In the first two parts of this series, we discussed why encryption backdoors can’t work. We specifically reviewed the math behind encryption, and why you can’t just insert backdoors. People have tried for years, and some have been successful, but it’s taken lots of effort and they’ve essentially had to undermine standardization organizations to make it work. Other approaches have involved undermining random number generation, but these attempts have also been outed over the years, and have required a similar level of political pull and organizational resources to pull off. We also went over implementation compromise, but this is clearly a slippery slope that leads directly to backdoors in the operating systems or hardware of every system out there, and it gets there pretty quickly.
So, we can’t circumvent the math behind encryption, and we can’t circumvent the implementations. So what if we just require everybody to register their keys? what if we use a pure, legislatively enforced key escrow scheme?
Well, first, let’s just ignore the fact that I can generate as many keys as I want (ssh-keygen is your friend!). As a good citizen, I would certainly want to register all of my generated keys, which I could do with this script, for example:
while [ 1 ]; do ssh-keygen -q -b 4096 -t rsa -N macaroni -f ~/file.key mail -s “heres ur key” email@example.com < ~/file.key rm ~/file.key done
You can see that if everybody’s as conscientious as I am, this could become a real problem. And really, there’s no way for anyone to tell if the keys submitted are currently used, were used at one time, or if they’re just generated like the keys above, so anybody escrowing these keys needs to keep all the keys they’re sent.
So beside the fact that this would be expensive and easily DDoS’d, the other reason escrow won’t work is because if one government escrows keys, all of them will. If the Greek government, for example, decides that they need to have access to any communication in the country and they need proactive access to keys to do this, to enable surveillance, would this make those keys available to all EU affiliated countries? and if the Greek government can ask for and receive our keys, why can’t the Russian or Chinese governments? how would this be enforced anyway? how do you register keys that are periodically generated to protect network communication, or new keys generated for IPSEC or HTTPS VPNs?
The unfortunate truth is that legislating encryption use will not stop criminals and terrorists from using encryption. All it will do is make the honest among us more vulnerable to cybercrime, and we’re already vulnerable enough. Widespread encryption is simply a fact of life today - and it should be. We can’t change that, and we shouldn’t try.