Tuesday, August 9, 2011

Encryption and the FBI

In a similar vein to my last post, another futile endeavor I hear about is the FBI wanting to enforce encryption backdoors in software.

Basically the idea is that the FBI has trouble catching bad guys because they use state-of-the-art encryption to mask their communications, to secure their hard drives, and generally hide their nefarious schemes. Therefore, the FBI wants service providers (like Skype, Dropbox, and everyone else) to maintain the ability to decrypt data or communications if served a subpoena.

At first blush this seems like a sensible idea. But unfortunately it has three major problems:

Problem #1
Bad guys already have access to state-of-the-art, (essentially) uncrackable encryption. The cat is already out of the bag. Free, open-source solutions for asymmetric (public key) and symmetric encryption have been available for years. The algorithms are well known. Tools already exist.

Bad guys can already share their secrets. And if they merely encrypt their data first, they can take advantage of services and systems regardless of whether they have backdoors. For example, if a hacker puts an encrypted file on Dropbox, the FBI can only ask Dropbox to remove its secondary encryption; the original data is still secure.

Problem #2
If the service provider can decrypt information when subpoenaed, that means they can also decrypt information at will. This opens the door to an "inside job" attack. Companies typically have privacy policies stating how they won't do such things, but a disgruntled or malicious employee isn't going to care about company policy.

Problem #3
Adding decryption backdoors adds a burden on service providers. In many cases, existing technologies have to be radically re-architected. Additionally, it forces the provider to assume the position of a "middle man", watching communications (and using up bandwidth) to allow secret decryption for traffic which would otherwise be sent point-to-point.

There are those who say that problem #1 is irrelevant, because at least we'd be able to catch the more stupid criminals. The ones who aren't tech savvy enough to secure their data. But I view this as a short-term solution. Because the important technology is already out in the open, all criminals need are for good tools to be created.

Problems #2 and #3 are very real, but many people don't realize that these issues could stunt the development of otherwise useful services. Or in some cases, cause existing services to disappear.

Personally, I don't have secrets to hide. Though I value my privacy, I don't have any sensitive data which I need to secure. But I can understand that there legitimate reasons for people to hide their data. For example, my work has intellectual property which they want to keep safe.

Arguably, we could say that no one has a right to privacy. In the physical world there are many things which cannot be done in private; even something as simple as walking around. So perhaps the digital world shouldn't have the right to those things either.

This post just scratches the surface of this issue. But I see these three major problems at the heart of the matter. I'm sympathetic to the problems the FBI faces. I want them to be able to catch bad guys. But I'm not sure that this is the best way to do it. And I am sure that it's already too late to catch the really scary ones who know how to use encryption.