Sergey Nivens - Fotolia
The group rejects proposals that data storage and communications systems must be designed for exceptional access by law enforcement agencies in a 25-page report entitled Keys under doormats.
The proposals “raise enormous legal and ethical questions, and would undo progress on security at a time when internet vulnerabilities are causing extreme economic harm”, said the report, published by the Massachusetts Institute of Technology’s Computer Science and Artificial Intelligence Lab.
Politicians and law enforcement officers on both sides of the Atlantic argue that the growing use of encryption will neutralise investigative capabilities.
The report comes as the UK government drafts the Investigatory Powers Bill, legislation aimed at making all communications data more accessible to intelligence and law enforcement agencies.
UK law enforcement officers have voiced support in recent months for legislation that will make it easier for them to access digital communication channels, saying encryption is a growing challenge.
The report also comes just ahead of testimony on encryption before the US Senate intelligence committee by the FBI director James Comey, reports The Guardian.
Since taking up his post, Comey has repeatedly criticised technology firms for introducing end-to-end encryption to services, claiming it is making it difficult for the FBI to carry out investigations.
Earlier this week, he wrote in a blog post that universal strong encryption is growing every day and will inexorably affect his ability to do his job.
“It may be that, as a people, we decide the benefits here outweigh the costs and that there is no sensible, technically feasible way to optimise privacy and safety in this particular context, or that public safety folks will be able to do their job well enough in the world of universal strong encryption. Those are decisions Americans should make, but I think part of my job is make sure the debate is informed by a reasonable understanding of the costs,” Comey wrote.
Access compounds security risks
But according to the group of computer scientists with extensive security and systems experience, law enforcement has failed to account for the risks inherent in exceptional access systems.
“Based on our considerable expertise in real-world applications, we know that such risks lurk in the technical details,” said the group that includes Cambridge University security engineering professor Ross Anderson, computer security author Bruce Schneier and public key cryptography pioneer Whitfield Diffie.
Read more about the Investigatory Powers Bill
- The government, TechUK and Big Brother Watch welcome the Anderson report on surveillance legislation – but the civil liberties group calls for wider debate.
- Tim Berners-Lee calls on government to prove it can build an electronic communication monitoring system that is accountable to UK citizens.
- The Queen’s Speech confirmed that the government will introduce legislation to modernise the law on communications data.
- Big Brother Watch is calling for a curb on the scale of police access to communications data and greater transparency in the use of this data.
They also warn that the proposals will open doors through which criminals and malicious nation states can attack those that law enforcement seeks to defend.
“The costs would be substantial, the damage to innovation severe, and the consequences to economic growth difficult to predict,” the report said.
The point is underlined by the fact that historic US government export policy bans on strong encryption resulted in the exploitation of the Freak SSL vulnerability.
The report highlights three general problems.
- First, the report said providing exceptional access to communications would force a U-turn in internet security best practices, including forward secrecy, where decryption keys are deleted immediately after use; and authenticated encryption, which uses the same temporary key to guarantee confidentiality and to verify that the message has not been forged or tampered with;
- Second, the report said building in exceptional access would substantially increase system complexity. Security researchers agree complexity works against security because every new feature can interact with others to create vulnerabilities;
- Third, the report said exceptional access would create concentrated targets that could attract malevolent actors. “Security credentials that unlock the data would have to be retained by the platform provider, law enforcement agencies or some other trusted third party. If law enforcement’s keys guaranteed access to everything, an attacker who gained access to these keys would enjoy the same privilege,” the report said.
The expert group said recent attacks on the US Government Office of Personnel Management (OPM) show how much harm can arise when many organisations rely on a single institution that itself has security vulnerabilities. “In the case of OPM, numerous federal agencies lost sensitive data because OPM had insecure infrastructure. If service providers implement exceptional access requirements incorrectly, the security of all of their users will be at risk,” the report said.
In direct reference to the UK’s Investigatory Powers Bill, the report said that building in exceptional access to legislation would be risky even if only one law enforcement agency in the world had it.
Access for other nation states
The report said that, if the legislation compels communications service providers – including US-based corporations – to grant access to UK law enforcement agencies, other countries will follow suit.
According to the report, China has already intimated that it may require exceptional access. The authors of the report said this raises several questions: “If a British-based developer deploys a messaging application used by citizens of China, must it provide exceptional access to Chinese law enforcement?
"Which countries have sufficient respect for the rule of law to participate in an international exceptional access framework? How would such determinations be made? How would timely approvals be given for the millions of new products with communications capabilities? And how would this new surveillance ecosystem be funded and supervised?”
Need for cost/benefit analysis
According to the expert group, policy makers need to be clear-eyed in evaluating the likely costs and benefits.
“If law enforcement wishes to prioritise exceptional access, we suggest they need to provide evidence to document their requirements and then develop genuine, detailed specifications for what they expect exceptional access mechanisms to do,” the report said.
“As computer scientists and security experts, we are committed to remaining engaged in the dialogue with all parts of our governments, to help discern the best path through these complex questions.”
In June 2015, an independent report on the UK’s proposed Investigatory Powers Bill said legislation that seeks to increase the surveillance powers of the police and intelligence services must include verification, clear limits and safeguards.
The review, by David Anderson QC, said each intrusive power must be shown to be necessary, clearly spelled out in law, limited in accordance with international human rights standards and subject to demanding and visible safeguards.