My Question To Deputy Attorney General Rod Rosenstein On Encryption Backdoors
from the golden-key-and-databreach dept
Never mind all the other reasons Deputy Attorney General Rod Rosenstein's name has been in the news lately... this post is about his comments at the State of the Net conference in DC on Monday. In particular: his comments on encryption backdoors.
As he and so many other government officials have before, he continued to press for encryption backdoors, as if it were possible to have a backdoor and a functioning encryption system. He allowed that the government would not itself need to have the backdoor key; it could simply be a company holding onto it, he said, as if this qualification would lay all concerns to rest.
But it does not, and so near the end of his talk I asked the question, "What is a company to do if it suffers a data breach and the only thing compromised is the encryption key it was holding onto?"
There were several concerns reflected in this question. One relates to what the poor company is to do. It's bad enough when they experience a data breach and user information is compromised. Not only does a data breach undermine a company's relationship with its users, but, recognizing how serious this problem is, authorities are increasingly developing policy instructing companies on how they are to respond to such a situation, and it can expose the company to significant legal liability if it does not comport with these requirements.
But if an encryption key is taken it is so much more than basic user information, financial details, or even the pool of potentially rich and varied data related to the user's interactions with the company that is at risk. Rather, it is every single bit of information the user has ever depended on the encryption system to secure that stands to be compromised. What is the appropriate response of a company whose data breach has now stripped its users of all the protection they depended on for all this data? How can it even begin to try to mitigate the resulting harm? Just what would government officials, who required the company to keep this backdoor key, now propose it do? Particularly if the government is going to force companies to be in this position of holding onto these keys, these answers are something they are going to need to know if they are going to be able to afford to be in the encryption business at all.
Which leads to the other idea I was hoping the question would capture: that encryption policy and cybersecurity policy are not two distinct subjects. They interrelate. So when government officials worry about what bad actors do, as Rosenstein's comments reflected, it can't lead to the reflexive demand that encryption be weakened simply because, as they reason, bad actors use encryption. Not when the same officials are also worried about bad actors breaching systems, because this sort of weakened encryption so significantly raises the cost of these breaches (as well as potentially makes them easier).
Unfortunately Rosenstein had no good answer. There was lots of equivocation punctuated with the assertion that experts had assured him that it was feasible to create backdoors and keep them safe. Time ran out before anyone could ask the follow-up question of exactly who were these mysterious experts giving him this assurance, especially in light of so many other experts agreeing that such a solution is not possible, but perhaps this answer is something Senator Wyden can find out...
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cybersecurity, encryption backdoors, going dark, responsible encryption, rod rosenstein
Reader Comments
Subscribe: RSS
View by: Time | Thread
Everything's easy when you don't have to do it
I believe I can save time and reading by providing the tl;dr version of the response to such questions posed to those pushing broken encryption:
'Nerd harder.'
[ link to this | view in chronology ]
Re: Everything's easy when you don't have to do it
[ link to this | view in chronology ]
Re: Everything's easy when you don't have to do it
I'm wondering just what it's gonna take to *communicate* with the man who doesn't seem to understand that computers are rapidly becoming very bad at keeping secrets from much of anyone.
[ link to this | view in chronology ]
Re: Re: Everything's easy when you don't have to do it
I'm wondering just what it's gonna take to communicate with the man who doesn't seem to understand that computers are rapidly becoming very bad at keeping secrets from much of anyone.
At this point I suspect that's a lost cause, such that it would take replacing them with someone who isn't willing to throw the public under the bus in order to sate their voyeuristic fetish.
This far into the 'discussion' I no longer give the benefit of the doubt to those pushing broken encryption, such that the default assumption if someone in a major position is pushing for crippled encryption is to assume that they know it's a bad idea and simply do not care.
[ link to this | view in chronology ]
Re: Re: Re: Everything's easy when you don't have to do it
She thought the purpose of encryption was to keep the NSA and FBI out while letting foreign adversaries in. She was surprised when I explained to her that encryption is meant to keep *everyone* out other than the intended recipient(s).
There's still significant ignorance within the government about encryption. Not everyone actually understands the basics.
[ link to this | view in chronology ]
Re: Re: Re: Re: Everything's easy when you don't have to do it
'Major position' is a little lose, but in general I mean someone like say, the head of the FBI, or the Deputy Attorney General. Someone that high up the chain has no excuse when it comes to not knowing what a disaster broken encryption is, especially this late in the game.
