Analysis Those who cannot remember the past are condemned to repeat it, particularly if forgetfulness promises profit.
Ray Ozzie, former CTO of Microsoft and the designer of Lotus Notes, is old enough to recall the battle over the Clipper chip, an ill-fated NSA-backed effort from 1993 through 1996 to require a US-government-accessible backdoor in telecom devices.
Nonetheless, he has revisited that debate with a key escrow (a.k.a. key surrender) proposal – and a related patent – in which the authorities would hold the encryption keys necessary to access everyone else's encrypted mobile device data.
Crypto-gurus: Which idiots told the FBI that Feds-only backdoors in encryption are possible?READ MORE
Despite the Clipper chip's inglorious end – it was sunk by technical flaws and political pushback – the idea never died. Authorities still want their private backdoor, even though longstanding technical impediments have yet to be resolved.
In recent years, demand for this magical portal has grown as cryptography improvements – prompted by the 2013 Edward Snowden-driven data dump about the scope of NSA spying – have made their way into commercial products and services.
The most widely publicized consequence of the tech industry's rush to encrypt everything was the FBI's brief inability to access a locked iPhone used by Syed Rizwan Farook during a 2015 mass shooting that killed 14 people. The US Justice Department demanded Apple's help unlocking the encrypted device, only to later back off because it was apparently able to gain access with the help of Cellebrite, an Israeli mobile forensics firm.
It turns out the answer to encryption is that imperfect people make imperfect technical systems and those flaws, sooner or later, can be exploited.
In law enforcement circles, later isn't always acceptable and therein lies the problem. FBI director Christopher Wray earlier this year said in 2017, the FBI was unable to access almost 7,800 locked and encrypted devices despite having the legal authority to do so. He called this "an urgent public safety issue for all of us."
Ray of hope
Evidently seduced by the siren song of law enforcement officials lamenting the challenges of cracking today's phones, Ozzie has proposed a scheme to reconcile two seemingly incompatible goals: creating a secure data storage mechanism that can be insecure on demand.
His system sounds a lot like the Clipper chip, because it is: "...Ozzie’s proposal is a straightforward example of key escrow – a proposal that people have been making in various guises for many years," said Matthew Green, a computer science professor and cryptographer at Johns Hopkins University in the US, in a blog post published Thursday.
It also calls for a security chip that effectively bricks the device when activated by law enforcement, to prevent evidence tampering.
Green and a handful of other prominent security experts and cryptographers have weighed in on Ozzie's proposal and found it wanting, though with obvious deference to Ozzie's long history of technical accomplishment.
Green's assessment is that Ozzie's scheme won't work. He notes that Apple has tried to design the sort of secure processor that Ozzie's proposal would require and hasn't managed to do so after five years and considerable resources.
Or as Green put it on Twitter: "When you’re proposing a system that will affect the security of a billion Apple devices, and your proposal says 'assume a lock nobody can break,' you’d better have some plan for building such a lock."
Keys left under the doormat
Green was among the many prominent computer scientists who coauthored a 2015 report on the subject, "Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications."
That report concluded that law enforcement demands for exceptional access will make systems more insecure, imperil innovation, and pose problems for human rights.
Riana Pfefferkorn, a cryptography fellow at the Stanford Center for Internet and Society, made similar arguments.
Columbia University computer science professor Steve Bellovin also took issue with Ozzie's plan. He points out that flaws have already been identified and that the need for international coordination of key access makes the scheme implausible.
Bungling Microsoft singlehandedly proves that golden backdoor keys are a terrible ideaREAD MORE
Robert Graham, CEO of Errata Security, said Ozzie's proposal doesn't bring anything new to the discussion. "He's only solving the part we already know how to solve," he explained in a blog post. "He's deliberately ignoring the stuff we don't know how to solve. We know how to make backdoors, we just don't know how to secure them."
In his own Twitter feed, Ozzie (estimated net worth: $650m) engaged in the debate, and in one instance touched on what's arguably the most important aspect of the controversy: "Is the phone just a locked file cabinet, or is it a core extension of our minds?"
From a legal standpoint, the distinction is important: authorities can demand access to one, but not the other (yet). The Feds can demand what's in a cabinet, but your thoughts in your brain are off limits.
Given what phone data says about our thoughts, our intentions and our activities, it's just not the same as ideas deliberately put to paper. It's a surveillance selfie of the mind.
And if we're obligated to produce that information on demand, we might as well just get rid of the Fifth Amendment protection against self-incrimination. ®