We folks in the older crowd associate the terms “back door action” as a sexual connotation. Similarly, tick off Uncle Sam and you too could be on the receiving end of some back door action in a federal penitentiary. As will be discussed, your liberty is being sacrificed for safety, even though these laws can never keep up with the pace of technology.
Does the Government’s Fear of the Dark Justify Stifling Your Freedom?
James B. Comey, Jr., has declared that he is “afraid of the dark” as the seventh director of FBI. He did not mean it literally but in a differently meaningful way.
Comey used the label “going dark” for this particular issue and at Brookings Institution during his speech he said that technology has been going at a great pace but our law has not successfully kept up with that pace.
The Government Does Not Want You to Have Privacy – Starting With King George
King George violated the Laws of the Forest and Magna Charta, and his efforts to maintain the violation led to his efforts at confiscating private firearams, ammunition, papers and personal effects. In fact, our founders actually were so fearful that a future government would try and pull the same non sense, that they created a Bill of Rights to memorialize these long existing, unalienable rights.
Courts and Bureaucrats Like to Revise Definitions and History
True to form, our current government says “arms” only mean “muskets” and that computer data is not a “paper or personal effect.” (Source.) At least, this is what activist, progressive judges who support the Obama official positions are passing off as law. Comey, of course, said that his particular data gap is a big problem for public safety according to him. Where have we heard this before? (Hint: in every fascist dictatorship.) Comey delivered this controversy instigating speech on 16 October, 2014.
Everyone’s Freedom Must Be Restricted So We Can Snoop?
Obama’s FBI adjutant believes that easy access to encryption is giving more and more advantage to the criminals. The third party software and applications are making it hard for the FBI to tap into the communications of the people. Comey approached the idea of creating backdoors in the encrypting methods that companies use in a very persuading way but people related to the technology field can easily read between the lines.
“The description “back door” is appropriate after all, because it gives the government a chance to ‘backdoor” you says attorney Michael Ehline, a civil rights and injury attorney based in Los Angeles, California.”
Ehline says that many leftist courts have basically become rubber stamps for these “Draconian” laws and lawmakers, and pointed out that we have “already seen the IRS used as a punitive tool of the democrat party to punish political enemies.” Ehline pointed out that the president has already made clear that: “We must punish our [political] enemies and reward our friends.” (Barack Hussein Obama.)
Ehline, in opposition to these King George like polices and statements went on to quote Benjamin Franklin stating:
“Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.”
Of course, the FBI director said that FBI does not want any backdoors in order to access people’s information, but rather wants to go on a path that is clearly visible to people. Of course, it was only an attempt to give backdoors a different name. Backdoors are the portals for law enforcement institutions in the country to get access to encrypted public information.
The debate started, privacy groups got angry and security researchers got on their toes as well. FBI officials had to prepare to answer a lot of questions for starting this debate. FBI already has a bad record since the J. Edgar Hoover era but it seems the agency wants to go back to practicing those maneuvers that made people criticize them heavily for their abuse of power.
With this debate Comey has brought his entire agency against some of the best technological companies of the world that have always been communicating with the government for not taking any steps that would weaken the encryption of their products. Activists who have always fought for civil liberty and those who are actively involved with cryptography work were greatly angered by this statement from Comey. They are more infuriated because they know what hardships they have already gone through to keep the online world safe from government’s unwanted intrusion.
When we say backdoor in terms of technology we are referring to a secret window that is opened for security and investigation agencies to access encrypted and private data found on and going back and forth through smartphone applications, computers, emailing services etc. Government accesses this encrypted information by using special keys that are then applied on the ordinary information tapped from these modes of communications.
A law enforcement agency would acquire a key that is generated by the maker of the product that encrypts the data of its users. This key is usually the master key that if applied would decrypt all the data that is being communicated through the product. However, companies can also generate user-specific keys that would allow the intercepting agency to only decrypt the data of that particular user. The maker of the product will keep these secret keys and present it to the government or law enforcement agency when requested to.
Going Deep Into The Crypto Wars
Key escrow system is always a huge concern for cryptographers and security experts. It is because when you have one key available to breach the whole system and gain access to each and every communication taking place over it, breaking this one key would mean the whole system would get compromised. There is a way to manage this problem. The key that breaks into the conversations can be spread over several modules called the hardware security modules. However, the biggest problem with this method is that when government requires real-time and quick decryption the piecing together procedure of the key would take too long.
Crypto Wars originated nearly 2 decades ago. This war was first won by the supporters of privacy and encryption, but then they lost this battle. Finally they had won half of the battle and lost half of it. Center for Democracy & Technology’s chief, namely Joseph Hall, explain in detail that creating a key is easy and it is normally a long string of numbers. The best persons from the cryptography world wrote a book called The Risks of Key Recovery, Key Escrow and Trusted Third Party Encryption and in this book they suggest that creating infrastructures that would hold keys in certain places would be extremely impractical and the costs of such system will be high.
This paper was out for all to read in 1997 and we can say that it was the best time for this publication because at this time the crypto war was at its peak. The first milestone for the opponent of encryption for public records was the creation of CALEA. This was a law and it really made many privacy supporters think that they had lost the battle, but they had lost only half of it.
What Was And Is CALEA?