[ link to this | view in chronology ]
Re: Re: Everything's easy when you don't have to do it
Rosenstein's Experts
[ link to this | view in chronology ]
Re: Re: Re: Everything's easy when you don't have to do it
[ link to this | view in chronology ]
To answer part of the question
If a company did build a backdoor and kept it on a system that was connected to anything else, it would display a level of incompetence and negligence that should turn 150% of their assets over to their customers without any attorneys involved.
Of course they would need back ups, so I would think they would keep the data on several portable hard drives located in vaults in different locations. Sound proofed vaults that contain nothing else.
Then they would need to write a procedure that would insure the safety of the software with multiple people cross checking each other after having been strip searched, which would take place after the receipt of a court order. Law enforcement could observe through windows, but not enter the room where the data extraction was taking place, and only the extracted data would be turned over to law enforcement. Continuity of evidence is important.
I don't see any of that happening, and I fully expect that if a backdoor was built, it would be handled in exactly the same careless manner with which other data and software has been treated in the past, and likely the present, and probably the future.
[ link to this | view in chronology ]
Re: To answer part of the question
On the plus side, I imagine such a setup would be higher security than the NSA, FBI or DOJ typically employ(given how often they seem to 'misplace' data and/or suffer data breaches).
On the downside, I can all but guarantee that they would find such a process 'unreasonably time-consuming' and would quickly insist that companies move to a quicker, and therefore less secure, system, in which case blaming companies for the inevitable loss of the key would very much be blaming the wrong party.
[ link to this | view in chronology ]
Thought Experiment
[ link to this | view in chronology ]
Re: To answer part of the question
t should be assumed that law enforcement will be trying to do that, as they do not like checks and balances that get in the way of them going fishing whenever, and on whatever device they want to search.
[ link to this | view in chronology ]
Re: Re: To answer part of the question
Getting their hands on a decrypted copy of everything on a device would not prevent them from their fishing.
One thing I have long wondered about is that when a search warrant is issued for some specific targets(s) when searching a device, what prevents them from searching everything anyway? That things are not presented as evidence (within the confines of the warrant) doesn't mean they didn't see everything.
[ link to this | view in chronology ]
Re: To answer part of the question
Most of the technical problems could be worked around. It is possible to build something with enough processes and procedures to prevent a mass breach.
The problem is that people will take short cuts. Consider BP. Massive oil spill along the Alaska Pipeline because BP skimped on required maintenance to save a few dollars. Ditto with the Deepwater Horizon.
Anyone entrusted to access the keys will either not follow protocol to save money, or not follow protocol because they are lazy and don't care. So then at a minimum the government will effectively access any of the keys they want without safeguards.
That's not even considering what a high value target any key storehouse would be.
[ link to this | view in chronology ]
FBI
And people wonder why people don't inherently respect law enforcement.
[ link to this | view in chronology ]
Corruption
[ link to this | view in chronology ]
Re: Corruption
I don't think Americans fully understand how corrupt it is now. But this is the end result when the only thing you trust are "the experts". The first step to taking control is to put a system in place that can be used to believable discredit someone. Sure the idea is to really be a benefit, but it is just a tool, and tools can be use for good or bad.
[ link to this | view in chronology ]
Experts
"We've got top men working on it right now!"
"Who?"
"Top men."
[ link to this | view in chronology ]
Re: Experts
1. That's exactly what these people told him and we need to ensure that these experts are exposed and never work in computer security again,
or
2. These experts told him something along the lines of "yes, it's feasible to create backdoors, or it's feasible to keep the data safe, but not both" and he used selective hearing/speaking to turn it into what he wanted.
or
3. We're reading that sentence wrong, and what he really meant was that experts assured him thatit was feasible to create backdoors and keep the experts safe.
[ link to this | view in chronology ]
Re: Experts
[ link to this | view in chronology ]
The problem with creating a doomsday weapon...
An encryption backdoor is just that: it facilitates the total destruction of security and privacy for everything on the other side of it. There's no fixing it. There's no mitigating it. There's no compensating for it.
Just as we accept that the price of not creating a doomsday weapon is that we might lose a military conflict, we need to accept that the price of not creating encryption backdoors is that we might lose evidence. (Although precious little proof of that has been forthcoming. And such extraordinary claims do require extraordinary proof.)
I think that both of those are acceptable prices to pay in order to preserve the core principles that are the foundation of this Republic. We are not so fearful or weak that we cannot or will not pay them when required.
[ link to this | view in chronology ]
Re: The problem with creating a doomsday weapon...
"We are not so feaful or weak..."
Funny, I'm sure my FBI dossier got a little fatter when I made that very same argument in an email to President Bush, the younger, begging him not to sign USA PATRIOT into law. It appears that I can now claim there are at least two of us willing to water the Tree of Liberty rather than sacrifice our group and individual liberties as citizens on the altar of government expedience in a pretense of enhancing security.
