Encryption is the hot new topic in security at the moment, as it has been any number of times in the last few decades. And, as in the past, the notions of key escrow, mandated legal access to encrypted systems and other ideas for helping governments defeat cryptosystems have followed right along with the latest crypto renaissance.
Much of the current spike in interest around cryptography and encryption comes directly from the revelations of Edward Snowden about the NSA’s methods, tools and tactics. That agency’s efforts to allegedly subvert cryptographic standards and defeat protocols such as SSL have drawn the attention and ire of users, security experts and cryptographers around the world. And it has had the concurrent effect of generating massive interest in encryption tools, as well. Secure email services, encrypted backup services and similar offerings are as popular now as they’ve ever been, something that makes life more difficult for intelligence agencies and law enforcement.
That problem has led government officials in the United States to bring up–again–the well-worn idea of a key escrow system that would give agencies the ability to decrypt communications and data when necessary. It’s an old idea, and one that cryptographers have said consistently won’t work for many reasons.
“There will be many, many people holding many, many keys. It just won’t work,” Ron Rivest, a professor at MIT and one of the inventors of the RSA algorithm, said during the cryptographers’ panel at the RSA Conference here Tuesday.
In recent months, intelligence officials and other government leaders have said publicly that there is a clear need for some way to address the issue of encrypted data and communications. Some have criticized technology vendors such as Apple and Google for adding strong encryption to their devices, while others have called for some version of a back door that would give law enforcement access to encrypted devices and communications when it’s legally necessary. The latest to join that chorus was NSA Director Michael Rogers, who said during a speech last week that tech companies should find a way to make encryption keys that can be broken into multiple parts, with each piece held by a different party.
“I don’t want a back door,” Rogers said, according to The Washington Post. “I want a front door. And I want the front door to have multiple locks. Big locks.”
It’s an idea that Rivest said would not work, and his fellow panelists dismissed it as well.
“The only difference between a front door and a back door is that the NSA will have to take your house and turn it around,” said Adi Shamir, co-inventor of the RSA algorithm and a professor at the Weizmann Institute in Israel. “Technically speaking, there’s a serious misunderstanding about key escrow. The head of the NSA is misusing this idea.”
But Rogers isn’t alone in asking for this kind of access. Jeh Johnson, the Secretary of Homeland Security, also brought the topic up during his keynote at the conference Tuesday, saying that encryption is a major hurdle.
“This presents a real challenge to law enforcement and national security. I understand the importance of what encryption brings to privacy. The deeper course we’re taking on encryption also poses a public safety challenge. Encryption is making it harder for your government to find criminal activity,” Johnson said. “We know a solution must take into full account the privacy rights and expectations of the American people. We need your help to find a solution.”
Ed Giorgio, who worked on both the code-making and code-breaking sides of the organization at various times during his 30-year career at NSA, said during the cryptographers’ panel that the key escrow issue is an important one, and likely not something that will be solved soon.
“It’s not a U.S.-only problem,” Giorgio said. “This will be an ongoing negotiation and I’m sure we’ll see various versions of it.”