CALEA is the short for Communications Assistance for Law Enforcement Act. This act had become a law in 1995 and it gave government the autonomy to scrutinize private public records kept by communication services. The attorney at EFF, named Lee Tien, talks about the time when the law was approved and says that it was the intention of the government to completely outlaw the use of encryption or put some limits on its use. It was also a way to move another step and get the backdoors accepted.
The switching from analogue to digital systems was quite concerning for the government. Telephone companies were now incorporating new digital technology and government knew that it would become harder to wiretap communications over fiber. Government now knew that it had to plan something out that would keep telephone companies from creating systems that would completely disallow the government to wiretap communications. Government wanted authority on how digital systems were designed.
The government got the legislation approved that allowed government to place certain number of wiretap requests and define a timeframe within which the wiretaps had to be provided by the telephone network companies.
Another technologist, Seth Schoen, at EFF said that government wanted these PSTN companies to follow certain standards that would facilitate government’s wiretapping. In short, government was now telling companies to get ready for wiretapping and design their new technological equipment in a way that would facilitate wiretapping contrary to the old method where law enforcement officials had to produce warrants to get access into communications.
ACLU (American Civil Liberties Union, EFF and many other groups that promoted privacy of the public information were very clear on the fact that the attempts from the government appeared as if the government was trying to tell technological experts and engineers how to do what they had been doing for years. Government was making a mistake according to them. Tien also said that such mandates from the government were not good for businesses and individuals both and all technological experts believed this (Source.)
Groups promoting liberty of the masses and their privacy now had realized that they could not do anything to CALEA so they thought the best thing would be to limit its outreach. Thus they went for limitations and their inclusion in the US law saved the privacy of the masses in some way.
There are two important parts of this limitation section. The first part acts as a barrier in government’s acts that allow it to have any impact on the design and features of the technological components. The second part of this section protects companies that are providing information services from CALEA.
The part of the section that calls for exemption for information services saved the online services completely from any government intrusion in privacy. Even if you started a company on the internet for allowing interactions among people such as a blog, social network or emailing service, you were free and far away from CALEA. The government did not know that the exemption part was going to become a huge strike in its belly because soon internet was going to become the global mode of communication and PSTN companies were about to go out of business.
The biggest surprise for the government was the third part of the limitation section. This particular section stated that government could not hold an information service or even the telephone network companies responsible or compel them to disclose users’ data when the encryption was not performed by the primary company but through a third party service.
Neema Singh Guliani says clearly in a statement that limitation section on CALEA did more than saving the information services. It actually resulted in somehow allowing companies to still perform encryption. Tien said that the limitations greatly helped third party encrypting companies that allow smartphone users to encrypt their information. Even if the carrier does not offer encryption these third party apps do. If a mobile network company provides encryption the government would use CALEA and make it decrypt the information but that’s not possible when data is encrypted through third party apps.
We can conclude that CALEA did come as a bump in the advancement and spreading of encryption but it did not prevent companies from encrypting their user data. The limitations were there, they were included in the law but finally got approved by Congress and the then president of the United States, Bill Clinton. The telephone network companies were now under pressure of the government. Tien says that defenders of encryption could not hold back CALEA and the sacrifice of PTSN had to be given in order to save the internet.
During this something wrong happened to EFF. One group at EFF started promoting the government since it believed that somehow government did the right thing by not impacting the internet security. However, the other group still thought that they needed to stay focused on their primary visions. EFF was excoriated for supporting the government and FBI but the opponents of this group left EFF.
The half of the EFF that separated from government supporting group had nothing to do but soon they found something to do during the reign of George W. Bush. The administration of the president approached FCC and requested to extend the power of CALEA to AT&T and Comcast since they were internet service providers. According to Kevin Martin the aforementioned companies were facility based internet providers and so CALEA applied to them. This came as a huge shock for opponents of CALEA.
All the groups that supported privacy and the EFF approached US Court of Appeals and FCC to stay the order but their requests met with refusal. CALEA was now not limited to only the PSTN but also the internet service providers. This seemed like an attempt from the government to only take revenge of the limitations on CALEA because government knew that wiretapping only 2 internet service providers could not help them much. The encryption through third parties was still there. Schoen said that it was quite surprising and disappointing that what we fought for and what we received as a reward of our fights was now being taken away from us just like that.
The step from government was still only a baby move to prevent encryption because it still kept limitations of the CALEA intact. The companies providing internet services were now under the power of CALEA but companies that made equipment for internet services were still exempt. It was a surprise for privacy supporters and EFF when nothing about cryptography and encryption was said by the government after the terrorist attacks of September 11, 2001. The privacy supporters thought that now there had been relieved from crypto wars.
Crypto Wars Reignited
Brookings Institution became the place of Comey’s speech that reignited the flame of crypto wars when Comey had only just completed his first year with FBI. He clearly stated that the agencies that are responsible for keeping people safe are not given access to people’s information and even though these agencies have the authority to intercept information they don’t have the technology and backing of the law to do that.
In the later parts of his speech he was quite clearly issuing a warning to the encrypting companies by saying that encryption was pushing FBI and government in the dark when it came to obtaining information about criminals and terrorists. This was a clear indication that he wants encryption to vanish.
Comey specifically mentioned Apple and stated its example as a threat to FBI’s workings. He said that Apple is now going to introduce a technology that would encrypt the data of its users in such a way that even Apple will not be able to access its users’ data.
