'Going dark': Weighing the public safety costs of end-to-end encryption
'Going dark' -- or the FBI's inability to access data because of encryption -- could put public safety at risk, intelligence officials say. But tech companies argue that strong encryption is needed to protect corporate and customer data.
Just a few days after the deadly attacks in Paris, Beirut and other cities, CIA director John Brennan painted a grim view of the government surveillance landscape in the age of global terror.
During a press conference, Brennan referred to new challenges governments face when monitoring potential terrorists. Edward Snowden's NSA disclosures, unease from legislators and the general public over the increasing intrusiveness of government surveillance, and -- as current investigations into the Paris attacks are bringing to light -- end-to-end encryption technology all complicate government efforts to monitor terrorism.
End-to-end encryption (E2EE) is the process of encrypting the data -- including text messages, emails and video chats -- at rest and in transit without third parties being able to access it. The data is decrypted only once it reaches its destination endpoint. The technology has become widespread as an increasing number of U.S. companies produce intellectual property -- such as product designs and concepts -- as opposed to hardware or material goods. The use of E2EE has also played a significant role in how technology companies, like Apple, differentiate themselves with consumers who increasingly seek devices with the latest features to protect against myriad cybersecurity threats and government surveillance.
But the pervasiveness of E2EE means that the bad guys also have access to the technology.
While there is no conclusive evidence on the role E2EE played in the recent terrorist attacks, the ongoing debate between government intelligence agencies and Silicon Valley over the extent of government surveillance and how encryption can hinder those efforts has nevertheless been rekindled.
Eric Wengerdirector of Security and Privacy, Cisco
In the middle of this debate, many companies find themselves between a rock and a hard place: How can they protect their intellectual property and keep customer data private, but at the same time help law enforcement facilitate electronic surveillance and investigations to keep the public safe from cybercrime and terrorist threats?
The answer is not clear-cut. Even before the Paris attacks revived the encryption debate, a panel of experts at the recent Advanced Cyber Security Center's conference in Boston discussed its merits from a business perspective.
"If [intellectual property] is what you are producing, then you have to protect, and you have to protect everywhere. You have to protect the private cell phone as well as the cell phone that somebody is using for their work," said panelist Susan Landau, professor of cybersecurity policy at the Worcester Polytechnic Institute.
There's also the importance of customer trust, a necessity for global tech companies like Cisco.
"The ability to differentiate based on trust is really important for us -- trust in the capabilities … of our technology. If we are competing solely on cost, we will often lose because there are competitors that are able to drive down costs in ways that we might not be able to compete with," said panelist Eric Wenger, director of cybersecurity, privacy and global government affairs at Cisco.
Encryption and 'going dark'
To Cisco and its counterparts, there's a tremendous economic benefit to the widespread use of encryption and other security technologies, Wenger added.
But end-to-end encryption comes with a price. One phenomenon that has resulted from the widespread use of encryption is what the Federal Bureau of Investigation calls "going dark," or the increasing difficulty of law enforcement to access data and information on companies' networks even when they have the legal authority to do so.
Going dark puts public safety at risk, said James Baker, another panelist and the general counsel to the FBI.
"The expectation is on the FBI … to have a zero failure rate when it comes to terrorism; we should not have a terrorist event in the United States," Baker said. "That's why, when we have dark corners where we can't conduct surveillance -- where the bad guys inhabit -- that's what freaks us out."
One major "dark corner" the FBI has in its sights is the use of E2EE platforms by the Islamic State of Iraq and the Levant (ISIL), one of the most powerful extremist insurgent groups in the world. ISIL uses public, transparent channels such as social media platforms to communicate with potential recruits, and the group moves communications to encrypted networks once strong contenders have been identified.
"They switch to end-to-end encrypted platforms intentionally because they know the governmental entities can't conduct surveillance on those things. That's where they have their more operational conversations," Baker said.
Split-key and key escrow encryption
Despite the obstacles, Baker said he and his colleagues understand that encryption is necessary because they don't want to increase cybersecurity risk.
To address this dilemma, the National Security Agency (NSA) has proposed two technical solutions: split-key encryption and encryption using "key escrow." In the first technique, also known as "secret sharing," data can only be decrypted by combining several keys after distributing access to more than one key holder, including the FBI (the user is able to access the data independently). In the latter, data can be decrypted with multiple keys, one of which is stored apart from the user, possibly by a government agency.
The proposals, however, have many experts and tech companies doing a double take. One of the issues with split-key and key escrow approaches are the sheer technical complexity of creating such systems while still keeping them secure.
"You can't imagine the UN holding a split key. [And] the complexity of having 165, 200 nations, each with access to keys, is just unimaginable," Landau said, adding that errors and flaws are still found even in existing protocols for establishing keys, such as the Advanced Encryption Standard.
Cisco's Wenger also brought up the complexity problems of architecting a key escrow-based solution, especially because of the many moving pieces it involves.
"If we were able to engineer a mechanism where we could split a key and have a third-party escrow, and the U.S. government can come in and ask for it when they need it, the next thing that would happen is that the Chinese, the Russians, the Indians, the Brazilians -- you name it -- would come and ask for the same solution," he said.
Furthermore, not only would split-key and key escrow encryption make systems more difficult to secure because of this complexity, but implementing these techniques could put U.S. companies at a competitive disadvantage to their international counterparts, Wenger added.
Once customers find out that their data is accessible either by key escrow or split keys, "it's very likely that consumers could easily shift to other technologies that have the same functionality, or layer on their own open source messages for doing it as well," he said.
In Wenger's opinion, the costs -- compromising the ability to protect intellectual property and to guarantee the privacy of customer data -- in exchange for meeting the demands of the U.S. and other governments and potentially risking the misuse of keys and other system exploits in the process, is a concession he's still hesitant to make.
"Security is an enabler of privacy. … You really can't effectively protect the information that you might want to keep your own unless you have the ability to keep that information secure as well," Wenger said.