Security news that informs and inspires

The Faces Change, But the Crypto Problem Remains the Same


You may have noticed that there have been some personnel changes in Washington recently. Federal officials, cabinet secretaries, and White House staffers have been coming and going rather frequently, and while the changes keep on coming, there are still some constants, and the government’s desperate need to find a way around strong encryption is one of them.

The problem is an old one, though the current iteration of it carries with it the civil liberties and technological baggage that have accumulated during the conflicts of the last few years. The protracted war of words and wills between Apple and the FBI in 2016 over an encrypted iPhone is the most visible example, but there are dozens and dozens of other cases in which law enforcement has run up against some version of the same problem. The encryption mechanisms that protect modern devices are strong enough that the most well-resourced agencies in the world generally can’t circumvent them without resorting to legal means (or specialized outside help).

And that is not a tenable situation, from the government’s perspective. FBI directors, intelligence officials, lawmakers, and presidents have publicly spoken about the difficulty that strong encryption presents for both law enforcement and intelligence operations. Encrypted phones, tablets, and computers containing potential evidence or intelligence information often are beyond the reach of investigators. This fact has led to repeated calls from these agencies and some politicians for technology companies to develop a technical solution that would offer so-called exceptional access to encrypted devices while somehow still providing security for users.

Executives and security experts across the industry have maintained for decades that those two goals are diametrically opposed and there’s no practical way to accomplish both. Cryptographers have said the same, pointing out that any backdoor, key escrow scheme, or other intentional weakness in a cryptosystem is a weakness for all, not just for the FBI or NSA. And you can bet that attackers will be spending quite a bit of time looking for any such mechanism if it’s ever implemented.

Any backdoor, key escrow scheme, or other intentional weakness in a cryptosystem is a weakness for all, not just for the FBI or NSA.

This issue is coming to the fore again thanks to the ongoing game of musical chairs in Washington, D.C. The upheaval at the FBI, as well as the impending departure of NSA Director Michael S. Rogers, have brought the crypto topic into the news again, and recently lawmakers had the chance to talk to the current nominee to take over NSA, Lt. Gen. Paul Nakasone, about his views on it. Sen. Ron Wyden (D-Ore.), a long time member of the Senate Select Committee on Intelligence, in a hearing on March 16 asked Nakasone whether he agreed with experts about the impracticality of a “secure backdoor”.

“The widespread consensus from encryption experts is that tech companies can’t modify their encryption to permit law enforcement access to Americans’ communications and data without also helping sophisticated foreign government hackers get in. You’re as familiar with the capabilities of our adversaries as anybody. Do you agree or disagree with those experts?” Wyden asked. After some general statements about the NSA’s capabilities and the difficulty of defeating encryption, Wyden pressed Nakasone again, asking whether he agreed with the experts’ opinions.

“I would offer Senator, that it’s a conditional yes,” Nakasone said.

“That’s encouraging,” Wyden said.

Indeed it is. Hearing that the man who may soon be running the nation’s most powerful security agency is in tentative agreement with encryption experts is refreshing. Of course, saying it is one thing; putting it into practice if and when he’s confirmed is another thing entirely. Competing interests, pressure from above, and many other factors easily could make it quite difficult for Nakasone to stand fast on that position. Also, NSA is only one piece of the puzzle. The FBI and other law enforcement agencies have been the most vocal proponents of exceptional access, and there no reason to believe that will change, even with the current power vacuum at the top of the FBI.

The people, cases, and discussions may change, but the technology continues to advance and the conflict between those who want or need access to data and those who seek to protect it will continue, as well.