This would mean that when government asks Apple for information of the users Apple can simply say that it cannot because it cannot decrypt its users’ information. He gave the examples of safes and closets and said that criminals will sit inside these closets and we won’t be able to do anything to them because we won’t be allowed to open the closets.
The sudden mention of the issue from James Comey has proved to be great annoyance for all civil-liberty groups. Nadia Heninger, who’s a professor at University of Pennsylvania, said that so many people have spent so many years and efforts in putting an end to this crypto war. These people proved with great examples that backdoors were not a good option and when the issue was brought to public the public showed trust in these encryption and cryptography supporters.
She said that the people who are instigating this matter again are definitely not aware of what has happened in the past on this same issue. Tien said that security researchers who never thought that this issue would be raised again are stunned and clueless. Comey had company in talking about encryption and this company was given to him by Mike Rogers and Michael Steinbach.
Michael went to the extent of giving a proposal that all companies involved in creating technological pieces of equipment should get rid of encryption. FBI director did not hold back from talking about encryption at a Q&A session that took place at Georgetown Law School and proposed that universal encryption would give safety to criminals.
The House Committee on Oversight and Government Reform realized the heat of the moment and thought it would be wise to hold a meeting where both sides could present their arguments. From FBI it was Amy Hess and Daniel Conley, executive assistant director and Suffolk County district attorney respectively. Amy seemed quite stern on using the aspect of terrorism whenever she talked about encryption and cryptography. She repeated repeatedly that terrorists could exploit the prevailing encryption standards.
Representatives of the press and some other online news websites approached Hess and other officials to talk to them about the matters and interview them but they were given a no go. One official said that people should know that FBI was not coming up with new authorities but Comey was definitely not aware of this and wanted smartphones to be treated just like PSTNs and internet service providers. According to him encryption was going to become a hurdle for justice seekers and a shelter for criminals.
Officials from Comey’s office did not allow press and other social media representatives to interview him by saying that his schedule did not allow him to.
The chairman of the House Oversight Committee, Jason Chaffetz, did not seem very interested in what Conley and Hess had to say during the hearing. Chaffetz has been a big annoyance for Obama administration because he likes to ask the right questions and he really proved to be a troublesome guy on the Benghazi, Libya issue.
Chaffetz was once again not easily convinced by Hess and Conley, if at all. He asked both the representatives questions about their motives of backdoors, the type of information they wanted to collect etc. Hess did not answer his questions and rather proposed a secret session to be conducted for her to go into specifics.
The way Hess answered the questions from Chaffetz clearly served as a presage to what FBI is after.
FBI has seemed interested in talking about their schemes about backdoors and making them front doors but whenever they have been questioned they have replied with non-answers. When CHaffetz was interviewed after the hearing he described the answers given by FBI officials by using the word “deflection”. Chaffetz clearly stated that FBI was hiding something from the people and trying to gain benefits that were only in their favor.
Will Hurd also heard the proceedings of the committee as the new congressman and agreed with what Chaffetz said. He said creating backdoors means creating a way not only for the law but also for the bad guys into the system. What Hurd has to say means a lot because he has been working in Middle East for CIA and also holds computer science degree. Hurd said that he can understand the challenges of the FBI but he said we need to ensure the integrity of not only security but civil liberty as well.
Hurd believed that Hess and Conley were not very specific in stating their matter so he would like to talk to more technical FBI officials on the matter of encryption. He said that Hess and Conley gave examples that seem immature and very irrelevant. Hurd also referred to Rogers, the director of NSA, when he said in a conference that he had a lot of professional cryptographers at NSA.
Hurd said that almost all security and cryptography experts believe backdoors are unsafe so what Rogers said was surprising. Another hearing that took place at Capitol Hill was not very successful and did not emerge on media that much. However, in this hearing too Conley and Hess were criticized for their untrustworthy arguments.
Hurd said that most people are not even aware in these hearings about the subject matter, but he is determined to make them aware of the issue and educate on it. Hurd says that he wants everyone in the congress to understand the matter and he would use his position and platform to educate them on it.
Chaffetz said that he would accept Hess’ offer of conducting a classified meeting but he said he didn’t like the attitude of the officials from FBI as they had been constantly running away from his questions. He said he wanted a long and specific answer from them rather a summary of what they wanted. Hurd and Ted Lieu (D-Calif.) also communicated with FBI’s Comey to tell him that backdoors were not a practical solution to the problem. Chaffetz said he did not agree with the idea of FBI and other law enforcement agencies monitoring the people all the time.
The Best Experts Believe Backdoors Would Be A Huge Mistake
Many cryptographers got together with supporters of the civil liberty and disseminated a letter to president Obama talking about the disadvantages of backdoors. The letter was very clear at stating that encryption provided the supporting pillar for the security of modern communications. It also said that any backdoors, regardless of whether we call them front doors, would be literally vulnerabilities in the system that will be accessible to the bad guys in the same way as they will be accessible to the law.
How qualified was this group that was talking to the president about encryption and cryptography? New York Times did the best job at giving us this answer. It stated two important people who were in the group namely Whitfield Diffie and Richard A. Clarke. Whitfield Diffie is the one of the inventors of cryptography that today’s internet commonly uses and Richard A. Clarke is the genius White House referred to for reviewing its security system when Edward J. Snowden emerged on the scene.
