A terrorist assaults the Canadian Parliament, and is shot dead. Police, fearing a Mumbai-style mass attack, seize the gunman’s cell phone to look for contacts, communications, text messages, or other information from which they could determine whether the attack is that of a lone gunman, or part of a more concerted attack.
The phone is encrypted, and its owner is dead. There is a circumstance where the ability to quickly and efficiently decrypt the contents of the seized cell phone (with a warrant or at least based on exigent circumstances) could prove to be very useful.
Unfortunately, the ability to do so is more fantasy than reality, from both a legal, engineering and practical level.
It is easy to understand why law enforcement agencies like the FBI and others would want to have the ability to decrypt the contents of files. What Director Comey proposed — some kind of secret “key” that could only be invoked in the event of a Court order would certainly balance the privacy interests of the data owner against the needs of law enforcement.
In fact, it would do a better job than what we have now — where the government can force decryption of data without a warrant or court order, as long as they have a compliant technology provider.
We can also imagine circumstances where the ability to decrypt the contents of files could save lives. Because we are talking about a warrant here, the police have already established to a neutral and detached magistrate not only probable cause to believe that a crime has been committed, but also probable cause to believe that there is evidence of that crime located on the device (or in the files) which they seek to examine.
It’s hard to think of a physical analogue where the police can obtain a warrant to search a particular place for a particular thing, but that the individual on whom the warrant has been served has the ability to effectively thwart the warrant. Even if a subject puts sensitive documents in a locked safe, the government can blast the door open (at least in the movies, right?). Sure, the government can “brute force” a well-encrypted file or document, but we can assume that this may take months or years (at least that’s what we have been told by the crypto geeks.)
The files the government seeks to have access to may run from the mundane to the spectacular. Although the government drags out the timeworn bogeymen of child abduction and terrorism, once given the authority to search, the power will be used in garden variety drug and fraud cases, domestic violence cases, and in fact any kind of case whatsoever. But it will also be used in those spectacular cases — when life is on the line. Without this power — sanctioned by the Courts and subject to their supervision, people will die.
Point, FBI.
In addition, because the mysterious unlock key can only be invoked with a court order, unlike the potential abuses of National Security Letters, the FBI or other law enforcement agencies’ ability to decrypt at will is necessarily limited by the court. So privacy is protected better than today.
Point 2, FBI.
Finally, the FBI is not really asking for a “back door” that they can use at will. There’s an old joke about King Arthur going off on a quest, and placing Queen Guinevere in a chastity belt, but telling his trusted Lancelot that he was trusting him with the key in the event that he was killed or failed to return in seven years. Within minutes of leaving Camelot, Lancelot riding at full speed to meet him surprises Arthur. “My King, My King,” Lancelot exclaims, “You gave me the wrong key!” That’s the problem with key escrow.
What Director Comey proposed was essentially a two-step process. Apple, Amazon, Google, Microsoft, or whoever would continue to retain the ability it (presumably) has now to decrypt devices or data.
They would have the “key.” The FBI would present them with a warrant, and they would be ordered to decrypt (and produce the plaintext) to the FBI. Effectively, it’s a three party system involving the cops, the courts, and the technologist. Checks and balances. Apple, Google, etc., would also be able to challenge the scope and extent of the warrant or order to decrypt. It’s better than just giving Lancelot the key.
Point 3, FBI.
So this is a partial defense of Comey’s plan. While all of the above may be true, in reality, there is no magic key. Crypto is either reasonably secure, or it’s not. The math doesn’t know if you are a good guy with a warrant or a bad guy without one. It doesn’t know if you are Canadian, American, Russian, North Korean, Chechen, Iranian, Ukrainian or Novorossiyan.
It doesn’t know if you represent the FBI or ISIS. Moreover, identity schemes that depend on the existence (and privacy) of a “private key,” from trusted certificates to SSL to PKI to PGP all rely on the idea that something “signed” by a private key must have originated from a trusted source.
Disengage that web of trust, and you disengage the fundamentals of e-Commerce. Imagine an autopen that can sign anyone’s name perfectly in a society that relies on physical signatures for all commerce. (I remember passbook savings accounts with signature cards.) The autopen device effectively renders the signature authentication moot.
And it’s not just authentication. It’s all of security. So we have to ask whether, as a society we are better with everyone having weak encryption (or deliberately weakened encryption) which would ultimately be subject to attack by foreign governments, hackers, and terrorist organizations, just so the FBI can have access to some records sometime, or whether we are better off with everyone securing everything at all times (ha, like that will happen!) Still, crypto is like the Honey Badger. It doesn’t care.
Point, Crypto.
There are practical issues related to the FBI proposed plan as well. So the RCMP now huddles on Wellington Street with the seized phone from the Parliament shooter. Time is of the essence. There could be other terrorists. Jack Bauer is nowhere to be found. It’s fantasy to believe that the FBI could, in real time, get a warrant, get the device to an authorized Apple agent, have them decrypt the device, and get the data back in seconds or minutes. Days or weeks are optimistic. So law enforcement would then say, like Lancelot that they needed to keep the key, but don’t worry, we won’t abuse it. Can anyone say “slippery slope?”
Point 2, Crypto.
Then there’s the problem of “good guys” and “bad guys.” Put aside hackers and criminals. If this decryption ability is built into the technology, why should the FBI be the only ones to use it? How ‘bout the Secret Service, Border Patrol, US Marshal’s Service, Homeland Security, Capital Police?
While we are at it, how ‘bout the California State Police, the NYPD, or the Broward County Sheriff’s office? What about the East Rutherford New Jersey Police Department, or Sheriff Taylor from Mayberry, North Carolina? There are literally tens of thousands of law enforcement agencies in the United States alone.
Shouldn’t the RCPM have access to these records, or the Ottawa Police Service, or the Ontario Provincial Police, or the National Battlefields Commission Police? What about law enforcement agencies in other countries? Scotland Yard are good guys, right? So is the Israeli Mishteret. France, Mexico, Australia, Japan, all good. That’s an awful lot of keys (or access to keys) floating around. But no worries, they would never be used for bad purposes or fall into the “wrong” hands. And those are just the good guys.
Point 3, Crypto.
In addition to the good guys, there are those governments, which want access to encrypted data for what WE would consider bad reasons, but they would consider national security purposes. Should Apple deny the Syrian government access to keys to fight ISIL? Should Apple deny the Syrian government access to keys to fight rebels? Should Ankara get keys to battle Islamic fundamentalists, but not to fight Kurds? Do Kurds get keys to fight Syrians but not Turks? Not so cut and dry, Director Comey.
Point 4, Crypto.
Then there’s “other bad guys.” Hackers, crooks, thieves, spies, etc. Weakened crypto is, well, weakened crypto. So much for protecting secrets.
Point 5, Crypto.
And there’s the matter of trust. If we weaken crypto, nobody trusts it. If we weaken crypto and tell people that the U.S. government holds the keys (or access to the keys), nobody buys US products. Or nobody uses crypto making everyone and everything subject to attack. So we destroy an industry and a technology. Oops.
Point 6, Crypto.
In Arthurian legend, the sword “Excalibur” (sometimes called Calabrum, Callibourc, Chalabrun, and Calabrun) could only be pulled from the Stone and wielded by the “true king” who was pure of heart. I wish there was a magic decryption key that could work only for the pure of heart. Unfortunately for Director Comey, such a key doesn’t actually exist. Oh, and not everyone would agree that the FBI is the “true king.” So there’s that too.