Categories
Encryption Improving Technical Security

No keys under the doormat please

The Internet technical and operational communities are coming out in strong support of the paper: Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications (KEYS) which concludes:

“… This report’s analysis of law enforcement demands for exceptional access to private communications and data shows that such access will open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend. The costs would be substantial, the damage to innovation severe, and the consequences to economic growth difficult to predict… “

You can download and read the KEYS paper here.

On 16 July 2015, the World Wide Web Consortium (W3C) Technical Architecture Group (TAG) issued a finding on End-to-End Encryption and the Web explaining why the TAG supports strong encryption. The TAG also goes on to say:

“As other technical experts have written in [KEYS], it is impossible to build systems that can securely support “exceptional access” capabilities without breaking the trust guarantees of the web platform. Introducing such capabilities imposes known risks that far outweigh any hypothetical benefits.”

Friday, the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) published a blog post expressing its support for the use of effective end-to-end encryption, and endorsing the recommendations in the KEYS paper.While acknowledging that end-to-end encryption tends to make the fight against botnets, malware, spam, viruses, DDoS attacks etc. more difficult, M3AAWG said:

“In spite of this, we consider protection of user content and meta-data to be of paramount importance. While we understand the reasons that “exceptional access” could be useful to law enforcement, we believe that it introduces unacceptable risks and that, on balance, business and the public are far better served by keeping secure, unbreakable cryptography available and widely deployed. We concur with the reasons in the experts’ paper.”

Last year, the Internet Architecture Board issued an IAB Statement on Internet Confidentiality stating that encryption should be the norm for Internet traffic, which was strongly supported by the Internet Society’s Board of Trustees.

Similarly, the TAG issued a finding on Securing the Web.

Like the IAB, the M3AAWG, and the W3C, the Internet Society recognizes that encryption, especially pervasive end-to-end encryption, raises practical challenges for law enforcement, network management, intrusion detection, spam prevention, etc. We are taking an active role in facilitating discussions with various communities on how to address these challenges.

For example:

  • The Internet Society is co-sponsoring a workshop with the IAB, GSM Association and AT&T on Managing Radio Networks in an Encrypted World (MaRNEW) Workshop (24-25 September 2015) in Atlanta
  • The Internet Society is organising a workshop at the Internet Governance Forum on Law enforcement in a world where encryption is ubiquitous (10-13 November 2015, date to be determined) in João Pessoa, Brazil.

Share your views with us!

How can law enforcement continue to do its job in a world where encrypted Internet traffic is the norm?

Let us know in the comments below!