Barely a week had passed after this letter that a report came from United Nations Office of the High Commissioner for Human Rights that greatly admired the modern encryption standards and strictly criticized states for introducing backdoors and any means that weakened the encryption standards. Before Comey’s speech he had already been criticized severely for his proposals on backdoors by some security experts. These experts had clearly stated that backdoors would only serve as a means for hackers and hacking nations to get access to our government and confidential data and cause huge damage to our security and economy.
What’s Wrong With A Backdoor?
Like in real life, the only time back door action is good, is when both parties want to engage in this activity. When the talk of backdoors is used in either context, start the first thing that needs understanding is that a backdoor is a window opened into the system not only for law but for bad guys as well (i.e. the system is now weaker than before.) Heninger says that backdoors provide an extra entry point to external nations and cyber criminals to access our bank data, email information and confidential data of the government.
Even worse is the fact that when you open this backdoor into the system the creator of the encrypted system has absolutely no control on this backdoor. When a company comes up with its own way of encryption it knows how to protect it and what steps to take when something is wrong with it. When there is a backdoor they have no idea what to do if a cyber criminal enters into the system through this backdoor. In short, the company loses its control on its own system by introducing a little part in the system that’s out of its reach.
Schoen describes the situation precisely by stating that if you are a company that created an encryption but then provided a backdoor to another third party, you can’t control that part of your own system. If you as a company believe that there should be a certain precaution taken, you can only think of it but you can’t implement it because the backdoor is in the hands of the third party.
He goes further by saying that a person who owns a home would never allow police to create a backdoor in his house, which he has no access to and knowledge of, and then let the police use this backdoor however the police wants. To worsen the scenario tell that person that the same police that’s about to introduce the backdoor in your house is known for making mistakes and getting hacked.
In short, how well prepared the people are who will be taking care of the backdoor matters a lot in this scenario. The biggest disadvantage of a backdoor is that it cannot tell whether it is being accessed by the police or some hacker or cyber criminal. All in all, it is just another name given to a vulnerability in the system according to Tien.
Several Examples Of Backdoor Fiascos
Backdoors have been exploited time and again, and there are many examples in front of us. China once hacked into Gmail because there was a backdoor in it. Athens’ Mayor and more than 100 other local and international officials had their data stolen by a hacker in 2007 through a backdoor in Vodafone-Panafon that was created by the government. A spy ring was found in the systems of Telecom Italia by the government of the country. This particular hack was tapping calls made by politicians, footballers and other elites of the country. This also happened because there was a backdoor in the system.
Security researchers continuously talk about how backdoors have deceived everyone and proved to be useless. A big example of backdoor fiasco was the Clipper Chip that was developed by NSA. This particular chip was going to use the Skipjack encryption and there was going to be a chip inserted into every electronic device especially computers, phones etc. However, it did not take long before Matt Blaze, who was an expert cryptographer, brought forward a paper in which he relentlessly exposed the flaws and weak points of the encryption used by NSA. After this discovery the government never let this chip come out of its egg.
Another expert Jake Laperruque at CDT said that the kind of backdoor that is being suggested is practically impossible to create. He alluded to The Avengers: Age of Ultron and compared this backdoor to Thor’s hammer. The biggest concern for privacy supporters is that government has not been successful at keeping its secrets and thus creating a backdoor and handing it over to the government would not be a wise move.
Matthew Green, who serves the Johns Hopkins Information Security Institute as a research professor said that you would be creating a huge target for thieves and abusers if you encrypt all the data that is flowing across the US with just one master key. How hard is it for hackers to know the keys even when they have been created by some of the best encrypting companies of the world?
Take the example of RSA Data security that announced in 2011 that hackers had finally accessed the master key of the company and this gave hackers access to every device that used company’s SecurID authentication. US defense contractor, namely Lockheed Martin, soon gave the news that the SecurID system they were using had been hacked into by hackers for stealing confidential information.
Green said that these are the companies that were encrypting and creating keys not only for other companies by military for years but even their keys were known and hacked into by expert crypto-analysts. Heninger goes on to say that things get even worse if someone steals the master key, gets into the confidential data of the government and nobody even gets to know about it. Daniel Weitzner, who serves as an important member of Computer Science and Artificial Intelligence Laboratory at MIT, says that building a backdoor for such a huge system where there would be thousands of people requiring to access the backdoor almost every day will be practically impossible to build.
Weitzner said that when you give backdoor access to everyone who is part of the law enforcement institutions you are actually giving access to a huge number of people. The more people know about the backdoor or have even partial access to it the more vulnerable it would become. He said that a police officer who knows only a little about the backdoor can be fooled into spitting out the information through social engineering.
Weitzner is not firing a bullet in the dark but what he said has some relation with the reality. When SecurID fiasco took place very soon it was revealed by RSA’s executives that it was literally social engineering that proved detrimental to their security encryption. Experts say that social engineering is not the only problem. What they believe is that the kind of backdoor FBI want cannot be built right now.
According to experts FBI often quotes scenarios in favor of backdoors that are not even practical. For example, they would talk about child abduction cases but as per the experts you require real-time decryption and wiretapping in these cases and with the kind of backdoors that FBI suggests it is not possible to retrieve that information in real-time.
