Opinion: Why the US government must lose cryptowars 2.0
In the 1990s, I was in high school.听I coded my first website as a college freshman in 1997. Two years later, I joined Geekcorps as an R&D intern. We sent tech geeks to Ghana, where they would volunteer with local businesses. I thought that was so cool.听
I had no idea that in Silicon Valley, and in Senate hearings in Washington, technologists were fighting for the right to create the basic building blocks of the Internet.
My听older friends in the security world have started telling me countless battle stories about听fighting "the cryptowars.鈥 Now we chat openly听at hacker conferences or their fancy corporate offices. But听back then, they were building Pretty Good Privacy, known as PGP, which became one of the most widely used tools for encrypting communications. They would take their servers home at night. They thought the FBI would break into the offices and seize their code. Export controls made it illegal for them to ship this crypto code overseas, so they typed the PGP code into book form. Senior executives mailed it to a bookstore in Europe. As online e-commerce and other activities became more mainstream, the restrictions 鈥 and security pros' paranoia! 鈥 relaxed.听
Yet these听stories from battle-scarred friends and advisors especially resonate because听I recently founded a security company of my own. I also focus on building encryption software. Why? Because I believe that strong encryption protects valuable American intellectual property from hackers and adversaries overseas 鈥 one of the most critical problems facing both startups and large corporations. Because the American economy is now powered by online tools, and those tools need to be secure.听
But now, with听FBI and National Security Agency leaders pushing Silicon Valley technologists to weaken their encryption so the US government can more easily access the protected data, it鈥檚 clear that while I may have missed the drama of the '90s, I won鈥檛 be able to escape the cryptowars redux of the 2010s. In fact, it's already affecting how I build my business.听My conversations with lawyers and potential investors inevitably address the strong possibility that I will move my company (or big chunks of it) overseas. The lawyers tell me that it is the safest approach.听Seasoned security executives tell me such a move would听be reassuring to my customers. 听听
The battlefield landscape has changed since the '90s: Back then, encryption for commercial use was just starting to take off. These days, strong encryption powers our banking and听e-commerce, and is increasingly implemented by major听consumer tech companies. Apple said that devices running its new听software would be encrypted by default.听Even the company itself unable to gain access to its customers' protected data.听And Google made headlines last year when it announced that "full-disk encryption," which protects user information on its Android devices, would be enabled by default.
The technology ecosystem may have changed over the last twenty years, but the ask from the national security establishment is, essentially, the same demand it made in the first cryptowars go round. Calling it 鈥渆xceptional access鈥 or a 鈥済olden key,鈥 US officials want law enforcement offices to have special access to encrypted messages. They have relied on intercepting our communications as a way to find and prosecute criminal activity 鈥 missions they say strong encryption could thwart.
The FBI and NSA want tech companies, such as Apple and Google, to听design their encryption so that the government would have a set of keys to access the otherwise secure data.听Insisting that groups such as ISIS, foreign state spies and criminals here at home are taking advantage of secure communications employing encryption,听FBI Director James Comey wants a "secure golden key" for听law enforcement to access the content of encrypted communications if听officers get a court-ordered warrant.听NSA Director Adm. Michael Rogers has been more technically specific in his request, proposing a "split key鈥 which would require the cooperation of multiple government agencies in order to use the key听and decrypt the data.听
I sympathize with this. If bad actors are using the encryption provided by my own company 鈥 criminals such as, say, child pornographers or violent terrorists 鈥 I would not wish to grant them safe harbor.听
But law enforcement鈥檚 argument today is just as flawed now as it was in the 1990s. We cannot bend software or cryptography to our will. Technology is science, not magic.听
Government officials鈥 requests to weaken encryption are based on a fantasy of what technology could be 鈥 not the reality of what software is actually like in practice. And their backers, such as听, are also swayed by it. , the same leader who has recruited top Silicon Valley talent to join him in the White House, wants to find a听compromise.
