A 'Golden Key' for Encryption Is Mythical Nonsense
A backdoor to encryption, even if euphemistically rebranded as a “front door” or a “golden key,” is by definition a vulnerability.
FBI Director James Comey (center) continues to rail against encryption. Image: White House
Last year, the Washington Post editorial board called for tech companies to create a "golden key" that would decrypt otherwise secure user communications for law enforcement. Apple, Google, Facebook, and others ignored the editorial, coming out with end-to-end encryption for iMessage and Facetime, end-to-end encryption for Gmail, and PGP for Facebook notification emails. Now, the Washington Post is doubling down on its call for a "golden key."
The problem noted by many last year is that a backdoor to encryption, even if euphemistically rebranded as a "front door" or a "golden key," is by definition a vulnerability. Building in backdoors threatens consumers and makes them vulnerable to criminals and hostile foreign governments alike. See, for example, the FREAK and Logjam vulnerabilities, discovered earlier this year. The FREAK attack can allow a malicious hacker to "steal or manipulate sensitive data" in transit—think, a password for your online banking, a credit card number, a compromising photo.
Both FREAK and Logjam originate out of 1990s "export-grade" cryptography—purposefully weakened encryption from the last time the government was pushing for the kinds of "golden keys" that the Washington Post is now advocating for. These days, not a week goes by that another major hack makes the news: OPM, Hacking Team, Ashley Madison. All this, even without a federal mandate to purposefully make things less secure.
The newspaper's editorial board last week called for the National Academy of Sciences to examine "the conflict." In other words, the Post thinks we had better hear both sides. "All freedoms come with limits," the board writes, "it seems only proper that the vast freedoms of the Internet be subject to the same rule of law and protections that we accept for the rest of society."
But it's not illegal to lock your door at night. It's not illegal to have a whispered conversation in a park. It's not illegal to walk out of sight of a CCTV camera. It's not illegal to carry cash.
Certainly, it is a great blow to law enforcement that some encryption cannot be broken for them, just like it is a great blow to law enforcement that we don't have the telescreens from 1984 installed in our bedrooms. There are some things law enforcement do not get to see and do not get to have, even with a warrant. That is how things have always been, and our society has yet to fall apart because of it.
For a long time, the fight around online privacy has orbited around the phrase, "Get a warrant." But that does not mean a warrant is a magic incantation that should conjure any information imagined and desired. The specter of future warrants should not shape the internet exactly how law enforcement would like it to be shaped, particularly when it put ordinary people at risk of harm.