Hall says that FBI personnel have to perform some sensitive operations in order to use the backdoors and in order to access the information without getting hacked they have to perform these operations in airgapped facilities. When you have a key dispersed over many locations you will have to gather all the pieces of the key in one place. Again when the key is being gathered it has to be done in airgapped facilities. This will require a lot of time and if you need to perform the actions in real time you won’t be able to do that with such a complex way of accessing the backdoor.
Having backdoors in a mobile operating system is another one of the big concerns. Just on April 28 it was revealed by Jonathan Mayer, who is a graduate from Stanford University, proved how it was unrealistic and impossible to put a backdoor in an operating system like Android from Google. He explained in detail how adding a backdoor to Google’s Android would add layer after layer of complexities. First you will have to create a backdoor library for every application that is created for Android so all applications can comply.
However, the third party applications that were not on Play Store (Google’s platform for applications) would still not follow the code library with Google’s backdoor on it. He even talks about web applications and says that adding backdoors to those applications is never possible. Lastly, he explains that if the US government wants these backdoors they will have to start censoring internet because they will have to get rid of the web applications as a whole.
Even if we say that a backdoor is possible and everything is molded accordingly to facilitate a backdoor, we encounter the biggest problem of all – transparency.
We have to remember Kerckhoffs’ principle if we want an encrypted system to be safe. Even if government is given the mandate to have a backdoor in all systems it has to make this backdoor a public knowledge. This is in order to allow the experts to analyze and understand the system and claim that it is safe. According to Kerckhoffs it was bad practice to create a security system and disclosing only a part of its design and not full design.
There is a political argument against it and it holds waters too. According to this claim creating a backdoor for US government would attract the attention of other countries that will then demand the same thing from any companies that are in the US. What this means is that US tech companies will have to create backdoors for every product they make for other countries as well. This question was asked from the director for NSA, Mike Rogers, by Yahoo’s security officer, Alex Stamos. Since the question was valid and specific from Stamos, Rogers had to escape the question by saying that they will find a way out of that situation.
Green says that what FBI is asking for is more like colonization of Mars. Yes, we do have the technology to send our people in Space but colonization of Mars is not the same issue and requires some unrealistic approach towards astrology. This is exactly what a backdoor means in the world of cryptography.
The Role Of President Barack Obama
Obama is the strong player in this whole war of cryptography. The most surprising thing about Obama is that he is presently in the favor of encryption. He said he likes encryption more in an interview on February 15. He said these words after he had spoken to security personnel on the matter of cybersecurity at
White House Summit
Obama spoke in the favor of cryptography and encryption when he was interviewed by Swisher and this was the most surprising thing for privacy supporters because it was the first time in the tenure of this war that a US president had spoken in the favor of encryption. President Obama could easily tell NSA and FBI to sit down on the matter of backdoors and encryption if he really believes in strong encryption.
When Snowden disclosures began Obama had held a meeting on Intelligence and Communications Technologies and in this meeting he had greatly dispirit the idea of backdoors. The review group had clearly stated after the meeting that government was in no mood and had no intentions of having any impact on the current status of commercial encryption. The government actually encouraged encryption in its present form.
According to the report it was suggested that if such backdoors were introduced it would prove to be greatly damaging to America’s business affairs with companies outside the US. When we look at the reports on cybersecurity that come from White House we get this strong feeling that president is in support of strong encryption. Weitzner also commented on an incident that president Obama had once rejected any suggestions and proposals from the former FBI director, namely Robert Mueller, that supported and promoted backdoors.
An official from Obama administration says that the president is hesitating in openly opposing FBI and NSA’s stance on encryption because both the agencies have been quite independent in the past about these matters. It is also suggested that White House will jump into the matter but only when it has matured enough.
Those who support encryption have been criticizing the president for his silence. They think that they are fighting a battle that could easily be ended by the president. They suggest that the president just has to sit down in front of the nation and say that he does not want to meddle around with the encryption standards and methods that are being followed in the country and worldwide right now. As soon as he says this the war will be over.
NSA’s Algorithm Fiasco
In the past the government have been attacking commercial security and encryption and NSA’s secret backdoor in an algorithm it created is the biggest example of those attacks. This particular algorithm from NSA received its approval from NIST (National Institute of Standards and Technology). Technical standards are promoted by NIST and NSA got its Dual_EC_DRBG algorithm approved by NIST in 2006. The function of this algorithm was to generate pseudorandom numbers but it was soon found out that NSA had only designed this algorithm to its advantage i.e. it could easily break into the encrypted data through this algorithm.
RSA also accepted and implemented this algorithm in its software but soon the truth was revealed. RSA adopted this algorithm because it was paid millions of dollars by NSA to do so. This was done so NSA could easily get approval from NIST. The plan by NSA worked like a charm and government was happily after adopting this algorithm as RSA adopted it too. It was Bruce Schneier, a security expert, who came up with a presentation about the algorithm in 2007 and explained that the vulnerability he had found in the algorithm was nothing but a backdoor created by the creators of the algorithm themselves i.e. NSA.
When this was revealed, RSA straight away instructed its customers to abandon using any products that were using Dual_EC. It was a huge blow to the reputation of NIST. The biggest impact of this deception was that public lost its trust on government. NIST threw out the Dual_EC algorithm from its recommendations on June 26. NSA, which used to work to protect encryption and cryptography, proved to be the entity that started working to weaken it during the end of the 20th century.
