On the heels of a congressional hearing in which the head of the FBI raised concerns over law enforcement’s growing inability to decode the communications of tech-savvy terrorists and criminals, encryption experts say the government is already giving the people tasked with securing the infrastructure of the internet a run for their money.
As extremists increasingly learn to rely on sophisticated smart phone apps, specialized web browsers and other tools to communicate in the hard-to-reach corners of the web, calls from the Justice Department to give the government greater ability to eavesdrop have in turn grown as well.
Strong digital encryption has so far been proven to be nearly impenetrable when implemented correctly, however, and finding a mathematically sound solution to compromise cryptological standards for the sake of expanding the government’s surveillance capabilities without dire consequences has shown to be not just impractical, but impossible.
Indeed, FBI Director James Comey testified last week that the bureau does, in fact, lack the ability to crack heavy-duty, well-implemented encryption. Nevertheless, cryptologist Matt Blaze chided a DoJ official at an event in Washington, DC this week and warned of what may come if the government continues its attempts to compromise the internet in the name of national security.
Mr. Blaze, a computer science professor at the University of Pennsylvania, survived what others in his field called the “Crypto Wars” in the early 1990s when the US government fought unsuccessfully to regulate encryption and even attempted to have it treated as a weapon. But at an event held in Washington, DC on Wednesday to discuss the concerns surrounding digital encryption—a “CryptoSummit” hosted by Access, a digital-rights group, he said that “even with the government off our backs” nearly two decades later,, that the technologies the world depends on to run are still remarkable vulnerable—an issue, he added, only made worse by state-sponsored attempts to break them.
The concept of computer security is ripe with more failures than successes, Mr. Blaze said, and the eventual result could very well be the equivalent of “sliding off of the edge of a cliff in terms of our ability to secure large, complex digital systems.”
While the topic of creating law enforcement-friendly ways of bypassing encryption has been towards the center of the FBI’s concerns as of late, Mr. Blaze said, the real problems lay not just in keeping the protocols that protect the web in tact, but keeping all things digital from being breached.
“What worries me, and worries me a lot, is we are so far behind in securing our digital society. We’re losing this battle more each day,” he said.
“I am in the most embarrassingly inept branch of the most embarrassingly inept branch of engineering,” the computer scientist continued. But “anytime we stop and talk about, ’Well, we are on the cusp of having this perfectly secure world in which law enforcement has gone dark,’” he added, “…anytime that we discuss that, we are taking enormously important energy and resources away from solving the much, much larger problem: that we’re basically sliding off the edge of that cliff.”
“We don’t know at the root of it how to build nontrivial things that work correct, and that has been the fundamental problem with computing since the beginning of computing,” he explained later during Wednesday’s event.
Speaking directly to a fellow panelist at Wednesday’s event—David Bitkower, a deputy assistant attorney general in the criminal division of the DoJ—Blaze pleaded with the government to stop trying to compromise encryption standards.
“I hate to be this voice of doom about my own field, but we’re really not very good at this,” Mr. Blaze said to the Justice Dept. official, “and you guys need to stop making it harder.”
Last week, emails pilfered from a compromised cyber vendor that caters to governments, Hacking Team, suggested that the FBI has sought the group’s help in identifying users who operate on portions of the web that are largely obscured from prying eyes.
Speaking of the government’s efforts to subvert encryption, he said Comey’s demands were a “sideshow” to the real crisis.
“I don’t think Director Comey wants the world that he’s asking for,” Mr. Blaze added. “I think the world in which we build systems with this added constraint of ensuring law enforcement access is going to cause such an increase in the kinds of digital crimes that are going to become more serious that—even if we take all of the things that we disagree about about values and put them aside—we are going to have the things that we agree about get a lot worse, and that really scares me as we rely on those systems more and more.”
But while Mr. Blaze and other cryptologists have warned of what compromising internet protocols could mean, Bitkower countered by acknowledging that “the presence of non-perfect systems has never been an excuse not to use those systems.”
“Cars are not perfect. Firearms are not perfect,” Mr. Bitkower said. “…but we don’t scrap the idea and say we have to wait until it is perfect to work with it.”
“Encryption is not going to be a panacea. There are going to be vulnerabilities in any system,” he added.
Even after the head of the FBI advocated for creating so-called “backdoors” to encrypted apps used for encryption, however, the DoJ rep said any attempted exploitation “could create risks to the public safety and create risks to data security.”
“What do we want in terms of balancing the appropriate level of privacy and security, and public safety and national security? Those are the ingredients,” added Mr. Bitkower.
Last week, Dir. Comey in his prepared remarks to Congress said that the FBI is “not asking to expand the government’s surveillance authority, but rather we are asking to ensure that we can continue to obtain electronic information and evidence pursuant to the legal authority that Congress has provided to us to keep America safe.”
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.