Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why Crypto Backdoors Wouldn't Work

Posted by Soulskill on from the because-math dept.

An anonymous reader writes: Your devices should come with a government backdoor. That's according to the heads of the FBI, NSA, and DHS. There are many objections, especially that backdoors add massive security risks.

Would backdoors even be effective, though? In a new writeup, a prominent Stanford security researcher argues that crypto backdoors "will not work." Walking step-by-step through a hypothetical backdoored Android, he argues that "in order to make secure apps just slightly more difficult for criminals to obtain, and just slightly less worthwhile for developers, the government would have to go to extraordinary lengths. In an arms race between cryptographic backdoors and secure apps, the United States would inevitably lose."

23 of 105 comments (clear)

  1. The 90s all over again... by Austerity+Empowers · · Score: 5, Insightful

    I seem to recall that we went through this in the mid to late 90s, where the government insisted any use of strong cryptography should as a matter of law, have a backdoor for the government. Then suddenly they dropped it, and all of us paying attention knew they got their way by some other means. Now post-Snowden, I guess we know what that was, and they're back to beating this horse all over again.

    The answer should be no, with absolutely no further discussion.

    1. Re:The 90s all over again... by StikyPad · · Score: 4, Interesting

      They didn't get their way through other means really. Mass surveillance doesn't trump encryption -- on the contrary, encryption is the only protection against mass surveillance. I think it was more that encryption just wasn't used for most communications, so they realized it was a moot point. Now that companies are shifting toward end-to-end encryption, it's becoming relevant again.

      --
      https://www.eff.org/https-everywhere
  2. They can read your RAM by Anonymous Coward · · Score: 4, Interesting

    They can read your RAM
    Intel Active Management Technology
    (aka vpro, aka vt)

    1. Re:They can read your RAM by Anonymous Coward · · Score: 3, Interesting

      And 3G to continually update the microcode that scans memory for known password signatures.....

      http://www.infowars.com/91497/

  3. Snowden took out the phone batteries by Anonymous Coward · · Score: 5, Insightful

    Snowden insisted the journalists remove the battery from their phones and put the phones in the fridge.

    That pretty much tells you how useful 'encryption' on Android would be against back doors. None, if you can't protect your speech near the phone you can't protect the password.

  4. It's about more than that by monkeyzoo · · Score: 5, Informative

    Reading the article, it's very intersting. His argument is that you CAN'T backdoor a platform. Summarizing:
    1) Say Android rolls over and backdoors the encrypted filesystem.
    2) 3rd party apps can use the cryptography library, so Google would also have to backdoor that.
    3) Then apps could use a 3rd party crypto library, so gov't would have to compel google to monitor for at least respond to takedown requests for strong crypto 3rd party apps.
    4) But apps can easily download and incorporate new code, so Google would have to audit running apps with static and dynamic analysis.
    5) Even then, people could use other app stores or sideloads, so Google would have to have an app kill switch option. This would be HUGE INTRUSION and delete apps from people's phones (even innocent people).
    6) But how to identify apps? Sideloaded apps could generate a new appID with each download, so Google would have to scan for app characteristics (think antivirus software here).
    7) Even if the above worked, browser-based apps could be built that use secure data stores or end-to-end messaging. This would mean the gov't would have to block these web apps, i.e., Internet censorship.

    It's just not technically feasible if there is any respect for liberty, not to mention the significant technical challenges involved.

    1. Re:It's about more than that by Helix_Sky · · Score: 4, Interesting

      I want to start by saying that I'm against these measures but while all that is true, it only gets that bad if you try to enforce 100% compliance. Simply making cryptographic systems without backdoors illegal would have a large deterrent effect. It'd be the equivalent of the fact that locks on your doors don't provide 100% security because windows are so easily broken, but we still lock our doors.

      First off making non-breakable crypto illegal would prevent such crypto from being used in traditional commercial products. Second, the government wouldn't have to attack the problem from the front like the article suggested. They could use their NSA spying capability (once gain no a big fan) to look for unauthorized encrypted communications. They already take special note of encrypted data use, and with it being made illegal they could directly legally target the users of such tech. The chilling effect of such a large scale NSA backed takedown would be huge.
       

    2. Re:It's about more than that by monkeyzoo · · Score: 4, Insightful

      Making strong crypto illegal would only affect those in the US's jurisdiction. It would not affect the most desirable targets (outside US jurisdiction) and would have a chilling effect on demand for US technology products.

    3. Re: It's about more than that by chromeronin799 · · Score: 5, Insightful

      And the even simpler argument. I'm not a U.S. Citizen. Why would I be happy the U.S. Has the ability to backdoor my app?

    4. Re:It's about more than that by myowntrueself · · Score: 4, Insightful

      Making strong crypto illegal would only affect those in the US's jurisdiction. It would not affect the most desirable targets (outside US jurisdiction) and would have a chilling effect on demand for US technology products.

      Theres already a chilling effect on demand for US technology products.

      I'd like to see a company in a privacy-respecting nation such as Netherlands to release some decent network hardware...

      --
      In the free world the media isn't government run; the government is media run.
    5. Re:It's about more than that by fustakrakich · · Score: 5, Insightful

      It's just not technically feasible if there is any respect for liberty...

      *Ah, there's the rub, isn't it?*

      --
      “He’s not deformed, he’s just drunk!”
    6. Re:It's about more than that by ShanghaiBill · · Score: 3, Insightful

      8) People will only buy tech made outside of America, costing America jobs and draining away expertise.