According to Heninger the security industry received a huge blow when NSA lost its trust and NIST was in no position to bring NSA back into its list of trustworthy agencies. Experts now also suggest that any encryption standards where NSA was involved should be thrown out of use even though it is clear that there were no backdoors in those encryptions.
Government vs Commercial Encryption Industry
Government has been trying to weaken encryption for quite some time. The fight has always been against the commercial encryption industry. There was a time when government would not allow any sort of cryptography to be exported. Any encryption that could be brought out to public was prohibited to be used by the government. The stance of the intelligence agencies was that no encryption should be exported because it would empower the country’s enemies. If some tech company did that it was considered a crime to the extent of exporting bombs and tanks.
The term “export” was defined in a different manner by the government. Government did not want any cryptography work to be made available to someone from another country. What it meant was that cryptographers could not post any of their works on the internet. However, they could do so when they passed through certain export crypto restrictions. Such actions from the government gave NSA more power in its maneuvers.
On May 06, 1999 a big hit was made by US Court of Appeals on export-crypto restrictions. According to the court, in the Bernstein v. United States Department of Justice case, the cryptography was not ammunition but speech and censoring it was a form of censorship. The court announced that what government was doing was nothing more than an unjustified restraint. After this order was passed the cryptographers were free to share their encryption and they did not have to get permission from the government for the dissemination of their work.
Cindy Cohn was the lawyer who stood for Daniel Bernstein in the case. After the case was won she became the director of EFF and according to her the backdoor arguments presented by FBI now are exactly what they were in the past when she was facing them in the court. She said in a very precise statement when she was fighting the case the government was saying that it needed to regular crypto to stop bad guys from accessing it and her position was that good people needed to be empowered with crypto to protect important data from the bad people.
Heninger and Green pointed out Logjam and FREAK as vulnerabilities in crypto from 90s and this made tech companies take quick measures to fix these vulnerabilities. Export-grade cryptography attacks are an indication of what government’s backdoor policy could do to the encryption world. There is another form of attack that would completely destroy the systems if we introduced backdoors in the encryptions. There is an attack called Heartbleed whose target is OpenSSL. I
nformation about Heartbleed was found in 2014 and after knowing it Green had said that if there were backdoors in our systems this kind of attack could have destroyed the system completely. With a backdoor, according to Green, not only a few but a huge number of people would be attacked. Green said that humans make mistakes and attacks such as Logjam, FREAK and Heartbleed show us the mirror.
However, they also tell us that we don’t have to use backdoors because if we made mistakes while creating backdoors we will be in a much big trouble because then we will have the security of everyone in the US at risk. He said that in the future we might get better and make no mistakes with our cryptography but for now we are making mistakes and we have not reached the level of perfection.
Cohn thought that the whole speech about going dark from Comey was nothing but frustrating for us. Cohn said that it is quite a shocking thing that Comey wants backdoors to protect us because such a scenario does not apply to our real lives. Cohn said we will not leave our house doors opened for FBI just in case there is a house with a thief in it.
She said that in 1990 the fight they fought was the first one and for them the victory had been declared. The government always wanted more and more out of encryption. Just in 2013 it was posted by New York Times that NSA was again working to weaken encryption through its secret program named “Bullrun”. In this program NSA would go to different tech companies and ask them to include backdoors in their products so NSA could monitor their users. According to the Times NSA could not bear its loss in 1990 of not including any backdoors to the encrypted systems so it thought a better way would be to do it secretly behind closed doors.
Tien said that Snowden revelations have given us a clear picture on how unaware or non-serious the government is when it comes to encryption because exploitation of vulnerabilities is what we see in the whole story of Snowden. Worst thing that Comey and Rogers could do was not secretly employing in activities to weaken encryption. In fact, their worst was when they tried to malign the tech companies publicly by saying that they don’t want encryption weaker because they are protecting the criminals. According to Cohn, Comey is acting like a bully and instead of trying legal means he is threatening these companies to get rid of cryptography or follow the standards that FBI gives them.
Security researchers are purely concerned about cryptography and coming up with codes that can protect user data as it flows in the air. They don’t want to take part in political debates and wars. However, they have been made part of many debates and crypto wars. After all this they have only learned one thing that it is nearly impossible to make FBI understand the technical difficulties, limitations and disadvantages that are associated with backdoors. Hall says that most of the arguments received from NSA and FBI are the products of the minds of people who are farthest from technicalities and technical realities.
A hearing took place on 08 July and this hearing Sally Yates and Comey spoke clearly about their intentions for cryptography and encryption. Yates was of the opinion that FBI wants a legislative solution to the problem. Comey also said that they want government to introduce and pass laws that would allow FBI to make tech companies decode their codes when FBI asked them to. After Snowden leaks the government had received a huge blow on its reputation about encryption. It had now become difficult for the government to talk about these matters publicly because its own grip on these matters was proved to be a banana when Snowden revelations began.
However, according to Schoen the government has now started to follow some informal tactics to get around the encryption problem. The FBI agents and government bodies are now approaching the encrypting companies directly. They tell the companies that a certain product is not something they trust and so they object on that particular product. Sometimes they would just place forward their requests for certain products to be designed in a certain way.
