Encryption with backdoors is worse than useless -- it's dangerous

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.infoworld.com/article/2946064/encryption/encryption-with-forced-backdoors-is-worse-than-useless-its-dangerous.html

Last week FBI Director James Comey testified before a Senate Judiciary
Committee about the use of encryption among terrorist groups. For anyone
who understands the critical role that encryption plays in the Internet and
our private data networks, many of the exchanges between Comey and the
senators on the panel were not only revealing, but rather disturbing.

Examples abound, but a few stick out. For instance, while discussing
various types of encryption on data communications and devices, Sen. John
Cornyn, R-Texas, said this:

"It strikes me as irresponsible and perhaps worse for a company to design a
product that would intentionally prevent them from complying with a lawful
court order."

By this he appears to mean that he would expect that anything that was
encrypted should be able to be decrypted without the actual keys at the
request of a U.S. court. Director Comey clearly agreed:

"I don't understand the demand for people who would want encryption that
couldn't be decrypted at the order of an American judge."

On the other side of the pond, U.K. Prime Minister David Cameron has said
he wants to either ban strong encryption or require backdoors to be placed
into any encryption code to allow law enforcement to decrypt any data at
any time.

The fact that these officials are even having this discussion is a bald
demonstration that they do not understand encryption or how critical it is
for modern life. They're missing a key point: The moment you force any form
of encryption to contain a backdoor, that form of encryption is rendered
useless. If a backdoor exists, it will be exploited by criminals. This is
not a supposition, but a certainty. It's not an American judge that we're
worried about. It's the criminals looking for exploits.

We use strong encryption every single day. We use it on our banking sites,
shopping sites, and social media sites. We protect our credit card
information with encryption. We encrypt our databases containing sensitive
information (or at least we should). Our economy relies on strong
encryption to move money around in industries large and small.

Many high-visibility sites, such as Twitter, Google, Reddit, and YouTube,
default to SSL/TLS encryption now. When there were bugs in the libraries
that support this type of encryption, the IT world moved heaven and earth
to patch them and eliminate the vulnerability. Security pros were sweating
bullets for the hours, days, and in some cases weeks between the hour
Heartbleed was revealed and the hour they could finally get their systems
patched -- and now politicians with no grasp of the ramifications want to
introduce a fixed vulnerability into these frameworks. They are threatening
the very foundations of not only Internet commerce, but the health and
security of the global economy.

Put simply, if backdoors are required in encryption methods, the Internet
would essentially be destroyed, and billions of people would be put at risk
for identity theft, bank and credit card fraud, and any number of other
horrible outcomes. Those of us who know how the security sausage is made
are appalled that this is a point of discussion at any level, much less
nationally on two continents. It’s abhorrent to consider.

The general idea coming from these camps is that terrorists use encryption
to communicate. Thus, if there are backdoors, then law enforcement can
eavesdrop on those communications. Leaving aside the massive
vulnerabilities that would be introduced on everyone else, it’s clear that
the terrorists could very easily modify their communications to evade those
types of encryption or set up alternative communication methods. We would
be creating holes in the protection used for trillions of transactions, all
for naught.

Citizens of a city do not give the police the keys to their houses. We do
not register our bank account passwords with the FBI. We do not knowingly
or specifically allow law enforcement to listen and record our phone calls
and Internet communications (though that hasn’t seemed to matter). We
should definitely not crack the foundation of secure Internet
communications with a backdoor that will only be exploited by criminals or
the very terrorists that we’re supposedly trying to thwart.

Remember, if the government can lose an enormous cache of extraordinarily
sensitive, deeply personal information on millions of its own employees,
one can only wonder what horrors would be visited upon us if it somehow
succeeded in destroying encryption as well.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!