A pigeon box, secure transmission circa WWII. Credit: Garrett Coakley, Flickr
In the name of protecting us against terrorists, law enforcement agencies want high tech companies to relinquish their Golden Keys, backdoors to their otherwise unbreakable encryption algorithms. It sounds like a reasonable request…until you look more closely.
Politicians around the globe tell us that for our own protection and security we must grant surveillance agencies a backdoor to today’s unbreakable encryption. While one is tempted to ask, glibly, if these leaders are ignorant, delusional, or dishonest – or all of the above — the question of granting or denying selective access to encrypted communications doesn’t lend itself to glib answers.
First, a look at the mathematical foundation of modern encryption.
Take two 70 digit prime numbers (copied from the University of Tennessee at Martin’s The Prime Pages):
4906275427767802358357703730938087362176142642699093827933107888253709
…and…
4669523849932130508876392554713407521319117239637943224980015676156491
Even the smallest of our personal computers — our phones — can compute the product instantly:
But going the other way — decomposing this product into its prime factors (aka factorization) — is disproportionately difficult. Even a sophisticated program such as Wolfram Alpha gives up after thinking about it for a few seconds:
The difficulty in factorizing the product of two prime numbers is an essential property of cryptography [emphasis and edits mine]:
“In number theory, integer factorization is the decomposition of a composite number into a product of smaller integers. If these integers are further restricted to prime numbers, the process is called prime factorization.
When the numbers are very large, no efficient, non-quantum integer factorization algorithm is known; an effort by several researchers concluded in 2009, factoring a 232-digit number (RSA-768), utilizing hundreds of machines took two years and the researchers estimated that a 1024-bit RSA modulus [cryptographic key] would take about a thousand times as long. However, it has not been proven that no efficient algorithm exists. The presumed difficulty of this problem is at the heart of widely used algorithms in cryptography such as RSA.”
Bottom line: Modern cryptography is unbreakable. And even when computers become incrementally faster and threaten to break the code, we can simply move to longer keys (longer passwords, if you will).
Quantum computing, referred to in passing in the quotation above, offers a breakthrough in computing speed and, thus, in cryptanalysis. The discipline is still in its infancy, but when it finally materializes, won’t the immensely faster quantum computers throw us into the abyss of having to create unmanageably long keys? Fortunately, Quantum Cryptography will bring with it a new form of key encryption, as explained in this Scientific American blog post:
But that’s for the future. Today’s Public-Key Cryptography has become so easy to implement that we now have communications services where the unbreakable encryption takes place inside the user’s device (smartphone, PC). The “public key providers” — Facebook, Google, Apple, etc —have no knowledge of the users’ private keys and, as a result, they have no way to “open” the envelopes that contain the encrypted messages. (On page 38 of Apple’s iOS 9 Security Guide you’ll find a detailed explanation of the encryption mechanisms in the Messages app.)
Faced with unbreakable cryptography, government agencies everywhere clamor for a Golden Key that unlocks a “backdoor” into the messages that are exchanged by Bad People. Good Citizens understand the need; they urge their representatives to support the Golden Key laws. Problem solved.
No.
First, math is universal, so is the Internet, and so is Open Source. Try googling “open source encryption”: You’ll get thousands of results, from academic papers to fully formed encryption tools. Anyone with a command of Linux can use or customize these unbreakable encryption tools.
(The availability of source code guarantees more than customization, it also helps detect surreptitious attempts to weaken the algorithms. This is no conspiracy theory, in 2013, the NSA was found to have provided a $10M subsidy in exchange for weakening the encryption of an RSA product.)
The result is that the really determined bad guys can still avail themselves of encryption for which governments have no backdoors.
Second, the bad guys can also use steganography [edits and emphasis mine]:
“Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video.
[…]
The advantage of steganography over cryptography alone is that the secret message does not attract attention to itself […]. Plainly visible encrypted messages—no matter how unbreakable—arouse interest, and may in themselves be incriminating in countries where encryption is illegal.”
