punishment harsh). In summary, one side argued for some sort of ability for the government to have unbridled access to people’s encrypted data as they do with phones and wire taps. The other argued that this was either impossible or simply unethical. Regardless, the governments attempt to push a solution with the Clipper Chip using key escrow technology ultimately failed and ended the argument, with cryptography allowed for public use. Fast forward about 20 years and we get to the case with Apple and the FBI [read here], a privacy case in which Apple refused to provide a way for the FBI to break into all iPhones. Why did Apple do this? Was it just out of spite, to protect company image? Should authorities be given exceptional access? Is this even possible? I¬†will focus on these final two questions and argue that any sort of exceptional access explicitly given to authorities would pose a problem with regards to the core idea of a global internet for the following two reasons.

1. First, there simply is no way to create a golden key, or any sort of intentional access to breaking cryptography without opening up potential security flaws or holes that someone else may be able to access (an adversary, say). If this is the case, then it seems that the idea of a exceptional access undermines the very same goals or reasons for having in the first place, namely for the higher level idea of increased security and safety; that is, the initial goal of safety wouldn’t necessarily be solved by exceptional access as new safety threats (or maybe just privacy threats?) could come into play as other players work to exploit the security hole.

2. The social idea of which governments will get access to this hypothetical golden key will inevitably affect global internet activity and commerce in ways that can’t even be immediately understood. If there is general knowledge that certain governments have the ability to break certain cryptographic schemes that underlie certain parts of the internet, it may change some people’s behaviors, especially those abroad who may not want a foreign government to have so much oversight over what they are doing on the internet.

Ultimately, it seems that the debate on cryptography will depend not so much on providing a technical solution, but on the political, human engineering part depending on what the goals of each party are.

Leave a Comment

Log in