Security experts warn that giving backdoor access to encrypted communications to government agencies means giving backdoor access to everyone, potentially endangering the privacy and security of everyone who uses the Internet.
In a 31-page technical paper published on Tuesday, 15 of the world's foremost encryption experts, including Whitfield Diffie, one of the inventors of modern cryptography, likened giving government agencies encryption keys to unlock people's private communications to leaving the keys to the doors of one's home under the doormat. It makes the keys available for everyone to break in and enter one's private dwelling.
The paper comes in light of a blog post written by Federal Bureau of Investigation (FBI) Director James Comey, who warns that encrypted communications allows terrorists, pedophiles and other criminals to proceed easily with their communications while law enforcement remains in the dark about their unlawful activities, which poses major consequences for the security of Americans.
"To protect the public, the government sometimes needs to be able to see an individual's stuff, but only under appropriate circumstances and with appropriate oversight," Comey said. "There is simply no doubt that bad people can communicate with impunity in a world of universal strong encryption."
He points out, as an example, that Syrian terrorist group ISIS uses encrypted mobile messaging apps, which cannot be intercepted by government agencies, to recruited disenchanted Westerners to take out lone-wolf terrorist attacks in their areas. Giving government agencies access to encryption keys, the experts counter, undermines the security of the very people that Comey claims to protect.
"Exceptional access would create concentrated targets that could attract bad actors," the experts said [pdf]. "Security credentials that unlock the data would have to be retained by the platform provider, law enforcement agencies or some other trusted third party. If law enforcement's keys guaranteed access to everything, an attacker who gained access to these keys would enjoy the same privilege."
In a private White House meeting between Justice Department officials and representatives from technology companies, which have beefed up their encryption services in the wake up foreign governments and overseas clients shunning them after the Edward Snowden revelations, The Wall Street Journal reported the government has proposed "split key" encryption.
Under this system, the encryption key would be split into two parts that would each be handed to the technology company and the government or a third party. Unless a court order requires both parties to put the key back together, neither party would be able to decrypt communications without the cooperation of the other.
The experts, however, say this solution is technically impractical, given how the government's inability to secure its own infrastructure. The most recent attacks on the Office of Personnel Management is an example of how government agencies cannot be trusted to keep even split encryption keys safe from hackers with a target.