Earlier this week a number of organizations, companies, and individuals wrote a letter to the President of the United States in which they expressed their worries about the suggestion from US officials that companies should refrain from providing products with strong encryption unless ‘those companies also weaken their security in order to maintain the capability to decrypt their customers’ data at the government’s request’.
Let me be clear: I strongly support this letter.
The arguments made in the letter are not new. Encryption is one of the enablers of the Internet economy that protects users from all sorts of harm. Building in encryption “backdoors” would actually decrease the trust in the Internet and therefore its utility.
Of course, there are also cases in which encryption is put to bad use. The most common examples are use of encryption by terrorists and criminals. The issues that law enforcement face with the application of encryption by the bad actors are not trivial. But I do not think that creating backdoors will eliminate any of those concerns.
One of my theses about the success of the Internet is that the technology on which its been built is highly democratized. The sharing of knowledge and implementation through Open Source and Open Standards brings the agility and innovation that makes the Internet flourish: The Internet technology is based on highly democratized knowledge. Highly democratized knowledge means that the bad actors can also get their hands on technology and wreak havoc.
The same goes for encryption. While it is not easy to build an implementation of an encryption system, the mathematical theory on which encryption is built is public knowledge and there are quite a few open-source reference implementations available of encryption technology. As a result, even if vendors are forced to build backdoors, the bad guys will still be able to use unbreakable encryption. I am pretty sure that any law or regulation that forces a backdoor in a products will not apply to the ransomware that some unfortunate victim may find infecting their computers.
As an engineer, I don’t like building vulnerabilities into systems and that is essentially what a backdoor is. Anyone thinking that those backdoor-vulnerabilities will not be found, no matter how well protected they are, seems to deny the curiosity of smart technologists. Curious technologists, security researchers, hackers, however you want to call them, find vulnerabilities in software on a daily basis. (The logjam vulnerability being the example of the day. Ironically, according to the researchers that weakness is partly a result of earlier attempts to restrict the utility of encryption.) And while a lot of these vulnerabilities are responsibly disclosed, we must assume that curiosity and clue is also bestowed on some of the bad actors. Inserting backdoors is simply a path to leaving us all unprotected.
At the Internet Society we aspire to pervasive implementation of end-to-end encryption. We realize that aspiration comes with a set of difficult technical, economic, and policy questions. Technical questions have to do with the ability to manage traffic, cache content, and implement bona fide security policies. Economic questions have to do with transit costs absent the ability to cache and perhaps around data monetization. Policy question focus on whether law enforcement agencies can do their work versus the security of individuals around the globe. The answers will not be easy, especially since there doesn’t seem to be a choice with encryption; it’s either all or nothing and both choices may lead to lives threatened.
Let me end on a more positive note: Even though encryption technology is highly democratized it is not easy to build and implement. There are numerous pitfalls that can all lead to potential exploits by bad actors. How can you have the highest certainty that you have the most secure implementation for the encryption box you are going to be relying on for e.g. your e-commerce application, or the storage of your customers credit cards?
Open and peer-reviewed standards, designs and implementations provide high assurance that such vulnerabilities do not exist. We support our aspiration for pervasive end-to-end encryption by supporting the CrypTech project. The project sets out to build a trustable piece of hardware that can be used to store keys and perform encryption for all sorts of applications that rely on encryption, e.g. any e-commerce application. I would ask you to visit and support that project. Similarly, efforts to make TLS usage more common and to deploy additional layers of trust through technologies such as the DANE protocol are critical for encryption to be available for all.
We shouldn’t shy away from some difficult challenges but strong encryption will continue to be a reality. I believe that open development, wide deployment, and usage of strong encryption makes the Internet more trustworthy and is critical to realize the opportunities and full potential of the Internet.