[ios14]

Unpopular view, but unrecoverable encryption deployed at web scale is a cancer on society. While unrecoverable encryption provides additional privacy to law abiding citizens, it normalizes low level criminal activity at scale.

There has to be a better trade-off here that minimizes the risks of 3rd party access, and gives law enforcement and the intelligence agencies the tools they need to do the best possible job.

If I had to choose, I’d rather my consumer endpoints be hardened but have vetted and protected exceptional access mechanisms on the encryption.

In practice, this bill is likely to lead to cut corners by big tech, who won’t be legally mandated to actually build increasingly responsible encryption recovery mechanisms for LEO. This will enable big tech to say, “I told you so”, because they were simply doing the minimum amount that was required of them legally.

[vlovich123]

Would a bill really eliminate the concept altogether? It might make their business more expensive in certain parts but there are multi-billion dollar criminal empires that invest in things like their own submarine tech. Do you think e2e encryption isn't something they'd develop in-house & resell to each other?

At best it might help catch some street level crime but any serious organized crime (which arguably is a bigger problem because it's organized) will have the tools available anyway. Consider it this way. There's already a black market for security exploits with exploits frequently costing far more than they might actually otherwise be worth (there's a limited time utility before the exploit is patched). How much do you think e2e encryption would cost & do you think there's not going to be buyers & sellers for this? Especially since, unlike exploits, this is an infinitely distributable solution. I can sell to as many buyers as I want without risking my revenue stream.

On the technical side we've observed what happens with this stuff. We'd be one Snowden-style leak away from all websites instantly becoming vulnerable. Do you not think that might be valuable to adversaries of the USA?

[ios14]

>criminal empires

True, you can’t stop math but you can try to police it. You can regulate consumer access. Doing so means one less “gone dark” area, which makes LE job easier.

>security exploits

To your point about low level criminals: Now that the cat is out of the bag, yes, surveillance worked way better when people didn’t know about it. Yes, more sophisticated criminals will try to employ their own encryption. If I were in LE or the IC, I’d still rather not deal with the oceans of data produced by essentially unbreakable encryption via big tech.

Will address point about uncapped value to an encryption exploit below.

>Snowden-style leak

Yes, which is why it is imperative to continually improve and audit such systems, including maybe removing such single points of failure as you noted, both from an insider threat perspective as well as from exploit discovery processes.

It would be helpful to consider how to build recoverable encryption in a way that minimizes the risks of the existence of the exceptional access mechanism, from all angles: technical, social, etc

[vlovich123]

> Yes, which is why it is imperative to continually improve and audit such systems, including maybe removing such single points of failure as you noted, both from an insider threat perspective as well as from exploit discovery processes.

Can you join me on a journey to build this hypothetical world to figure out how this addresses the Snowden leak?

Let's imagine a world where every single server had a registered backdoor key. This key also isn't the key itself. No, we're smart. It's instead used to sign one-time use, timestamped keys that give you access. We assume all these servers are also somehow always running the latest version of the software to implement the backdoor to address any exploits that may have been discovered.

We control access to this carefully so that you can only request a code & this is validated by all kinds of bureaucratic controls that are never violated for expediency & no mistakes ever needed. Also the system handing out codes itself doesn't even have the keys. It has a temporary key that can't generate valid signatures past its expiration. To regenerate, we go into a fortified secure vault that is air-gapped. This air-gapped system is used to generate a new key, burning it onto a CD-ROM. So your admin has to, on a monthly basis, go into the vault to generate some secret that can be used to continue backdoor access.

Now imagine your admin going into the vault on a monthly basis with a CD-ROM drive that gets burned is Snowden. You've now stolen the root keys for every machine out there.

Let's also remember a few things that are elided for this hypothetical world we've built. 1. I may have gotten some details wrong here, but this is really close to how OS updates are handled by Google & Apple. This is treated as one of the most secure ways to do software deployment at scale (we're not talking about one-off carefully controlled & vetted backdoors which are a wholly different problems). 2. Software deployment is hard. There's no world in which you will instantly deploy a security fix to your backdoor code. Some machines don't have good uptimes & others can be mostly invisible to the internet. Mobile operating systems are different as Google & Apple dictate the HW design. Google has struggled here more pulling vendors along to do the good security things. Are you proposing we standardize on Apple hardware for everything? 3. If you have the ability to deploy code to any random machine, that deployment mechanism is a target in and of itself. Since every US machine has to implement it in this hypothetical world, this is an attractive exploit. It's easier to secure but now the value of compromising it has increased exponentially. We haven't heard of any exploits of this but given the value already (& exponentially more if we're talking about every single system in the US), we're looking at threat actors with ridiculously deep bank accounts & access to technical expertise. 4. Timestamps are hard. You're talking about every single machine in the world. There's plenty running the wrong time. So someone changing the clock breaks your ability to backdoor (unless you ignore timestamps, but then your keys you're generating are reusable on that website at least). 5. Key rotation & management is insanely hard. You're talking about every machine in the US. Even every server. Mistakes will happen at this scale so your backdoor either won't work (best case) or you'll have unintended compromises (or likely both). 6. Complexity & security are diametrically opposed. The more complexity you add the less secure you are. Modern machines are already ridiculously complex. 7. Everyone outside of the US (including US companies that have servers abroad) will not implement the backdoors. But may implement the backdoors the other nation states will force them to adopt. Sure, it's great if you're the US forcing your way to gain advantage over other countries. How do you keep these systems segmented so that a backdoor from another country doesn't give you access to the US? Moreover, let's say the US implements an impenetrable system. Do you think other countries will care to do the same? Does the US share our tech with them at the risk of making it even easier to find flaws? Also how do we manage distribution of such software when there's a flaw?

No amount of advise to "invent better math" solves the fact that this isn't a technical problem. No amount of "build things better" solves the fact that software engineering is hard & we have 0 examples, even in "big tech" which invests billions here annually, of building truly secure systems that are actively trying to prevent any backdoor/exploit. Above all else, you're proposing a single point of failure for the entire US economy. You can use this to conduct industrial espionage at an even larger & easier scale than happens today or to take down critical infrastructure in a time of conflict.

Is there something I missed in my analysis? What part can we "do better" on that doesn't result in exposing a significant vulnerability?

[ios14]

Yes, removing such spof’s should be a design requirement.

Yes, it’s a difficult problem with social implications, and not simply technical challenges, as you noted.

Yes, Snowden shouldn’t have so easily been able to steal so much data. Apparently the IC has installed numerous checks and balances to help prevent another such insider threat.