Peter G.

Neumann, a computer security pioneer, says there are more

vulnerabilities than ever" that could be exploited through access to encrypted
communications. CreditJim Wilson/The New York Times
Advertisement

Continue reading the main story

Continue reading the main storyShare This Page

Email

Share

Tweet

Save

More

Continue reading the main story

 SAN FRANCISCO An elite group of security technologists has
concluded that the American and British governments cannot
demand special access to encrypted communications without
putting the worlds most confidential data and critical
infrastructure in danger.

A new paper from the group, made up of 14 of the worlds pre-

eminent cryptographers and computer scientists, is a
formidable salvo in a skirmish between intelligence and law
enforcement leaders, and technologists and privacy advocates.
After Edward J. Snowdens revelations with security breaches
and awareness of nation-state surveillance at a record high and
data moving online at breakneck speeds encryption has
emerged as a major issue in the debate over privacy rights.

Continue reading the main story

RELATED COVERAGE

Attack Gave Chinese Hackers Privileged Access to U.S.

Systems JUNE 20, 2015

document
Report on Encrypted CommunicationJULY 7, 2015

 Obama Calls for New Cooperation to Wrangle the Wild

West InternetFEB. 13, 2015

Tech Giants Urge Obama to Reject Policies That

Weaken EncryptionMAY 19, 2015

That has put Silicon Valley at the center of a tug of war.

Technology companies including Apple, Microsoft and Google
have been moving to encrypt more of their corporate and
customer data after learning that the National Security Agency
and its counterparts were siphoning off digital communications
and hacking into corporate data centers.

Continue reading the main story

Document: Report on Encrypted

Communication
 Yet law enforcement and intelligence agency leaders argue that
such efforts thwart their ability to monitor kidnappers,
terrorists and other adversaries. In Britain, Prime Minister
David Cameron threatened to ban encrypted messages
altogether. In the United States, Michael S. Rogers, the director
of the N.S.A., proposed that technology companies be required
to create a digital key to unlock encrypted data, but to divide the
key into pieces and secure it so that no one person or
government agency could use it alone.

The encryption debate has left both sides bitterly divided and in
fighting mode. The group of cryptographers deliberately issued
its report a day before James B. Comey Jr., the director of the
Federal Bureau of Investigation, and Sally Quillian Yates, the
deputy attorney general at the Justice Department, are
scheduled to testify before the Senate Judiciary Committee on
the concerns that they and other government agencies have that
encryption technologies will prevent them from effectively
doing their jobs.

The new paper is the first in-depth technical analysis of

government proposals by leading cryptographers and security
thinkers, including Whitfield Diffie, a pioneer of public key
cryptography, and Ronald L. Rivest, the R in the widely used
RSA public cryptography algorithm. In the report, the group
said any effort to give the government exceptional access to
encrypted communications was technically unfeasible and
would leave confidential data and critical infrastructure like
banks and the power grid at risk.

Handing governments a key to encrypted communications

would also require an extraordinary degree of trust. With
government agency breaches now the norm most recently at
the United States Office of Personnel Management, the State
Department and the White House the security specialists said
authorities could not be trusted to keep such keys safe from
hackers and criminals. They added that if the United States
and Britainmandated backdoor keys to communications, China
and other governments in foreign markets would be spurred to
do the same.

Advertisement

Continue reading the main story

Such access will open doors through which criminals and
malicious nation-states can attack the very individuals law
enforcement seeks to defend, the report said. The costs would
 be substantial, the damage to innovation severe and the
consequences to economic growth hard to predict. The costs to
the developed countries soft power and to our moral authority
would also be considerable.

A spokesman for the F.B.I. declined to comment ahead of Mr.

Comeys appearance before the Senate Judiciary Committee
hearings on Wednesday. Mr. Comey recently told CNN, Our
job is to find needles in a nationwide haystack, needles that are
increasingly invisible to us because of end-to-end encryption.

