6 July 2015, MIT: Computer Science and Artificial Intelligence Laboratory: Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications (PDF)
12 June 1994, NYT: Battle of the Clipper Chip
3 June 1994, NYT: At AT&T, No Joy on Clipper Flaw
2 June 1994, NYT: Flaw Discovered in Federal Plan for Wiretapping
JULY 7, 2015
Security Experts Oppose Government Access to Encrypted Communication
By NICOLE PERLROTH
SAN FRANCISCO -- An elite group of security technologists has concluded that the American and British governments cannot demand special access to encrypted communications without putting the world's most confidential data and critical infrastructure in danger.
A new paper  from the group, made up of 14 of the world's pre-eminent cryptographers and computer scientists, is a formidable salvo in a skirmish between intelligence and law enforcement leaders, and technologists and privacy advocates. After Edward J. Snowden's revelations -- with security breaches and awareness of nation-state surveillance at a record high and data moving online at breakneck speeds -- encryption has emerged as a major issue in the debate over privacy rights.
That has put Silicon Valley at the center of a tug of war. Technology companies including Apple, Microsoft and Google have been moving to encrypt more of their corporate and customer data after learning that the National Security Agency and its counterparts were siphoning off digital communications and hacking into corporate data centers.
Yet law enforcement and intelligence agency leaders argue that such efforts thwart their ability to monitor kidnappers, terrorists and other adversaries. In Britain, Prime Minister David Cameron threatened to ban encrypted messages altogether. In the United States, Michael S. Rogers, the director of the N.S.A., proposed that technology companies be required to create a digital key to unlock encrypted data, but to divide the key into pieces and secure it so that no one person or government agency could use it alone.
The encryption debate has left both sides bitterly divided and in fighting mode. The group of cryptographers deliberately issued its report a day before James B. Comey Jr., the director of the Federal Bureau of Investigation, and Sally Quillian Yates, the deputy attorney general at the Justice Department, are scheduled to testify before the Senate Judiciary Committee on the concerns that they and other government agencies have that encryption technologies will prevent them from effectively doing their jobs.
The new paper is the first in-depth technical analysis of government proposals by leading cryptographers and security thinkers, including Whitfield Diffie, a pioneer of public key cryptography, and Ronald L. Rivest, the "R" in the widely used RSA public cryptography algorithm. In the report, the group said any effort to give the government "exceptional access" to encrypted communications was technically unfeasible and would leave confidential data and critical infrastructure like banks and the power grid at risk.
Handing governments a key to encrypted communications would also require an extraordinary degree of trust. With government agency breaches now the norm -- most recently at the United States Office of Personnel Management,  the State Department and the White House -- the security specialists said authorities could not be trusted to keep such keys safe from hackers and criminals. They added that if the United States and Britain mandated backdoor keys to communications, China and other governments in foreign markets would be spurred to do the same.
"Such access will open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend," the report said. "The costs would be substantial, the damage to innovation severe and the consequences to economic growth hard to predict. The costs to the developed countries' soft power and to our moral authority would also be considerable."
A spokesman for the F.B.I. declined to comment ahead of Mr. Comey's appearance before the Senate Judiciary Committee hearings on Wednesday. Mr. Comey recently told CNN, "Our job is to find needles in a nationwide haystack, needles that are increasingly invisible to us because of end-to-end encryption."
A Justice Department official, who spoke on the condition of anonymity before the hearing, said that the agency supported strong encryption, but that certain uses of the technology -- notably end-to-end encryption that forces law enforcement to go directly to the target rather than to technology companies for passwords and communications -- interfered with the government's wiretap authority and created public safety risks.
Paul Kocher, the president of the Rambus Cryptography Research Division, who did not write the paper, said it shifted the debate over encryption from how much power intelligence agencies should have to the technological underpinnings of gaining special access to encrypted communications.
The paper "details multiple technological reasons why mandatory government back doors are technically unworkable, and how encryption regulations would be disastrous for computer security," Mr. Kocher said. "This report ought to put to rest any technical questions about 'Would this work?' "
The group behind the report has previously fought proposals for encryption access. In 1997, it analyzed the technical risks and shortcomings of a proposal in the Clinton administration called the Clipper chip.  Clipper would have poked a hole in cryptographic systems by requiring technology manufacturers to include a small hardware chip in their products that would have ensured that the government would always be able to unlock scrambled communications.
The government abandoned the effort after an analysis by the group showed it would have been technically unworkable. The final blow was the discovery by Matt Blaze,  then a 32-year-old computer scientist at AT&T Bell Laboratories and one of the authors of the new paper, of a flaw in the system that would have allowed anyone with technical expertise to gain access to the key to Clipper-encrypted communications.
Now the group has convened again for the first time since 1997. "The decisions for policy makers are going to shape the future of the global Internet and we want to make sure they get the technology analysis right," said Daniel J. Weitzner, head of the MIT Cybersecurity and Internet Policy Research Initiative and a former deputy chief technology officer at the White House, who coordinated the latest report.
In the paper, the authors emphasized that the stakes involved in encryption are much higher now than in their 1997 analysis. In the 1990s, the Internet era was just beginning -- the 1997 report is littered with references to "electronic mail" and "facsimile communications," which are now quaint communications methods. Today, the government's plans could affect the technology used to lock data from financial and medical institutions, and poke a hole in mobile devices and countless other critical systems that are moving rapidly online, including pipelines, nuclear facilities and the power grid.
"The problems now are much worse than they were in 1997," said Peter G. Neumann, a co-author of both the 1997 report and the new paper, who is a computer security pioneer at SRI International, the Silicon Valley research laboratory. "There are more vulnerabilities than ever, more ways to exploit them than ever, and now the government wants to dumb everything down further."
Other authors of the new paper include Steven M. Bellovin, a computer science professor at Columbia University; Harold Abelson, a computer science professor at MIT; Josh Benaloh, a leading cryptographer at Microsoft; Susan Landau, a professor of cybersecurity at Worcester Polytechnic Institute and formerly a senior privacy analyst at Google; and Bruce Schneier, a fellow at the Berkman Center for Internet and Society at Harvard Law School and a widely read security author.
"The government's proposals for exceptional access are wrong in principle and unworkable in practice," said Ross Anderson, a professor of security engineering at the University of Cambridge and the paper's sole author in Britain. "That is the message we are going to be hammering home again and again over the next few months as we oppose these proposals in your country and in ours."