Tuesday, December 22, 2015

The Fallacy and Idiocy of the so-called "Golden Key" to Break Encryption

The recent terrorist attacks in Paris (France) and San Bernardino (California) have invigorated the demands of clueless politicians for the creation of a so-called "Golden Key" that would allow law enforcement to decrypt encrypted communications.  In a recent Washington Post Article: After terrorist attacks, the debate over encryption gets new life; the Post notes that: "On Wednesday, Sen. Dianne Feinstein (D-Calif.) became the latest senior lawmaker to call for such legislation. “If there is a conspiracy going on” among terrorist suspects using encrypted devices, “that encryption ought to be able to be pierced,” said Feinstein, vice chairman of the Senate Intelligence Committee."  In regards to another clueless politician, the Post wrote: Kasich doesn’t understand how the tech that keeps you safe online works.

The problem is that should a "Golden Key" actually be developed and implemented as demanded by the clueless politicians, the "bad" guys, such as the terrorists, will also be able to use the "Golden Key" to break the encryption of the "good" guys, thus making the communications of the "good" guys insecure. Fortunately, the Washington Post also ran the article: A key under the doormat isn’t safe. Neither is an encryption backdoor, which counters the assertion by Sen. Feinstein that "piercing" encryption would be helpful.

The mere existence of a "Golden Key" means that it can somehow be stolen or otherwise acquired by anyone. An unwritten law is that secrets leak. Once acquired by the "bad" guys, they will be able to break the encryption of the "good" guys. That means the "good" guys such as the banks may find themselves susceptible to hacking. Furthermore, as for the "bad" guys, why they will simply go to their Plan "B", the development of their own proprietary encryption. Thus the development and imposition of a "Golden Key" is a fools errand. To protect the "good" guys, unbreakable encryption is required.

The necessity for unbreakable encryption, even if it unfortunately means that the terrorists benefit, is a complex topic. For more details and greater insight, I will refer you to the TechDirt theme concerning encryption. Please read the posts of the people commenting on the various articles.  They will provide much more insight than I have provided.

A link to a variety of articles published in the Washington Post on the topic of encryption. As with the TechDirt article, it is also important to read the comments provided.

A link to an old, but still relevant, 1997 article from the Electronic Frontier Foundation: Decoding the Encryption Debate.

A post by Troy Hunt:  Security Sense: Encryption is a necessity that cannot feasibly be compromised.

Phil Muncaster writes: IT Body: 'Let’s Not Weaken Encryption in Wake of Terror Attacks'Mr. Muncaster quotes ITIC president and CEO Dean Garfield as saying:Weakening security with the aim of advancing security simply does not make sense.

No comments: