Bring in the nerds: EFF introduces actual encryption experts to U.S. Senate staff

According to Blaze, the one bright spot is the increasing deployment of encryption to protect sensitive data, but these encryption mechanisms remain “fragile.” Implementing encryption at scale remains an incredibly complex engineering task. Blaze said that computer scientists “barely have their heads above water;” and proposals that would mandate law enforcement access to encrypted data would effectively take away one of the very few tools for managing the security of infrastructure that our country has come to depend on. These proposals make the system more complex and drastically increase the surface for outside attackers.

Blaze noted the CLEAR key escrow system put forth by former Microsoft CTO Ray Ozzie recently written up in Wired only covers a cryptographic protocol—”the easy part”—which itself has already been demonstrated to be flawed. Even if those flaws could be satisfactorily addressed, it would still leave the enormous difficulty of developing and implementing it in complex systems. Surmounting these challenges, Blaze said, would require a breakthrough so momentous that would it lead to the creation of a Nobel Prize in computer science just so it could be adequately recognized.

Professor Landau began her remarks by pointing out that this was not at all a new debate. And she noted that Professor Blaze was one of the technical experts who broke the NSA’s Clipper Chip proposal of the 1990s. And key escrow, as it was described by the Clipper Chip, really isn’t much different from modern calls for extraordinary access. Turning to the most current key escrow proposal, Ozzie’s CLEAR, Professor Landau noted that the way crypto algorithms get built is by exhaustive peer review. However, CLEAR had its most public presentation in Wired Magazine and has yet to be subjected to rigorous peer review, even though only a tiny portion of the systems problem that “exceptional access” presents are actually addressed by CLEAR, and the proposal has already been found to have a flaw.

Professor Landau concluded by noting that the National Academies of Sciences study showed that the very first two questions that we need to ask about an “extraordinary access” mechanism are: does it work at scale, and what security risks does it impose. The FBI has steadfastly ignored both those problems.

“We’re not looking at privacy versus security. Instead, we’re looking at efficiency of law enforcement investigations versus security, and there are other ways of improving the efficiency of investigations without harming security,” Landau said. “Complexity is the enemy of security. If you want a phone that’s unlockable by any government, you might as well not lock the phone in the first place.”

Apple’s Neuenschwander presented an on-the-ground look at how Apple weighs tradeoffs between functionality and user privacy. In the case of encryption of iPhones, he echoed the concerns raised by both Blaze and Landau about the complexity of implementing secure systems, noting that Apple must continually work to improve security as attackers become more sophisticated. As a result, Apple determined that the best—and only—way to secure user data was to simply take itself out of the equation by not maintaining control of any device encryption keys. By contrast, if Apple were to have a store of keys to decrypt users’ phones, that vault would immediately become a massive target, no matter what precautions Apple took to protect it. Though the days of the Wild West are long gone, Neuenschwander pointed out that bank robberies remain quite prevalent, 4,200 in 2016 alone. Why? Because that’s where the money is. All exceptional access proposals would take Apple from a regime of storing zero device encryption keys to holding many and making itself ripe for digital bank robbery.

EFF’s Dr. Gillula spoke last. He opened by explaining that getting encryption right is hard. Really hard. That’s not because cryptographers spend years working on a particular cryptographic mechanism and succeeding. Rather they spend years and years on working systems that other cryptographers are able to break in mere minutes. Sometimes those flaws are in the encryption algorithm, but much more often in the engineering implementation of that algorithm.

And that’s what companies like Cellebrite and Grayshift do. They sell devices that break device security—not by breaking the encryption on the device—but by finding flaws in implementation. Indeed, there are commercial tools available that can break into every phone on the market today. The recent OIG report acknowledged exactly that: there were elements within the FBI that knew that there were options other than forcing Apple to build an exceptional access system.

In conclusion, Gillula noted that in the cat-and-mouse game that is computer security, mandating exceptional access would freeze the defenders’ state of the art, while allowing attackers to progress without limit.

We were impressed by the questions the Senate staffers asked and by their high level of engagement. Despite the fact that we’ve entered the third decade of the “Crypto Wars,” this appears to be a debate that’s not going away any time soon. But we were glad for the opportunity to bring such powerful panel of experts to give Senate staff the unfiltered technical lowdown on encryption.

This article is published courtesy of the Electronic Frontier Foundation (EFF)