Why Governments Lie About Encryption Backdoors

Lauren Weinstein says there are smart people in government, "who fully understand the technical realities of modern strong encryption systems and how backdoors would catastrophically weaken them," but asks So why do they continue to argue for these backdoor mechanisms, now more loudly than ever? The answer appears to be that they're lying to us. Or if lying seems like too strong a word, we could alternatively say they're being 'incredibly disingenuous' in their arguments. You don't need to be a computer scientist to follow the logic of how we reach this unfortunate and frankly disheartening determination regarding governments' invocation of terrorism as an excuse for demanding crypto backdoors for authorities' use.

Re:How does it work

Because encryption is usually a bit more complex then just that. A common system is to encrypt the data with a a strong symmetric cipher, using a single-use key key generated on the fly, then encrypt a copy of that key with the method of the user's choice, such as a password or asymmetric cipher. This way, you lessen the impact of using a slower or weaker method, as it is encrypting what is hopefully a relatively small and utterly random packet of data. Diffie-Hellman key exchange, NTFS file encryption, and others use this principle.

The 'master key' exploit should be fairly obvious, at this point: Every time the system creates a key package, it creates another copy of the single-use key, encrypted with a hidden 'master key' supplied by whoever ordered the backdoor. This doesn't compromise the integrity of the cipher used on the data, or on the other key packages. The danger lies in the security of the Master Key itself, which must be included in some form in every single instance of the encryption system. Unless the Master Key is made truly unique for every instance - a records-keeping nightmare - then an attacker only needs to break one key to break them all.

Follow The Money

There's another dimension to this story, which gets lost in the critically important discussion regarding privacy, but it's money.

If a government got their way and were able to impose the types of control that is now being argued for, it would require a vast amount of new infrastructure to be developed. For example, there would need to be a key escrow system; there would need to be the means of storing all data being transmitted between citizens, there would need to be vastly more money spent on all of this.

Populations across the Western World have - entirely rightly - reached the point of "No More! Not In My Name!" with respect to on-going armed conflict [another very effective way of shifting vast amounts of money from the public purse to the private pockets [of a few]. A shawdowy, unknown threat that is so pervasive that everything done to counter it must be kept secret is an absolutely perfect scenario for spending vast amounts of money on "something". This "spending" is one of the key elements in western [I guess capitalist] society - the government [at the top] takes money in taxes. It then spends that money buy buying things to stimulate the economy and generate more productivity that in turn raises more taxes...

Maybe - this is just a thought - what we're seeing here is a shift in strategy away from spending government trillions on the munitions side of the military-industrial complex and towards spending it on information technology.

Some will ask: "Well, if this is the purpose, why not invest in science, medicine, technology, space exploration?" Two thoughts: Kennedy tried that and the results were not as successful as some hoped; but also, investment made in a technology and apparatus that *strengthens* the control of government will always be most appealing to the decision-makers. As others have [correctly] pointed out, all of what is being discussed services to weaken the citizen and strengthen the state - not always a good thing. I'm also reminded [and sorry, can't find the reference] of a story reported from the Snowden files. IIRC, there was an email from 2 [Booze Allen] employees, discussing a proposal being put to the NSA. One was saying something to the effect, "Look, even if we can find a way to complete the technical build so that we harvest all this data, there is *no way* anyone is going to sift through it and find something of value!" to which the reply was something to the effect, "Look, it doesn't matter - let them make the decision. Our job is to give them a proposal and, if they take it, sell them whatever they ask for..." Now, if anything like that is even partially representative of what has happened [or is happening] then it may help to explain why governments are so keen to roll out so much more technology... Or is this entirely wrong?