Recently I was called by the BBC about back-doors in cryptography, and I said I would be interested in debating the issue, and then they asked if I could put forward the concept of backdoors in encryption, and I said:
I can’t do that!
They said, “Well, we are really struggling to get someone to put that point, couldn’t you just outline the advantages and how it would be possible?”
I said, “Well, most people with any technical knowledge know that it is a bad thing, and to provide an academic point-of-view I would have to be critical of it. In fact if I put forward the concept of backdoors in cryptography, I would have no creditability in my field.” The conversation finished and they didn’t invite me on. Basically I was there to back-up a politician who was on the show – whom I can’t name but you can guess who it was.
Seemingly they had a whole lot of people who were keen to tell the world that back doors in crypto were a bad thing, and were struggling to find anyone, outside the political world, who would see sense in breaking the core of Internet security.
In Australia, the Prime Minister (Malcolm Turnbull), in a debate over encryption, has defined that in his country that mathematics comes in second place to law. Within new laws, his government will force social media and cloud service providers to hand-over encrypted messages.
When asked by journalists about how this would be possible, he said:
“Well the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia,”
He then went on to say that cryptographers were the problem, and he needed them to face up to their responsibilities, and that they just can’t wash their hands of it. Well, I have a new book coming out of cryptography, and, as an academic, I take my responsibilities seriously, and try to do everything possible to inform. I also know, that we cannot have a backdoor in our cryptography, and this is reinforced by senior security professionals.
The new proposals in Australia have been developed on the UK’s Investigatory Powers Act, where service providers must decrypt secret communications, but, even in the UK, those powers are not able to magically open up encrypted content, or provide a ‘man-in-the-middle’. Amber Rudd, UK Home Secretary, defines encryption as “completely unacceptable”.
NOBOS or Key escrow – either way it breaks the Internet
So how could it be done? Well I’ve outlined things here…
and the Catch-22 for crypto…
Politicians still see their borders as strong and where they can put up barriers for what comes into and leaves their country. Not any more! The Internet does not respect borders. While breaking encrypted communications is possible, it would open-up so many problems, and would probably not fix any of them. Users, in general, don’t want to be spied upon, and need to feel secure.
A breach by an insider within one of the major social media and cloud service companies, would end up being the largest data breach ever… where every single word recorded within communications would be open to the world!
While the risks to our society are great, there is, possibly, an even greater risk to our citizens for their privacy. If you ask Phil Zimmerman (creator of PGP), he thinks that law enforcement agencies have never had it so good and that the step to breaking encryption would just be one step too far. So in a world when I can’t even tell if the person who has just sent me an email is actually that person, if anything, we need to move towards building a completely trusted infrastructure built on cryptography.
As for cryptographers washing their hands of the issue … I can’t see that!