Security news that informs and inspires

Working Group Attempts Consensus on Encryption, Lawful Access


Encryption Working Group Tries to Get Warring Sides to Talk

Law enforcement officials want a mechanism that would allow them to access encrypted messages sent between two people. Cryptographers say what the officials are asking for is impossible without undermining the fundamentals of encryption. Even if law enforcement officials like to frame the situation as a debate, it isn't. It is a stalemate.

For years, the two sides have sparred over the feasibility of lawful intercepts and encryption backdoors. The answer isn't "Think harder and make it work."

In an effort to break the logjam and push the conversation forward, the Carnegie Endowment for International Peace and Princeton University’s Center for Information Technology Policy put together an encryption working group to figure out if there was any kind of a starting point, a consensus, between the different groups. The result is the Moving the Encryption Policy Conversation Forward policy paper identifying specific areas where there may be some common ground, Tim Maurer, co-director of the Cyber Policy Initiative at the Carnegie Endowment, wrote on Twitter.

The working group offered "potentially more fruitful ways to evaluate the societal impact" of any proposed approaches and also attempted to break down the discussion into "its component parts." The group did not have new recommendations or proposals that could work, because they were unable to come up with any.

We pushed hard to try to find consensus," Alexander Macgillivray, a board member for Data & Society and the former deputy CTO of the United States, wrote on Twitter about the group's work. "It will surprise no one that we didn't get consensus on any way to give exceptional access to encrypted info for law enforcement that we believed was worthwhile.

The value of the paper, at least for the working group participants, was in the realization that instead of talking about restricting all encryption, which is an idea that would never gain any kind of traction or support, policymakers should break the issues into component parts. Data needs to be collected to support/refute the component parts, and the risks and benefits of lawful access should be considered for each area separately. There are differences in types of encrypted data and that there are specific challenges for each.

"There will be no single approach for requests for lawful access that can be applied to every technology or means of communication," the working group wrote.

Instead of talking about restricting all encryption, it separates encrypted data at rest (storage) from encrypted data in motion (communication). Any debate about access to encrypted data should focus on data encrypted on a device rather than data being transferred across the network or between devices, the report said. Data in-motion poses challenges because modern cryptographic protocols use a separate "session key" for each message, unrelated to the private/public key pairs used to initiate the communication, to make sure the contents of a message is kept independently secret from other messages. Any attempt to simply the collection, or tracking, of these session keys, would break that, or substantially weaken the independence.

Encrypted data-in-motion “may not offer an achievable balance of risk vs benefit, and as such as not worth pursuing and should not be the subject of policy changes,” the report suggested.

Noted security expert Bruce Schneier expressed skepticism that there were any benefits to backdooring encryption for data at-rest (or any type of encrypted data), but agreed with the working group that the two aspects "should be treated independently.” Policymakers should pick the problems there is some chance of solving, and not demand systems that put everyone in danger, such as no key escrow (a master key that law enforcement would have capable of decrypting everything), or software updates designed to break into devices (such as what the FBI wanted Apple to provide when it was trying to access the contents of an iPhone related to the 2015 shooting in San Bernardino, Calif.).

However, any discussion of proposals, such as on accessing data at-rest, must take into account the costs and benefits of providing that level of access to determine whether the proposal is viable. In the past, law enforcement has focused on the benefits (such as being able to solve investigations and arrest dangerous criminals) while the technology side—the security experts and the engineers making the technology—have focused on the costs. Both are necessary for a discussion to go anywhere.

The policy paper described a framework for weighing the costs and benefits, including defining use cases against which any proposal should be tested. The current conversation gets bogged down with those on the side of lawful access demanding ideas, so this framework provides a starting point on how to properly explore why bad ideas are bad.

Just because the working group recommended focusing future conversation on encrypted data-at-rest doesn't mean it suggested that it was okay, tolerable, even, to weaken the encryption that is used to secure the data where it is stored. The paper's stance was that if there had to be a discussion, this was one area where it may make sense to begin.

"We have not concluded that any existing proposal in this area is viable, that any future such proposals will ultimately prove viable, or that policy changes are advisable at this time," the working group warned.

The working group pulled together a number of well-known security experts and government officials, such as Jim Baker, the former general counsel of the FBI, Chris Inglis, the former deputy director of the NSA; Alexander Macgillivray, the former deputy U.S. CTO and co-founder at technology non-profit Alloy; Susan Landau, a cybersecurity and policy professor at Tufts University' and Sean Joyce, the cybersecurity and private leader at PwC.

Every group member signed off on the paper's consensus but also likely has opinions well beyond it," Macgillivray wrote. "I am skeptical that we will ever find a worthwhile approach, but others might believe one is near. This was an attempt at consensus not enumeration of views.

The group rejected the "two straw men," absolutist positions stating that there should no attempt whatsoever to try to find ways to "enable access to encrypted information," and that law enforcement cannot protect the public at all if it can't access encrypted data. The point here isn't that law enforcement can't try to find ways to get at the data—but that they shouldn't undermine encryption basics in the process.

"We believe it is time to abandon these and other such straw men," the working group wrote in the report.

Errata Security's Rob Graham called out the group's use of "absolutist" as a "code word" on Twitter as it seems to refer to those opposing encryption backdoors. Any discussion of accessing encrypted data and what law enforcement can or cannot do, stems from law enforcement's conviction that the government has the right to view all information. Graham's point was that the absolutist position is not saying that encryption cannot be backdoored, but rather that law enforcement "must have absolutist access," in the first place.

"I would suggest that that law enforcement give up it's absolutist claim that they need 100% access to everything. I suggest that they accept the position that they can still protect the public without being able to decrypt every phone," Graham wrote.

Earlier this summer, Attorney-General William Barr pushed for a law that would force encrypted messaging apps such as WhatsApp to provide law enforcement officials with a decrypted copy of the message in a speech at Fordham University. The working group's main point seems to be that lawful access for smartphones should not compromise the encryption used to protect communication systems. The framework reframes the current situation where the technology companies and security experts are cast as the non-cooperating party into one that forces the ones making the request to consider the risks of what is being proposed.

"If we cannot have a constructive dialogue in that easiest of cases, then there is likely none to be had with respect to any of the other areas," the working group said.