The problem? It is not technically possible.听There鈥檚 no such thing as a secure back door. The idea that the US government can have built-in access to encrypted data 鈥 while maintaining consumers鈥 security and privacy, and preserving American business 鈥 is flawed. Here鈥檚 why: 听
1. The technical solution of a 鈥済olden key鈥 would break the security of any sites or apps that are currently using best security practices. We cannot ignore the implications of weakening our websites and applications at a time when new data breaches are happening all the time. Alex Stamos, who is now Facebook's chief security officer, challenged Admiral Rogers on this issue earlier this year. 鈥淏ruce Schneier and Ed Felten and all of the best public cryptographers in the world would agree that you can鈥檛 really build back doors in crypto,鈥 said Mr. Stamos, who at the time was Yahoo's chief information security officer. 鈥淭hat it鈥檚 like drilling a hole in the windshield.鈥澨
2. Implementing a 鈥済olden key鈥 would require tremendous resources from tech companies.听It would add significant complexity to software. Complex software takes longer to build, and is much harder to test. Creating a secure software product that has insecurities deliberately听built into its design is ... complex, to put it mildly. Since this 鈥渂ack door鈥 is designed to be discreet rather than transparent (if the back door were easy to find, then any hacker could use it) the testing process will be even more cumbersome. Even if we had a multimillion dollar budget and a long time frame, I鈥檓 not sure how we could accomplish this at my own company.听And even听if we were given听complex technical specs to follow while building our products, this would be a huge burden not just for me, but other startups听and large companies alike.
What would happen to our economy if software across the industry听became 150 percent more difficult and more expensive to build? Let鈥檚 consider the impact to innovation, jobs and the state of our economy.听
3. It is a tremendous security risk to store these听"golden keys" within the government. What assurance do we have that this data听will fare better than that stored at the White House or the Office of Personnel Management, which were both recently breached by hackers?
Rogers, the NSA director, proposes splitting up the keys to make it harder to hack.听But that replaces this security risk with a bureaucratic nightmare. Will every startup be required to file keys with multiple government agencies? Most startups can barely stop putting out their own fires听long enough to file their taxes.听
4. The OPM breaches have given countries such as听China an ideal data set for turning American government agents into double agents. Even if we could protect our 鈥済olden keys," what would protect this agency from the ever-fallible human element? What if China succeeds in turning well placed American personnel into double agents? How arrogant must we be, to believe that any high value target would be impenetrable?听
Let鈥檚 consider one more wrinkle in this debate.听
So far, the framing by the US government assumes a kind of patriotism and loyalty by US corporations. Yet for how many years have some of the largest US companies maintained headquarters in Dublin, as a way of evading taxes here in the US? Companies are beholden primarily to their shareholders 鈥 without national loyalties, but responsible primarily to their bottom lines. What assurances do we have that companies would share their golden keys only with the US?听
And if other countries start to demand their own back doors, it would put US companies in a difficult position. 鈥淚f we鈥檙e going to build defects/back doors or golden master keys for the US government, do you believe we should do so 鈥 we have about 1.3 billion users around the world 鈥 should we do for the Chinese government, the Russian government, the Saudi Arabian government, the Israeli government, the French government? Which of those countries should we give back doors to?鈥 Stamos asked Rogers earlier this year.听
It鈥檚 a complicated problem, with no easy solution. Technologists are the first to admit this.听
But the FBI and the NSA听must also听concede that听any entry into encryption听available for their offices听would also be听an access point that could be abused by听the country's听adversaries.
To his opponents on this issue, the FBI's Mr. Comey has suggested technologists have simply not tried hard enough to reach a solution. 鈥淎 whole lot of good people have said it鈥檚 too hard 鈥 Maybe that鈥檚 so,鈥 he . 鈥淏ut my reaction to that is: I鈥檓 not sure they鈥檝e really tried.鈥澨
To Comey, I say this: Silicon Valley is full of "try."
The technology industry has responded to threats to customers鈥 security and privacy with agility, by building and implementing new tools to adapt to an ever-changing world.
Encryption is one of these tools.听
Famous technologists such as Stamos, Bruce Schneier,听Johns Hopkins University's Matthew Green, and听the University of Pennsylvania's Matt Blaze are hardly lazy.听
So, does law enforcement have a difficult job to do? Yes. Would it be helpful to the FBI if they had blanket access to all the information on the planet? Of course.听
But as听long as security systems are hackable and humans are fallible,听we must safeguard the integrity of software that powers our banking, our business and our medical communities.听
What's more, the fact that encryption is becoming mainstream 鈥 with end-to-end encryption now integrated into widely used applications like WhatsApp and iMessage 鈥 is a victory for the cybersecurity movement, and for this country鈥檚 security going forward.听
We cannot turn back the clock to a time when communications online were not safe. As the standard for secure communication gets higher, law enforcement must respond to this challenge with creativity, agility and above all 鈥 realism 鈥 about the options available.
It is now law enforcement鈥檚 turn to "try harder."
Elissa Shevinsky is a serial entrepreneur and chief executive officer of . She's is also the editor of "Lean Out" published by听OR Books, and the cofounder of the security conference. Follow her on Twitter听.
听