    7. Re:It's about more than that by Anonymous Coward · · Score: 3, Insightful

      3) Then apps could use a 3rd party crypto library, so gov't would have to compel google to monitor for at least respond to takedown requests for strong crypto 3rd party apps ...

      And this is where you get off track. The whole point is to backdoor enough of the system that there's a means to collect 90% of the information from 99% of people. There is no presumption for a "technically feasible" way to collect 100% of the necessary information from 100% of the people. If there were--and presuming we had a just system in place to use the information--, then we'd have a way to catch all criminals who planned terrorist attacks, or really anything, with an Android phone. Instead, at best the hope is to get large bits and pieces that narrow down the list of who to monitor and monitor as best as one can in as many ways as one can (since not everything is done with smart phones, anyways).

      Honestly, the whole point is precisely that pervasive surveillance is key. It's not that any sort of surveillance must be 100% effective. Because that's a useless definition of the word "work".

    8. Re:It's about more than that by johanw · · Score: 3, Informative

      " a privacy-respecting nation such as Netherlands"

      Ouch... You don't live in The Netherlands, do you? We have, like most western countries, our share of privacy attacks from the government. Mostly to satisfy the tax service, like storing all license plates of cars who drive on the highways or park in a private parking garage (to catch drivers of a leasecar who claim they use it only for business and don't pay the extra income tax). And there is discussion about forcing people to give up their encryption keys if the police wants them, ignoring laws that you have the right to remain silent (except when...).

  5. The author forgot one other option. by BitterOak · · Score: 4, Interesting

    I just read the entire article and the author forgot one other solution: the British solution Instead of putting the burden on app developers to include backdoors, or on Google to block apps that don't, put the burden on end users to turn over their keys to police when asked. I'm not saying I like this solution, but it is a solution the author of the article didn't consider. If you make the sentence for non-cooperation long enough, it doesn't really matter if the police find what they're looking for: they can just lock you up for not handing over the keys.

    --
    If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
    1. Re:The author forgot one other option. by pushing-robot · · Score: 3, Informative

      They could do that, but it wouldn't be a backdoor.

      --
      How can I believe you when you tell me what I don't want to hear?
    2. Re:The author forgot one other option. by Nonesuch · · Score: 3, Informative

      I just read the entire article and the author forgot one other solution: the British solution Instead of putting the burden on app developers to include backdoors, or on Google to block apps that don't, put the burden on end users to turn over their keys to police when asked. I'm not saying I like this solution, but it is a solution the author of the article didn't consider. If you make the sentence for non-cooperation long enough, it doesn't really matter if the police find what they're looking for: they can just lock you up for not handing over the keys.

      In the USA, this would likely require a constitutional amendment, it is widely held that the Fifth Amendment "Right Against Self-Incrimination" protects the right not to divulge an encryption key.

      --

      I do not deploy Linux. Ever.
    3. Re:The author forgot one other option. by dcollins117 · · Score: 3, Informative

      In the USA, this would likely require a constitutional amendment...

      ... and a government that recognizes constitutional authority and the limits it places on government actions. First things, first.

    4. Re:The author forgot one other option. by BitterOak · · Score: 4, Informative

      In the USA, this would likely require a constitutional amendment, it is widely held that the Fifth Amendment "Right Against Self-Incrimination" protects the right not to divulge an encryption key.

      If you had read the article you link to (and I just did) you'd see that it does not conclude the same thing you do. Instead the article points out that it is far from a settled question on whether or not a defendant or suspect can be compelled to decrypt files. The Supreme Court has yet to deal with that issue directly, and the Circuit Courts of Appeal that have considered the issue have adopted a standard in which the government must first show they know the location and existence of encrypted data. If they've seized a suspect's phone, they certainly can know these two things, so the Fifth Amendment, under that analysis, would offer no real protection.

      --
      If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
  6. Re:Car analogy by Anonymous Coward · · Score: 3, Insightful

    ... have access to everyone's cars?

    Police and government have promoted remote-controlled kill switches on cars for the last 20 years. Although it exists via General Motors OnStar, it's not practical. That will change with vehicle-assisted driving and driver-less cars.

    ... give the government access to our homes?

    The government already has access via hand-held battering rams and 14 tonne, wheeled wrecking-balls (AKA assault vehicles). Big money and brute force doesn't work on encryption, unless they turn it into rubber-hose decryption (Oblig. XKCD). But the three-letter agencies can't do that 200 times a day, so they want a cheap, simple solution that labels the common people as criminals without rights.

  7. Since When... by Stormy+Dragon · · Score: 4, Insightful

    ...has the fact a program simply won't work deterred the Government from attempting it anyways?

  8. Encrypt More by duke_cheetah2003 · · Score: 4, Insightful

    Seems to me, everytime they talk about this kind of thing, it does exactly what I want. Raise crypto awareness. Keep trying guberment. The more you preach for backdoors, the more people you make aware of the usefulness of crypto. Streisand effect anyone?

  9. Re:Car analogy by Jason+Levine · · Score: 4, Insightful

    But warrants are [whining voice]SOOOO HAAARD. You have to show probable cause and all that stuff. It's too much work.[/whining voice]

    Plus, [overly paranoid voice]in the time it takes to get a warrant, a criminal could enact another 9-11 or could destroy the evidence that they were planning that.[/overly paranoid voice].

    Those are the reasons why law enforcement needs access to stuff without a warrant. The whiny, paranoid reasons why.

    --
    My sci-fi novel, Ghost Thief, is now available from Amazon.com.