Exceptional Access: How a “Back Door” Could Create Large-Scale Security Threats

On February 16, 2016, Tim Cook, the CEO of Apple, issued a letter to customers in which he declared his opposition to a federal court order requiring the company to help the FBI “unlock” an iPhone used by one of the two gunmen in the San Bernardino, California, mass shooting in December 2015. Although the case was resolved after the FBI found a third party to unlock the iPhone, there remains a larger debate over granting law enforcement exceptional access to private data. While the government’s motivation in pursuing this is understandable, building a “back door” could have effects far beyond unlocking one phone. “In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession,” wrote Mr. Cook.

This raises an important question: Is it possible to build a secure Internet while providing law enforcement access to information deemed necessary? A recent paper by Abelson and colleagues sheds lights on the technical and operational feasibility of the government’s request. The researchers conclude that the proposal is not workable in practice and would cause large-scale threats to data privacy.

The Apple case is not the first time that a law enforcement agency has requested a “back door” to encrypted data on electronic devices. In 1997, the US government proposed transferring possession of keys to decrypt data stored on encryption systems to a trusted third party, who would turn the keys over to law enforcement when needed. The request was eventually abandoned after lengthy debates. Twenty years later, there are once again calls for exceptional access to data by law enforcement agencies. The handling of such a request has become more contentious as the data stored are growing more personal.

The authors examine a hypothetical situation in which the government is granted exceptional access to encrypted data on global messaging applications, such as Signal and WhatsApp. In their opinion, there are three major problems. First, building a back door will undermine technical best practices in data security. These companies, in an effort to safeguard customers’ communication, have deployed forward secrecy — a technical process to generate a unique key with each session a user initiates. With forward secrecy, even if a key was compromised, an attacker would not have access to past information. Providing access demanded by law enforcement would require these companies to build a private key, which could decrypt both past and current messages. If the private key was ever compromised, all communication encrypted in the system would be at risk.

The second critical area of concern is communication integrity. To ensure that a message cannot be modified after it is sent, companies like Apple encrypt all activities initiated on their messaging systems during transit between devices. Even the companies themselves cannot decrypt or scan customers’ communications. However, government surveillance would mean that users’ confidentiality would no longer be guaranteed. If a key ever fell into the wrong hands, criminals and bad actors would be able to alter a message when in transit. Providing this level of access to law enforcement could expose customers to a greater risk of attack.

The final area of concern relates to operational feasibility. Many global players, such as the British government, are demanding exceptional access to online information. This raises a fundamental question: Who should control the key to encryption? The question can be easily answered for cases within a single nation’s jurisdiction. However, what happens when the boundaries are blurred? Would Internet companies headquartered in other countries be required to give exceptional access to a US law enforcement agency? These complex international relationships are significant barriers to exceptional access and must be addressed before any back door system can be implemented.

The computer scientists and security experts in the paper warn that, “such access will open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend.” While there are still ongoing debates over the issue of granting exceptional access to law enforcement, policymakers should evaluate these substantial risks before deciding to move forward with providing backdoor access.

Article Source: Abelson, Harold, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael A. Specter, and Daniel J. Weitzner. “Keys Under Doormats: Mandating Insecurity by Requiring Government Access to All Data and Communications.” Journal of Cybersecurity, 2015.  

Featured Photo: cc/(Macrovector, photo ID: 36141708, from iStock by Getty Images)