Once you see the idea, you see ways to apply it. During World War II, German Professor Zapp gave his name to the technique of photographically reducing messages to microscopic dots inserted as punctuation marks in innocuous-looking correspondence. Today, the binary text of an encrypted message is blended into a picture or a music file. A few kilobits of “noise” added to a 10 megabyte image is essentially undetectable…and how would you even know where to look in the unimaginably large jungles of pictures and videos uploaded everyday, everywhere, by everyone?
Third, Golden Keys are vulnerable. They’ll have to be shared between a number of agencies — meaning people — who need to access suspect communications. Even assuming “acceptable” diligence by their keepers, the keys can still be stolen by determined hackers working for other governments, terrorist organizations, or even domestic corporations who want a leg up on the competition. If banks and other financial organizations are forced to abandon unbreakable encryption, motivated criminals will go to great lengths to steal a Golden Key.
When, as is the case today, organizations use encryption technology for which there is no backdoor, we have safety. Once Golden Keys are forged (unintended pun, I promise), some will fall into the wrong hands. There’s no need to be sarcastic about possible government ineptitude or carelessness in large organizations: Experience shows us that backdoors get broken, especially when the payoff is large enough in financial or strategic terms.
Fourth, the good guys can turn. I won’t dwell too much on this because these are unpleasant thoughts, but… Today, my milquetoast opinions, behaviors, and associations are considered innocuous; a change of political wind and I could become an Enemy Of The State or, at least, suspect. My communications, all opened with the Golden Key, are mercilessly parsed by the Thought Police. The idea predates George Orwell; Cardinal de Richelieu (allegedly) put it in the starkest of terms:
“If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.”
Damned If You Do, Damned If You Don’t seems to be our lot. Unbreakable encryption lets the Bad Guys converse securely, but Golden Keys are susceptible to various forms of theft through hacking, negligence, or persuasion.
I prefer really unbroken cryptography, but I don’t envy our elected officials who are caught in the dilemma.
——————–
After last week’s Monday Note written on my brand-new Surface Pro 4, this week’s was just composed on an iPad Pro – and a long-awaited Smart Keyboard. These adventures will be discussed in a future note.
To me a large part of the issue is: accountability. I can understand the theoretical argument that security agencies need access to every communication. I’m not saying I agree with it, just that I can understand it is desirable in theory.
But the theory gets trumped by practice: gov. agencies have a history of misusing their power with impunity, ie flaunting the law as agencies (in spirit always, see waterboarding as ‘”not torture”, Guantanamo…; in letter way too often, see Iran-Contra etc..), and individuals within these agencies taking advantage (rogue cops, LOVINT…). We already know how golden keys will play out: agencies will start by having the right to decrypt comms of suspected terrorists, move on to decrypting everyone’s, focusing on business and political interests; then individuals within those agencies will join in the free-for-all and we’ll find someone sold Apple’s and Google’s golden keys to hackers the same way a cop stole from that drug site and others planted evidence on suspects for decades.
It’s the same reason the police and the firemen don’t have master keys to everyone’s homes and cars really. Thinking of it, I’d rather someone completely ransack my home than completely ransack my data (including bank accounts, a life’s pictures and work…). And at least house keys are physical, a bit harder to duplicate than a string of numbers.
Preach it! The idea that the government can be trusted with “backdoors” is a laughable fantasy. They have a hard time keeping secrets in the first place (see: Snowdon, Cambridge Five, The Rosenbergs). Shortly after a Golden Key is distributed, it will be public knowledge. It isn’t a matter if “if”, it is a matter of “when”.
Security expert Chris Soghoian (son of Apple’s AppleScript guru Sal Soghoian) was recently interviewed on BBC Radio 4, following the massive hack on the TalkTalk network. He explained:
“There is no way to design a communication system that keeps sophisticated hackers out and allows law enforcement in.