Schoen strictly criticized how FBI approaches the issue of cryptography by saying that it always wants to talk to the congress or some other entity instead of stating clearly what it wants. When FBI clearly states that it wants a certain crypto in a certain then it would be easier for cryptographers to say that they can’t do it because there are A, B and C risks involved in performing cryptography that way. Furthermore, Hall said that FBI is only keeping them entangled in this issue for nearly 3 decades now and has never offered a technical solution to the problem to date.
He further said that FBI does not understand the standards of cryptography. He said the FBI has been very premature in its demands and all of its speeches. According to him if the top cryptographers of the world have no idea on how to do something, you could tell that FBI cannot have a solution. If FBI does have a solution, it would definitely be one with vulnerabilities and it must not be crystal clear.
Hurd said that whenever FBI is asked specific questions the answers received from them are very unclear. FBI not providing specific details as to what they want is only half of the problem for encryption specialists. They are also annoyed by the fact that FBI continues to be proved wrong and still keeps coming back with the same attitude towards crypto wars.
EFF website has a post with a title that says “Eight Epic Failures of Regulating Cryptography” and under this title Cohn brings side by side a couple of quotes originating from FBI officials and there is a gap of 20 years between them. One belongs to General Counsel Valerie Caproni in 2010 and according to this quote the tech companies could go for strong encryption but they had to come up with a solution on how to present with plain copies of these encryptions to FBI.
The other quote comes from 1995 from Louis Freeh, the then director of FBI where he says that FBI is strongly in favor of encryption but only wants tech companies to include a backdoor in those encryptions to allow FBI to get in them when there was a need of catching a criminal. Cohn gives a witting remark by saying that they were naming it a trapdoor 20 years ago, then they called it a backdoor and the recent development from FBI is that they want to call it the front door. She said that whatever door we call it the idea is not supposed to work ever.
In the middle of June a report came out from New America’s Open Technology in which the supporters of privacy talks about all that has went wrong during crypto wars and tries to teach a lesson by referring to the high points of these wars and stating that it was now finally believed that the argument had been settled. The resurfacing of the problem is a huge annoyance for cryptographers and encryption supporters.
Cohn says that FBI is acting in a way as if it never came out of the time when crypto wars started. She said that FBI is still living in the same world as it was living 20 years ago. Cohn further said that things have changed from what they used to be in 1990. She says that people now understand the matter of security, if not on technical level at least on basic level. She says that this understanding of security puts cryptographers and encrypting companies in a better position where they can make people understand why the government’s stance is the wrong stance in this matter.
Tien said that it surprises him that government seems to become even more unaware of the issues and today it wants backdoors with even more passion. He said that government should have understood the matters in a better way but it seems they have moved further away from reality. He said that FBI wants to shut something down that cryptographers have been working on for decades. He said that shutting down cryptography would mean shutting down mathematics – and it is not possible.
Cohn said that what government is suggesting with its backdoor idea is that people won’t be allowed to innovate in their own way. Hall also said that stopping people from doing cryptography means stopping people from doing mathematics. Philip Zimmerman succinctly said that putting limits on cryptography and encryption is nothing other than trying to put limits on weather and tides.
Cohn said that we don’t say that time is on our side, she said we have mathematics on our side and this gives us the upper hand. Groups fighting for civil liberty stated that accessing sensitive information in order to catch criminals is quite understandable when government says that but they believe the bureau is going to go further than it claims to. Guliani said that the amount of information that was available to FBI a decade ago was nothing compared to the amount of information available today.
The Biggest Tech Giants Are Not Happy
What small companies say might not matter to the government but that’s not the case in crypto wars. When we talk about crypto wars we are talking about the biggest companies of the world, some of which are richer than the American government. We are talking about Google, Facebook, Apple, Yahoo, Microsoft etc. The tech giants are serious about encryption and they have sent their messages to the government.
We can tell it from the letter that was sent to the government on May 19. When cryptographers and companies using encryption gathered to send a letter to president Obama these companies were also part of the senders. Comey thought the letter was very depressing for him. Another such letter was sent to the government and it was requested that any attempts being made to weaken encryption be stopped.
These companies take the matter seriously also because introducing backdoors is going to have a big dent on their economics as well. Major tech companies now have a very tensed relation with the government and the speech from Comey was another factor that increased this tension for these companies. What the owners and CEOs of these big companies think about encryption is clear from Tim Cook’s speech that he delivered in February at White House regarding the cybersecurity.
The CEOs of other big companies like Google and Facebook did not bother coming to this conference because they believed that government should not give any weight to the backdoor talking in the first place. Tim Cook went to the conference though. He delivered a speech there and the speech was a concurrence of what the CEOs of other companies believed.
Tim Cook was very clear in his speech and said that in today’s world there are millions and billions of people trusting these companies for the security of their information. He said that if we compromised on their information the aftermath will be extremely dark. Cook was clearer in his speech that he delivered in June at EPIC Champions of Freedom Awards Dinner. In this particular speech he said that entities in Washington were trying to weaken the encryption of people’s data and called it an extremely dangerous activity.
Cook used a great analogy by saying that putting a key under one’s door mat and hoping for police to find it is not empty from the fear that bad guys might get a hold of these keys before the police does. Google’s law enforcement and information security director, namely David Lieber, said clearly in his statements about encryption that whatever they do has encryption at its base. He said that encryption defines their work and serves as the foundation of whatever they do. He said that government had no right to compel these companies to weaken their encryptions.
