WHY can't Silicon Valley create breakable non-breakable encryption, cry US politicians

Reality doesn't work like that, say crypto-bods


Analysis At last week's RSA security conference, the halls were full of government speakers telling the tech community that it must do the impossible: invent a form of encryption that's strong, but also easy for law enforcement to crack.

Ever since Apple and Google enabled full-device encryption by default on their mobile operating systems, the law enforcement community has been kicking up a stink. The head of the FBI issued dire warnings of children dying if the crypto trend was allowed to continue. The head of the NSA agrees, and so too does the British Prime Minister.

During his RSA keynote last Tuesday, Jeh Johnson, the secretary of Homeland Security, invoked the souls of the 168 people killed in the 1995 Oklahoma City bombing to explain how, while privacy was important, encryption should not be allowed to stymie US law enforcement.

"Our inability to access encrypted information poses public safety challenges. In fact, encryption is making it harder for your government to find criminal activity, and potential terrorist activity," he pontificated.

"We in government know that a solution to this dilemma must take full account of the privacy rights and expectations of the American public, the state of the technology, and the cybersecurity of American businesses. We need your help to find the solution."

He was not alone. Michael Daniel, President Obama's cybersecurity coordinator, told the press that "there is no question that [encryption is] a public safety aspect" but that he – and his boss – had confidence that if anyone can find a system that does both, Silicon Valley can.

Daniel stressed that this must be a balancing act. The government has to weigh the needs of law enforcement and public protection with the desire for privacy. And while Daniel acknowledged the international and business cost dimensions to developing such an encryption system, he seemed convinced that one was possible, although he couldn't cite anyone in the crypto community who would agree with him.

Meanwhile, former Michigan congressman Mike Rogers – an ex-FBI agent who once headed the Senate Intelligence Committee – insisted that there has to be an encryption system that is both strong against everyone and, if a law enforcement official shows up with a court-obtained warrant, can be broken open to reveal the content.

"I don't understand why we can't have both," he complained. "I think we can have both, and we should have it."

Slaying a beautiful hypothesis with an ugly fact

There's just one problem with the government's idea as it stands: it's impossible from a technology, business, and international standpoint. Not a single one of the cryptography and security experts El Reg spoke to at the show could see any way such a system would work.

"It's impossible," Bruce Schneier – the man who literally wrote the book(s) on modern encryption techniques – told The Reg. "I can't create mathematics that works differently in the presence of a particular legal piece of paper. Math just doesn't work that way."

As Schneier has explained many times, strong crypto requires a sound encryption algorithm, correct digital signature handling, a random number generator that can't be fooled, and a working methodology to house all of these and that doesn't allow mistakes. Get one thing wrong and the whole system breaks down.

Another problem is that if a police-friendly encryption system was created, it would be highly unlikely that the police would be the only ones who could unlock it. If hackers – or indeed, nation states – knew there was a backdoor in a given encryption system, then they would immediately devote huge resources to finding a way to exploit it. It's more than likely that one of them would eventually succeed.

Jon Callas, former cofounder of PGP and currently CTO of secure messaging firm Silent Circle, was even more emphatic, telling us that the government's idea of a suitable encryption system was "bollocks." Even if such a system could be created mathematically, he explained, there's still the implementation to consider.

"It's a question of who keeps the second [decryption] key," Callas said. "If a company has it, they become judge, jury, and executioner. Apple doesn’t want to have to have to know the laws of 150 countries and be the one to execute such orders."

There's also the business problem of how such a system would go down with the technology-buying public. The NSA's reputation for trustworthiness isn't particularly high in the wake of the Snowden revelations, and it's highly unlikely that people will knowingly buy encryption that they know can be broken.

Then there's the international aspect. If police in the US can access crypto backdoors to protect national security, Callas pointed out, then what's to stop Chinese or Iranian police from asking for the same powers to crush pro-democracy campaigners or groups agitating for open elections?

Under those circumstances, companies would have little choice but to comply, Callas reasoned – particularly in the case of China. When US tech firms were "politely" asked for access to encryption backdoors, he said, they'd know that if they refused it might have severe repercussions for their Middle Kingdom manufacturing contracts, to say nothing of sales in the region.

There are a lot of things people want the technology community to invent, be they flying cars, uploading human minds for backup, or everlasting physical life. Those might be possible one day, but the government's view of the ideal encryption system is likely to take a lot longer to develop and implement, if it's even feasible at all. ®

Similar topics


Other stories you might like

  • Everything you wanted to know about modern network congestion control but were perhaps too afraid to ask

    In which a little unfairness can be quite beneficial

    Systems Approach It’s hard not to be amazed by the amount of active research on congestion control over the past 30-plus years. From theory to practice, and with more than its fair share of flame wars, the question of how to manage congestion in the network is a technical challenge that resists an optimal solution while offering countless options for incremental improvement.

    This seems like a good time to take stock of where we are, and ask ourselves what might happen next.

    Congestion control is fundamentally an issue of resource allocation — trying to meet the competing demands that applications have for resources (in a network, these are primarily link bandwidth and router buffers), which ultimately reduces to deciding when to say no and to whom. The best framing of the problem I know traces back to a paper [PDF] by Frank Kelly in 1997, when he characterized congestion control as “a distributed algorithm to share network resources among competing sources, where the goal is to choose source rate so as to maximize aggregate source utility subject to capacity constraints.”

