Encryption Backdoors: Do not work!
Some background knowledge on Encryption Backdoors
Certain events have led to renewed calls from governments and law enforcement for more sophisticated tools for monitoring suspects. One idea that has received renewed attention is ‘encryption backdoors.’ An encryption backdoor is a method of getting around encryption or authentication in a system.
Backdoors can exist for legitimate, practical reasons. An example is allowing a manufacturer or service provider to restore access to a user who has forgotten their password. However, encryption backdoors allow parties like governments or spy agencies to bypass normal security measures. This happens in order to gain access to an account or device and its data. Essentially, these are ways for the manufacturer to allow certain parties access to parts of a device. On the other hand, robust encryption methods protects these parts of the device. A simple possible analogy is having a very expensive, difficult to pick lock on your front door that only you know. In comparison of hiding your house key under a potted plant (that presumably only very limited parties are aware of).
This blog will look at the technology around encryption and its circumvention. We’ll also examine the advantages and drawbacks of such encryption backdoors being installed in communication devices like phones and laptops and other consumer and enterprise technology (messaging, email, cloud, etc.)
Encryption: how does it work?
Asymmetric encryption (a common type) consists of two components: public and private keys. When a user sends a message to another, the sender’s computer uses the receiver’s public key to encrypt the contents of the message. This encrypted message will decrypt into its original state by using the receiver’s private key. A system that offers end-to-end encryption, like Mailfence, uses a public key system, OpenPGP to be exact. Alongside of OpenPGP based end-to-end encryption, it also supports secure message escrow, or simply password based end-to-end encrypted messages.
Read more about the differences between end-to-to end encryption and password-encrypted messages in our blogpost.
The product of two prime numbers create a public key (in case of RSA algorithm). The two prime numbers that generate the public key, make up the private key. Due to the mathematical complexity of finding the prime factors of a large number, private keys could take decades to decrypt using a brute force attack. Conversely, knowledge of a private key would mean that the public key could be calculated in a split second. This as a result of it’s simple multiplication. Therefore, it is strictly important to keep the private keys hidden. Private keys are very difficult to crack. Therefore, the only practical way of gaining unauthorized access to encrypted data, is to obtain the private key itself. In order to access that private key, encryption backdoor concept kicks in.
Encryption backdoors: What are they?
Encryption backdoors are implemented in the design and manufacture stage of devices or software. They serve as a way to access these private keys. Proponents of encryption backdoors support allowing limited access to parties such as law enforcement. The mass shooting in San Bernardino, California in December 2015 thrust this issue into the spotlight. Police recovered the iPhone of one of the shooters. However, due to its passcode was not possible to access the device. Initially, law enforcement unsuccessfully requested Apple executives to grant exceptional access to the device. The government then filed a court order to compel Apple to install an encryption backdoor in a new version of the operating system so it could then be loaded onto the device. Apple CEO Tim Cook rejected these calls, saying that this demand had “implications far beyond the legal case at hand.”
If such an encryption backdoor were available, there is some debate as to its effectiveness. Former Microsoft CTO Ray Ozzie proposed an idea to allow law enforcement access to a ‘secure’ database of private keys, commonly referred to as a key escrow system. The police can access the encrypted device by using the private key. However, the device would then enter a irreversible recovery mode and couldn’t be used again. As others have pointed out, this system wouldn’t work because there wouldn’t be a way to guarantee the security of the database containing backdoor keys.
The case against encryption backdoors
The Electronic Frontier Foundation, a digital privacy advocacy group, argues that there is no middle ground when it comes to encryption backdoors. They argue that exceptional access “erodes encryption security, granting law enforcement either its own set of private keys for every encrypted device and individual who sends and receives encrypted messages,” or requires the creation and secure storage of duplicate keys” that can be handed over by the service provider upon request. The middle ground demanded by law enforcement between ‘good’ and ‘bad’ encryption is still bad encryption.
Further, it is simply not possible to build an encryption backdoor accessible only to the ‘good guys’. As we mentioned before, the use of encryption backdoors in various products also benefits hackers. For instance, back in 2009, Hackers breached a Google database through a backdoor meant to only provide access for the U.S. government.
Cryptography experts, like Matthew Green and Bruce Schneier, also disapprove of backdoors – as this would equate to mandating insecurity.
Where do we go from here?
The FBI’s failed request to get Apple to grant an encryption backdoor was arguably an attempt at setting a legal precedent. If Apple had acquiesced to this demand, there would be a legal precedent. As a result, it would create additional encryption backdoors in the future. Creating encryption backdoors from manufactures in emergency cases like this leads into consequences. As a result, all kinds of devices would immediately be at greater risk of attack from criminals and other bad actors.
In an open letter directed to the European Parliament, Mailfence and other European tech firms urged the EU parliament not to ban encryption.
As our lives increasingly rely on technology, the potential consequences of encryption backdoors only worsen. With the emergence of the Internet of Things, the existence of an encryption backdoor in one device could jeopardize security of other devices connected to it. As the saying goes, a chain is only as strong as its weakest link. Bad actors could compromise a seemingly innocuous IoT appliance. Therefore, this will put much more critical devices and data at risk of compromise. When we consider the large amount stored of our personal data on our devices and cloud services, the potential for abuse from repressive governments becomes more clear.
Is there a safe way to build encryption backdoors?
A hot debate about encryption backdoors has been going on for decades. In one camp are cryptography experts and privacy advocates fiercely defending the need to maintain strict encryption standards and practices. On the other side, governments and law enforcement agencies maintain a strong interest in establishing encryption backdoors in the name of public safety. Regarding the feasibility of a truly secure key escrow system, cryptography expert Matthew Green stated “we’ve thought about it and we don’t think it will work.”
– Mailfence Team
Patrick is the co-founder of Mailfence. He’s been a serial entrepreneur and startup investor since 1994 and launched several pioneering internet companies such as Allmansland, IP Netvertising or Express.be. He is a strong believer and advocate of encryption and privacy. You can follow @pdeschutter on Twitter and LinkedIn.