“You have to chose either 100% security or 100% surveillance. In an age where data breaches happen every week, where we have scandals of hacking of massive proportions by criminal actors and foreign governments, we need to prioritise security, and if that means that governments cannot monitor individual communications, so be it.”
I agree Jean. It’s often amazing just how ignorant out]r security forces are, and just how ignorant the legislators are as well. One would thing that they have the best, most technically astute advisors, but they don’t.
Most of this seems to be political, both from law enforcement and the government. Do something that people can see as proactive, without actually spending g the money or time to do it properly, and explaining why it’s really so difficult.
In fairness, the security forces/NSA are not pushing for back doors. Their job is to intercept communications not to change laws. The more serious question to ask is if the NSA becomes so ineffective because of good encryption that they can’t effectively conduct the counter terrorism mission and if it’s worth funding at all.
Given what Jean-Louis and others say about this, how do our security officials respond? Do they disregard these arguments or think they are overblown? Do they see catching bad guys as more important than ensuring the security of financial and medical institutions and individuals?
Do they just assure us that they can be trusted and can keep the keys safe?
Also, what other tools do the security guys have to catch the bad guys by monitoring their communications? Is this the only way?
“After last week’s Monday Note written on my brand-new Surface Pro 4, this week’s was just composed on an iPad Pro – and a long-awaited Smart Keyboard. These adventures will be discussed in a future note.”
after 50 years of computers we still talk about typing text into computers. This is plain silly; never ending topic…
Maybe it is time to rethink entire idea and philosophy of “text on computers”, and to finally make it right, like Ted Nelson proposed long time ago… and to stop silly talk about SurfacePro or iPad typing-text-experience.
Just a note that the “quantum cryptography” you mention in this article isn’t strictly related to quantum computing (in the sense of managing entangled qubits.) Quantum cryptography is mature enough that there are commercial implementations available today — for example MagiQ (http://www.magiqtech.com/) has been on the market with their quantum security gateway and key distribution boxes for several years, counting (it would appear) just about the entire US defense establishment amongst their customers. These solutions aren’t without serious drawbacks (cost, complexity, limited range for secure communication) but it’s exciting to see them on the market.
Latest news: The government doesn’t even use publicly available info–social media posts–to track potential jihadis who want to enter the country. For fear of generating bad publicity. This policy led directly to the deaths of all the people in San Bernardino.
Our government is feckless in such issues, and that’s why they cannot be trusted with any Golden Key.
The story has already been retracted.
No posts were public. Might as well ask google to give a report to government
on the applicants internet activity. It would be easier and Google could make a lot of money too.
If you really want to do background check,
Why don’t the immigration officials confiscate their computers of all muslims
entering the US.
Better yet why not give polygraphs, truth serum, water boarding, etc.
It is not magical thinking.
It is how US elites have been dealing with the world for last 40 years.
US officials also said “our internet” and “our banking system”
That is how they can prosecute FIFA when it is not even in this country.
From spying on all communication for 40 years. US companies are in bed with them.
It was curious that Tim Cook put a lawyer in charge of all security matters in Apple.
No one raised a peep.
They want OEM to keep the private key so either the gov. can ask for it or steal it.
Congress will pass laws to that effect or even remotely disable passcode.
All cellphone communications are effectively listening devices. They will want
all apps to do the same.
Intel and AMD are also putting Secure Enclave but no one cried out yet.