He also stated that inserting backdoors in their encryptions is not a possibility and government should not follow this course. He was clearer in other statements where he said that Google was never going to include backdoors in its services. A Microsoft official also said that backdoors are similar to introducing doors to hell in the systems. He clearly said that there should be no backdoors and no one should ask for them whatsoever.
It is quite interesting that companies like Microsoft were not much concerned about CALEA when it came out because they were exempt. However, when CALEA’s reinterpretation took place and when Comey came up with the idea of introducing backdoors in every encrypted product, all the companies were concerned about their future. First the crypto wars were not really a matter for the public but things have changed since that war.
Today, we see that government has turned its face towards internet services from telephone networks and we also see that the public now knows more about cryptography and encryption since the revelations from Snowden. In the past CALEA was going to affect only the telephone companies but when you apply CALEA to today’s encryption with its amended clauses you are talking about affecting every small and big business on the internet.
It could have been easier for government to convince the public for backdoors but since the Snowden revelations public is more aware of its right on security. Furthermore, the common public will not let major tech companies introduce backdoors in their systems because they know the consequences of doing so.
Chaffetz puts the whole story in the most intelligent words by saying that people want to sue their smartphones with the belief that their smartphones and whatever they do on their smartphones is their personal business. He said that if major tech companies want this, they are on the right.
Cohn says that it Snowden revelations have opened the eyes of the public and these revelations have also given their case strength in that the public is now on their side. Guliani also said that private companies are now under major pressure because almost everyone is now connected to the online world and online banking is a major part of it.
She also said that the security of people’s smartphone data and information is much more important than ever before because now they rely on their devices more for more things. Security is not an issue involving only the American nation now. If backdoors are introduced then international reaction would also be quite impacting. Tien said that the American nation is not comfortable with the idea of allowing backdoors to FBI into their information. Even if you make them happy with some magic, how would you convince the international users who would be worried that their information is reachable to some entity in another country?
Laperruque also said that tech companies have already gone through great troubles due to the revelations that came in association with NSA just a few years ago. Tien also showed happiness on the fact that nearly all major tech companies are now ready to fight for their right. He said that it is a great feeling that companies are now standing up for their customers and for the safety of internet, and also for encryption.
What Is Future Holding For Encryption And Safety Of People’s Information
It is not clear what turn the debate on encryption will take in the future. However, it would be bad for all major tech companies and the international audience if the bill is crafted in such a way that it is fully in favor of what government wants. The government will then require every tech company to go through its checks before approving their encryptions.
As they go through encryptions they will allow only those encryptions that have backdoors for them. Encryptions that don’t have any backdoors form them will simply get disapproved by the government. Such a bill will also go against first amendment that allows the right to free speech and expression. It has been declared again and again by courts that encryption and crypto are not weapons but exchange of ideas.
Even if government successfully gets the encryption banned unless it includes backdoors for it, the further challenges will be even bigger for the government. The cases that involved cryptography and encryption have all ended with courts declaring that cryptography and encryption was speech. Putting a hold on speech will be a big difficulty for government because then flaming political speeches will also come under scrutiny.
Preparing a case where the government can single out cryptography as the culprit is not going to be easy for the government. Cohn believes that it would be nearly impossible for the government to compel every tech company to include a backdoor in its algorithms because there is First Amendment standing right in its way. Security experts are not sure what other ways FBI might try if it does not go for backdoor mandate explicitly.
We have seen that FBI has been suggesting constantly that tech companies should come up with a solution to the problem themselves. However, when we look at the stance of these big companies we realize that they there is nearly no chance they will allow any backdoors or suggest a way around for backdoors to be introduced in their systems.
Hurd says that it does not seem that Congress is currently eagerly after this issue because we don’t see any proposals in front of it. Let’s suppose the backdoor thing becomes a law. We are looking into a completely different future. Tech companies will no longer be in a position to offer any substantial security to their information because every algorithm they come up with will have a backdoor in it.
Heninger says that it would really disappoint her big time to be a part of the country where encryption was undermined. She says that a lot of data breaches are taking place today and strong encryption was the only answer to those breaches. However, things will worsen as we create algorithms that already have backdoors in them.
Hall said that they are fighting for cybersecurity. He said there are cases in which the argument of the FBI seems valid for example cases when child abduction, terrorism, child porn etc. needs to be thwarted but he said that to compromise on the security of the rest of the world’s information for these cases is not wise. Furthermore, it has already been stated by various experts that such cases require real-time wiretapping but that’s not possible with the kind of suggestions FBI is making. Hall believes that there would be an increasing pressure on encryption and tech companies after the Charlie Hebdo and similar attacks around the world.
The CALEA related arguments are resurfacing again giving rise to the crypto wars. However, Cohn is ready to fight this war again. She has already fought this war and she thinks that government has no chance to win this war just like it did not win it before. The bottom line here is that the Central government has easily surpassed the tyranny of the English that led to our revolution. If you are tired of getting back doored, your options are the soap box, the ballot box, the jury box, and ultimately the cartridge box. Of course the government wants you to have musketballs instead of cartridges, so we will see how far that will get you if needed.