    Continue reading
  • How business makes streaming faster and cheaper with CDN and HESP support

    Ensure a high video streaming transmission rate

    Paid Post Here is everything about how the HESP integration helps CDN and the streaming platform by G-Core Labs ensure a high video streaming transmission rate for e-sports and gaming, efficient scalability for e-learning and telemedicine and high quality and minimum latencies for online streams, media and TV broadcasters.

    HESP (High Efficiency Stream Protocol) is a brand new adaptive video streaming protocol. It allows delivery of content with latencies of up to 2 seconds without compromising video quality and broadcasting stability. Unlike comparable solutions, this protocol requires less bandwidth for streaming, which allows businesses to save a lot of money on delivery of content to a large audience.

    Since HESP is based on HTTP, it is suitable for video transmission over CDNs. G-Core Labs was among the world’s first companies to have embedded this protocol in its CDN. With 120 points of presence across 5 continents and over 6,000 peer-to-peer partners, this allows a service provider to deliver videos to millions of viewers, to any devices, anywhere in the world without compromising even 8K video quality. And all this comes at a minimum streaming cost.

    Continue reading
  • Cisco deprecates Microsoft management integrations for UCS servers

    Working on Azure integration – but not there yet

    Cisco has deprecated support for some third-party management integrations for its UCS servers, and emerged unable to play nice with Microsoft's most recent offerings.

    Late last week the server contender slipped out an end-of-life notice [PDF] for integrations with Microsoft System Center's Configuration Manager, Operations Manager, and Virtual Machine Manager. Support for plugins to VMware vCenter Orchestrator and vRealize Orchestrator have also been taken out behind an empty rack with a shotgun.

    The Register inquired about the deprecations, and has good news and bad news.

    Continue reading
  • Protonmail celebrates Swiss court victory exempting it from telco data retention laws

    Doesn't stop local courts' surveillance orders, though

    Encrypted email provider Protonmail has hailed a recent Swiss legal ruling as a "victory for privacy," after winning a lawsuit that sees it exempted from data retention laws in the mountainous realm.

    Referring to a previous ruling that exempted instant messaging services from data capture and storage laws, the Protonmail team said this week: "Together, these two rulings are a victory for privacy in Switzerland as many Swiss companies are now exempted from handing over certain user information in response to Swiss legal orders."

    Switzerland's Federal Administrative Court ruled on October 22 that email providers in Switzerland are not considered telecommunications providers under Swiss law, thereby removing them from the scope of data retention requirements imposed on telcos.

    Continue reading
  • Japan picks AWS and Google for first gov cloud push

    Local players passed over for Digital Agency’s first project

    Japan's Digital Agency has picked Amazon Web Services and Google Cloud for its first big reform push.

    The Agency started operations in September 2021, years after efforts like the UK's Government Digital Service (GDS) or Australia's Digital Transformation Agency (DTA). The body was a signature reform initiated by Prime Minister Yoshihide Suga, who spent his year-long stint in the top job trying to curb Japan's reliance on paper documents, manual processes, and faxes. Japan's many government agencies also operated their websites independently of each other, most with their own design and interface.

    The new Agency therefore has a remit to "cut across all ministries" and "provide services that are driven not toward ministries, agency, laws, or systems, but toward users and to improve user-experience".

    Continue reading
  • Singaporean minister touts internet 'kill switch' that finds kids reading net nasties and cuts 'em off ASAP

    Fancies a real-time crowdsourced content rating scheme too

    A Minister in the Singapore government has suggested the creation of an internet kill switch that would prevent minors from reading questionable material online – perhaps using ratings of content created in real time by crowdsourced contributors.

    "The post-COVID world will bring new challenges globally, including to us in the security arena," said Minister for Defence Dr Ng Eng Hen at a Tuesday ceremony to award the city-state's 2021 Defense Technology Prize.

    "For operations, the SAF (Singapore Armed Force) has to expand its capabilities in the digital domain. Whether for administrative or operational purposes, I think that we will need to leverage technology to the maximum," he declared.

    Continue reading
  • China Telecom booted out of USA as Feds worry it could disrupt or spy on local networks

    FCC urges more action against Huawei and DJI, too

    The US Federal Communications Commission (FCC) has terminated China Telecom's authority to provide communications services in the USA.

    In its announcement of the termination, the government agency explained the decision is necessary because the national security environment has changed in the years since 2002. That was when China Telecom was first allowed to operate in the USA.

    The FCC now believes – partly based on classified advice from national security agencies – that China Telecom can "access, store, disrupt, and/or misroute US communications, which in turn allow them to engage in espionage and other harmful activities against the United States." And because China Telecom is state-controlled, China's government can compel the carrier to act as it sees fit, without judicial review or oversight.

    Continue reading
  • Qualcomm gets news of modest Snapdragons out of the way before next month's big chip launch

    A little more oomph coming for cheaper smartphones

    Budget smartphones these days do OK with 5G though lack performance in other areas, and so Qualcomm has promised some system-on-chips to give these modest devices some more oomph.

    The processors, announced on Tuesday for entry and mid-range 5G smartphones, also clears the deck for big chip announcements Qualcomm is expected to make at its Snapdragon Tech Summit starting at the end of next month.

    The 6nm Snapdragon 695 5G, unveiled this week, is a successor to the 8nm 690 5G used in the OnePlus Nord N10 5G, which is priced under $300, and various other handhelds.

    Continue reading

Biting the hand that feeds IT © 1998–2021