Texas soccer mentor who allegedly purchased referee strike,Outlet UKThe principal and head football coach at John Jay High University instructed state officers Thursday they feel assistant Mack Breed instructed players to retaliate from an official inside the closing minutes of the match before this month,Ralph Lauren Australia Outlet,j.or.jp juku-hitokoto ?p=573#comments.John Jay players told their coaches previously while in the game that referees had been directing racial slurs at them.Watts
Suspect arrested in slaying of 9 at South Carolina black churchIt was an act of pure concentrated evil, Charleston mayor said a black neighborhood major lights extinguished in the spray of bullets, allegedly in the fingers of a youthful white male who was welcomed into their Bible study session. And therefore the nine victims with the Emanuel African Methodist Episcopal Church joined the at any time lengthening list of The united states racial casualties.In one blow, the gunman ripped out a part
Ten Reasons to Vote Towards Health-related Cannabis in FloridaSabet director in the drug plan institute at the College of Florida plus a professor on the higher education of drugs there also is among the few experts who’s been outspoken in opposition towards the medical cannabis motion. Initially from California,Ralph Lauren Australia Outlet, he witnessed the effects of legalization there and claims it really is one of the motives he’s so passionately from health-related cannabis. He’s labored w
The Bachelorette Premiere Created Us UnpleasantDumb dumb dumb,,Ralph Lauren Australia.That’s how we are emotion about this nuts twist that sort of undermined your entire explanation The Bachelorette is so excellent. We like seeing the lady hold the power. We usually enjoy The Bachelor,Ugg Outlet, but it is refreshing to watch the lady make each of the selections while a bunch of guys struggle in excess of her. It really is thrilling to us, just like a awful fantasy we’d never truly want to live.
Good results with HI observed a lot of individuals come and go in the gymnasium,Nike Air Jordan Retro, not creating any progress. Often it their diet regime,Ralph Lauren Sale UK, their mental match or perhaps not receiving sufficient relaxation. At times it lack of consistency,Ugg Outlet UK, devotion or intensity. Most often what I see is the fact that a lot of will come in and just experience the motions. There is absolutely no boost of depth, and no signal of urgency to receiving benefits. Let
Sacramento Kings employ the service of George Karl as coachAfter several days of extreme negotiations,Boots UK, George Karl has agreed to get over as Kings head mentor right after this weekend’s NBA All Star break, The Bee has discovered.An formal announcement is expected in the next handful of times. Phrases of the offer weren’t available,Ralph Lauren Australia, although Karl was looking for a 4 calendar year contract in excessive of $4 million per season.An introductory information conference
Teenager Drug Abuse of Cough Medication DXM,Ralph Lauren Sale UKGet StartedSecond OpinionRead expert perspectives on well-liked health topicsCommunitiesConnect with individuals such as you,,Ralph Lauren Sale UK, and get expert assistance on living a healthy lifeInsurance GuideGet all set for changes to your wellness treatment coveragePhysician DirectoryFind a doctor in your neighborhoodDiscomfort CoachTrack your soreness amounts,Nike Air Jordan Retro, triggers, and coverings. Set goals and obtai
Hi to every one, its truly a good for me to pay a quick visit this web site, it consists of important Information.
Slik sett er det greit nok at det gikk som det gikk, sier Andreas Thorkildsen. Også emisjonen i italienske statspapirer var vellykket er et positivt datapunkt, sier Vereide. Hva med Kvitfjell, et av s mest ettertraktede skianlegg med worldcup og tilhørende internasjonal TV dekning hvert år? Kompetansen innen flerkulturalitet må bli større fra grunnskolen og oppover i undervisningssystemet. Og hvis hun opplever en slik respekt, vil hun nok også være lydhør
If you would like to get a great deal from this piece of
writing then you have to apply these strategies to your won web site.
Strukturtapet er mulig å ta ned igjen, i motsetning til glassfiberstrien. Danskens løse heading gikk rett i klypene på keeperen, som fomlet ballen over streken. ] Norge kan ikke løse sine forpliktelser kun gjennom kjøp av kvoter,mbt norge, men vi må også redusere våre utslipp innenlands. – Vi har vært på en lang integreringsreise, mann. Tilsynelatende faller det henne ikke inn at hun selv bidrar sterkt til et hardt og menneskefiendtlig klima med