[ link to this | view in chronology ]
Anyone remember?
Combination locks?
The LOCK on your front door?
Flash installed on Every computer device in this world, to control and PASSWORD most of these devices?
For anything created, the KEY has never been the ONLY way to break them..
How about the old hacker movies, based on 1 persons exploits in the computer world??
You can re-program your modem, CMOS, Video controls, ALL of it, IF YOU KNOW HOW..
From Picking the locks on your doors, to Busting it down..THERE IS NO or LITTLE protection to computers and the devices we use.
WHY install a Second DOOR/WAY/FORMAT/PASSWORD in a system that already has Problems?
[ link to this | view in chronology ]
categorical error, semantics, or false paradigm?
That depends on your categorical definition of where encryption security ends and device security/ legitimate authority begins.
Are cryptographers, meant to secure entire devices- including hardware and networks they have no access to? How? This is an unreasonable expectation...and therefor on some level, an unreasonable categorization. You're right of course, that encryption cannot reliably perform it's function in the presence of a backdoor.
There is "ring -3 hardware" installed on nearly every post-2011 device. If this hardware is not considered as part of an encryption systems security- as I pointed out, how can it reasonably be when there is NO ACCESS?- then YES you very much CAN have functioning encryption on a backdoored device. It's categorical error to state otherwise, and a severe misunderstanding of the scope of a cryptographers ability/responsibility.
Ring -3 hardware has been hacked, numerous times- and subsequently patched- which should inform people of the potentials involved here. The update mechanism itself represents a path to targeted infection even if the hardware itself could not technically be described as a backdoor in OEM configurations. The coders who wrote the software might not even realize what it's being used for- ask Andrew S. Tanenbaum -who recently discovered he'd inadvertently created the most widely deployed OS in the world- Your probably running it right now; Even if not, the servers that delivered this page to you are.
The cellular baseband co-processor is ring -3, with authority granted to the network provider- it has unencumbered access to ram, where encryption keys are kept. Reporting on encryption backdoors, without mentioning these intimately related technical paradigms is, at best, deeply uninformed and negligent.
See Ken Tompsons' "Reflections on trusting trust" - to begin to get a sense of how difficult and deep running the backdoor problem really is. There is no panacea- but an informed populous is at least a start- as a journalist, that should be your job, not mine. It's great you're pushing back against backdoors- but to do that effectively, people need to understand the fundamental nature of what a backdoor is- that is a very nuanced and complicated topic.
[ link to this | view in chronology ]
@ "What is the appropriate response of a company whose data breach has now stripped its users of all the protection they depended on for all this data?"
That'd be: "Oh, well! -- We're not in least responsible! Read the T&C! -- Have a nice day!"
What's with all the free re-posts this week? Now can't get even ONE piece a day out of the minions? -- I'm betting heavily on February being Techdirt's last month.
[ link to this | view in chronology ]
Re:
You're not very good at thinking things through, are you?
Have a DMCA vote.
[ link to this | view in chronology ]
Re: Re: Broken satire meter!
[ link to this | view in chronology ]
Re: Re: Re: Broken satire meter!
[ link to this | view in chronology ]
Re: @ "What is the appropriate response of a company whose data breach has now stripped its users of all the protection they depended on for all this data?"
[ link to this | view in chronology ]
Don't support terroists
Or you could just say no to anything they want again and again until they no longer exist.
[ link to this | view in chronology ]
There are a couple of silver linings to the Tangerine-Tinged Twit's feud with the FBI. First, and more obviously, it makes it harder for them to push bad policy objectives like this. Second, by sucking all the oxygen out of the room it impedes their ability to spread a mass-media narrative (i.e. "ONOZ Terraists Will Kill U If We Can't Spy On U!!1!"), thus effectively amplifying the more sober and intellectual discussions (none of which support the agency's position).
[ link to this | view in chronology ]
The only argument that shuts these guys up is this:
and network-related technology "made in U.S.A."will dry up.
Everybody, Americans included, will shop elsewhere for tech.
That's trillions of dollars in new trade deficits, hundreds
of billions in lost profits to tech industries and tens of
billions in lost taxes every year until a new administration
undoes the damage and stops the bleeding.
Arguing about security and rights of the American people has
no effect on these clowns because they hold the public in
contempt and always will. Show them what effect their dumb-
ass meddling will do to their billionaire friends and corporate
backers and they'll quietly let the issue die off without ever
having to admit why it was a stupid idea to start with.
[Yes, I've said it before; and I'll say it again every time. ;]
[ link to this | view in chronology ]