A Justice Department official, who spoke on the condition of

anonymity before the hearing, said that the agency supported
strong encryption, but that certain uses of the technology
notably end-to-end encryption that forces law enforcement to
go directly to the target rather than to technology companies for
passwords and communications interfered with the
governments wiretap authority and created public safety risks.

Continue reading the main story

Breaking News Alerts
Sign up to receive an email from The New York Times as soon as important news breaks
around the world.

Paul Kocher, the president of the Rambus Cryptography

Research Division, who did not write the paper, said it shifted
the debate over encryption from how much power intelligence
agencies should have to the technological underpinnings of
gaining special access to encrypted communications.

The paper details multiple technological reasons why

mandatory government back doors are technically unworkable,
and how encryption regulations would be disastrous for
computer security, Mr. Kocher said. This report ought to put
to rest any technical questions about Would this work?

Continue reading the main story

RECENT COMMENTS
jpduffy3
53 minutes ago
Whatever happened to our notions of free speech and the right to have private
communications for whatever reason? As we see too often these...
Karen L.
53 minutes ago
What did governments/police agencies do before the internet? How did they track
down bad actors? I'm afraid old-fashioned detective work...
 Jim
53 minutes ago
This story was complete spin. What happened to being the paper of record?

SEE ALL COMMENTS

WRITE A COMMENT
The group behind the report has previously fought proposals for
encryption access. In 1997, it analyzed the technical risks and
shortcomings of a proposal in the Clinton administration called
the Clipper chip. Clipper would have poked a hole in
cryptographic systems by requiring technology manufacturers
to include a small hardware chip in their products that would
have ensured that the government would always be able to
unlock scrambled communications.

The government abandoned the effort after an analysis by the

group showed it would have been technically unworkable. The
final blow was the discovery by Matt Blaze, then a 32-year-old
computer scientist at AT&T Bell Laboratories and one of the
authors of the new paper, of a flaw in the system that would
have allowed anyone with technical expertise to gain access to
the key to Clipper-encrypted communications.

Now the group has convened again for the first time since 1997.
The decisions for policy makers are going to shape the future of
the global Internet and we want to make sure they get the
technology analysis right, said Daniel J. Weitzner, head of the
MIT Cybersecurity and Internet Policy Research Initiative and a
former deputy chief technology officer at the White House, who
coordinated the latest report.

Advertisement

Continue reading the main story

Advertisement

Continue reading the main story

Advertisement

Continue reading the main story

In the paper, the authors emphasized that the stakes involved in
encryption are much higher now than in their 1997 analysis. In
the 1990s, the Internet era was just beginning the 1997 report
 is littered with references to electronic mail and facsimile
communications, which are now quaint communications
methods. Today, the governments plans could affect the
technology used to lock data from financial and medical
institutions, and poke a hole in mobile devices and countless
other critical systems that are moving rapidly online, including
pipelines, nuclear facilities and the power grid.

CONTINUE READING THE MAIN STORY256COMMENTS

The problems now are much worse than they were in 1997,
said Peter G. Neumann, a co-author of both the 1997 report and
the new paper, who is a computer security pioneer at SRI
International, the Silicon Valley research laboratory. There are
more vulnerabilities than ever, more ways to exploit them than
ever, and now the government wants to dumb everything down
further.

Other authors of the new paper include Steven M. Bellovin, a

computer science professor at Columbia University; Harold
Abelson, a computer science professor at MIT; Josh Benaloh, a
leading cryptographer at Microsoft; Susan Landau, a professor
of cybersecurity at Worcester Polytechnic Institute and formerly
a senior privacy analyst at Google; and Bruce Schneier, a fellow
at the Berkman Center for Internet and Society at Harvard Law
School and a widely read security author.

The governments proposals for exceptional access are wrong

in principle and unworkable in practice, said Ross Anderson, a
professor of security engineering at the University of Cambridge
and the papers sole author in Britain. That is the message we
are going to be hammering home again and again over the next
few months as we oppose these proposals in your country and in
ours.