How Law Enforcement Surveillance Is Hurting Enterprise Security
Government backdoors used for surveillance are leaving systems vulnerable to traditional attack, a new report by prominent cryptographers argues.
The report, titled "Keys Under Doormats: Mandating Insecurity By Requiring Government Access to All Data and Communications" and released this week, looked at the issue of requiring access mandates to government agencies and the unforeseen consequences not tied to personal privacy that could arise.
"The complexity of today's Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws," read the report. "Beyond these and other technical vulnerabilities, the prospect of globally deployed exceptional access systems raises difficult problems about how such an environment would be governed and how to ensure that such systems would respect human rights and the rule of law."
In the report, the group of computer scientists, which included Steven Bellovin, encrypted key exchange inventor, and Ronald Rivest, coauthor of the RSA crypto system, among others, were quick to point out that they had no issue with law enforcement working with the tech industry to carry out lawful surveillance that does not hinder personal privacy. However, proposed backdoors should also be accompanied by a report stating the real-world risks and future costs that could be attributed to implementation.
One scenario, which has been proposed by government bodies to the private sector with regularity, was the issues of how government officials could access encrypted data. A commonly suggested action would be to use specially created "escrowing" keys that could only be used by government agencies. Instead of handling the actual encryption crypto keys, special ones would be created for only law enforcement. However, the report points out a fatal flaw with this approach:
The first technical obstacle is that although the mode of encrypting a symmetric key with a public key is in common use, companies are aggressively moving away from it because of a significant practical vulnerability: if an entity's private key is ever breached, all data ever secured with this public key is immediately compromised . Because it is unwise to assume a network will never be breached, a single failure should never compromise all data that was ever encrypted.
Because of this, many organizations are opting for forward secrecy encryption tech that generates new keys on every transaction, limiting the window that a possible breach due to stolen keys could be pulled off. If government bodies have already reached agreements with orgs to place backdoors in the form of universal keys, then an enterprise would be exposing itself to a higher level of danger due to not being able to adopt the best tools available. Further, the question of who holds onto the escrowed keys, and who is ultimately responsible if they are stolen will be a constant worry of IT.
The underlining issue is that there hasn't been enough foresight by government officials when proposing how to carry out surveillance activity, argued Ross Anderson, a professor of security engineering at the University of Cambridge and contributor to the report. "The government's proposals for exceptional access are wrong in principle and unworkable in practice," said Ross Anderson, a professor of security engineering at the University of Cambridge and the paper's sole author in Britain. "That is the message we are going to be hammering home again and again over the next few months as we oppose these proposals in your country and in ours."