I was pleasantly surprised to see recent Stevens graduate Marques Brownlee in the Democratic debate on January 17. He, along with other prominent YouTubers, recorded questions for the debate. I hate to drop a long quote on readers, but I feel it’s important to include Brownlee’s question and the candidates’ answers:
“I think America’s future success is tied to getting all kinds of tech right. Tech companies are responsible for the encryption technology to protect personal data, but the government wants a backdoor into that information. So do you think it’s possible to find common ground? And where do you stand on privacy versus security?”
Unfortunately, Martin O’Malley was the only candidate to answer the question. His argument boils down to the following: “our federal government should have to get a warrant, whether they want to come through the backdoor or your front door.”
O’Malley added, “there are certain immutable principles that will not become antique things in our country so long as we defend our country and its values and its freedoms. And one of those things is our right to be secure in our homes, and our right to expect that our federal government should have to get a warrant.” I was pleased that O’Malley supports requiring warrants for surveillance. Unfortunately, he did not make any statements about the implementation of cryptographic backdoors.
Recently, many public officials have demanded that tech companies include backdoors in their products using cryptography. These backdoors would allow a third-party (ideally an intelligence agency) to access otherwise encrypted information.
The public perceives encryption as a tool used by terrorists and criminals to hide from the law. This belief is shaped in part by misleading statements from the likes of FBI Director James Comey and UK Prime Minister David Cameron. In reality, you likely use encryption on a daily basis. Unless something is wrong, every time you use your credit card, log into a website, or even just connect to a wifi network, you are using encryption .
The supposed need for surveillance and access to encrypted systems is a topic for another day. I’m going to explain how backdoors undermine these systems. There is no way to prevent “bad guys” from using these backdoors to steal data or commit fraud or other crimes. Similar approaches taken by the United States in the past have failed.
Until 1996, encryption software in the United States was legally classified as “Auxiliary Military Equipment,” and could not be exported. Weaker, “export grade” encryption that could be used internationally was introduced. Export crypto was designed to be breakable with a super computer. As computers grew cheaper and more powerful, anyone could crack these systems with brute force. In the past year alone, attacks such as FREAK and Logjam have taken advantage of weak export crypto still used on modern systems for backwards compatibility.
O’Malley talked about immutable principles in his response to Brownlee’s question. I’ll add one here: it is mathematically impossible to create a cryptosystem that is secure against “bad guys,” but also includes holes for “good guys” can use. I hope that our public officials come to realize this in the coming months.