Encryption– Government Nightmare– Quest for Unrestricted Internet Access: Golden Key, Back Door… It’s Insane, Stupid, Dangerous…

Government unrestricted access to all Internet content, communication through the use of encryption ‘by-passes’ is security nightmare… it allows government (and others, by default) to have complete access to all encrypted data, information… and security experts say; it’s just crazy, nuts, insane…

Strong encryption is cornerstone of the modern information economy’s security… Whether you call them– front door, back door, golden key, what ever… introducing intentional vulnerabilities into secure websites will make them less secure… Without encryption Internet traffic might as well be written on postcards.

According to Declan McCullagh; its government attempt to get encryption ‘master keys’ Internet companies use to shield millions of users’ private content and communications from eavesdropping…

encry images5E8X3I2A

Visualize a security ‘by-pass’ as a ‘door key’ under the doormat of  a private residence, which a clever thief can easily access– it’s equivalent to making an encrypted systems with deliberate weaknesses, it’s fundamentally in conflict with basic security principles, and just plain stupid…

Encryption has long terrified government… and so-called ‘crypto-wars’ began in 1970s, when government attempted to classify encryption as munition… in the 1990s, government tried to get industry to adopt the ‘Clipper’ chip– an encryption chip for which government had a back door, also government tried to introduce a ‘key escrow’, a policy that all encryption systems should leave a spare key with a ‘trusted’ third party…

All these ‘by-passes’ don’t make any more sense now, than they did in 1990s? Certainly the threat from terrorism is greater now, and few people would argue that if you are in danger and a police officer turns-up at your door– you let them-in. But, the analogy implies that someone has control over who ‘opens the door’ and of course, in software sense that is impossible… Anyone including criminals can discover the ‘by-pass’ and exploit it… The technology industry tends to have a knee-jerk reaction to attempts from government to interfere in its processes, saying; don’t mess in things that you don’t understand…

In the article Time to End ‘Debate’ on Encryption Back Doors by Kevin Bankston writes: Government is concerned the growing adoption of strong encryption technology will frustrate its ability to conduct investigations… it’s what government calls– ‘going dark’ problem… The gist of government position is: They recognize encryption is important for security and privacy, but it’s also in conflict with government ability to investigate and monitor potential criminal activity… hence, it’s government position that a broad public debate, that considers costs and benefits of widespread encryption, is critical to national security…

But many experts in technology say; this is not a new debate… in 1990s and for many of same reasons the idea of encryption ‘back doors’ was rejected; and now the arguments against ‘back doors’ is even stronger… Furthermore even with proliferation of encryption, government has much more access to data, information than ever before, e.g.; access to cell phone location information about where we are and where we’ve been, metadata about who we communicate with and when, and vast databases of emails and pictures, and more in the ‘cloud’… Hence, we have already had this debate and it’s time to move on…

encry thW5F39432

In the article Encryption, Back Door, Magic Keys, Government Fallacies by crystalattice writes: For those who do not pay attention; certain government agencies are advocating a so-called ‘magic key’ that allows them, when necessary, to ‘by-pass’ encryption and decrypt private data with a special key… Government claims they need this to prevent from ‘going dark’ (i.e., being unable to perform work because they are unable to access sensitive data…). However there is an analogy for those who may be confused as to why encryption ‘back door’ is a bad thing, e.g.; physical door locks use physical keys and just like encryption keys, when you don’t have the correct key then you cannot unlock the door and get access to content…

Also, physical locks have the ability to be keyed with a ‘master key’ and similarly, a ‘magic key’ for encryption has the same function as a master key for a physical lock… Hence, anyone with a magic key can access any encrypted data, content, communications… on a website or digital device whether they are authorized or not… When government has a ‘magic key’, they have the ability to intercept any data or content in a secure website, or transmitted via Internet… and potentially use it for any purpose. This is why it’s so scary…

In the article Rise of New Crypto War by Eric Geller writes: A technological ‘back door’ is a secret portal giving someone access to secure content, communications, e.g.; website, smartphone app, computer program… A pure software backdoor can provide direct access to secure systems, such as; Gmail, Facebook, Tweeter…

A more complex form of ‘back door’ access involves the use of special keys to decipher encrypted data, which is usually gathered through conventional interception… Back doors that rely on encryption keys can either involve a master key for all data flowing across a particular site, or keys for individual users that can be plugged into a system for wire-taping…

When a company sets up its system to generate keys for government it holds onto those keys until it’s compelled to produce them; this is a ‘key escrow’… In this configuration, there is no portal for direct access, instead– software code is written to create encryption designed to produce keys for government, or other entities…

Creating encryption keys is a normal part of designing a system with encryption. Users exchange those keys, many times without realizing it, anytime they communicate on a secure platform. But sending keys to ‘trusted stores’ where they remain ready for government use introduces a whole new set of problems…

encry1 images

In the article Government Grapples Clash Between Privacy, Security by Ellen Nakashima, Barton Gellman write: Government is warning that the growing use of encryption could seriously hinder criminal and national security investigations, and are pushing for more use of encryption ‘by-passes’… Whereas many technology companies are pushing back saying there are limits with use of ‘by-passes’ beyond which security becomes seriously compromised.

The debate is highly polarized; with commercial encryption firms and government finding little common ground… and with government  seeing increasing peril as encryption technology is becoming more widespread… and academic and industry experts saying government is asking for the impossible…

It’s common knowledge that any means of encryption ‘by-pass’ is by definition weakness, such that; hackers, criminals, foreign spies… can easily exploit secure websites. According to Lance J. Hoffmann; a central issue in the policy debate is trust… it’s who do you trust with your data… Do you want to default to government? To company? Or, to individual? If you make hybrid, what is the trade-off? According to Donna Dodson;  it’s not possible to design a fully secure system that holds a master key for government but not adversaries without unintentional vulnerabilities…

encry thZ722Y4NC

While government reasoning for creating a back door is sound, opening a door means that the same door is potentially open for others… According to Tina Stewart; far more users are being impacted by business not encrypting data, than they are by the government not having access to encrypted data. While a back door might help identify the run-of-the-mill perpetrator, it’s not going to stop truly dangerous people… In this incredibly risky cyber-security environment usage of encryption is one of smartest moves companies can make…

According to article by Washington Post editorial board; all freedoms come with limits and it seems only proper that the vast freedoms of the Internet should be subject to the same rule of government that we accept for the rest of society… According to Sarah Jeong; the problem noted by many experts is that a ‘by-pass’ to encryption, even if branded ‘back door’ or ‘golden key’ is by definition a vulnerability…

Building in ‘back doors’ threatens the integrity of consumer content and communications, and makes them vulnerable to criminals and hostile foreign governments alike… According to Bill Budington, Andrew Crocker; some suggest that there must be ‘balance’ between user security and public safety; but the basic principles of what makes encryption secure suggests that the only ‘balance’ that can satisfy government goals is ‘no balance’ at all…

encry2 images

The proponents of ‘balanced’ solution to so-called government ‘going dark problem’ suggest that the geniuses in Silicon Valley should ‘figure out’ the balance… However, the problem is the proponents don’t listen to so-called geniuses… In fact, pushing back on other side of this debate is a unified coalition of technologists, mega technology firms, privacy advocates, Silicon Valley geniuses… with a remarkably consistent message; weakening encryption is a terrible idea…

According to Information Technology Industry Council, a tech trade association of the 62 largest global technology firms; encryption is a security tool, which is relied on everyday to preserve security, safety; the notion of weakening security with the aim of advancing security simply does not make sense…