Industry News

Government Access to Encrypted Communication to Cause Extreme Economic Harm, MIT finds

Governments’ recent proposals to access user information to enhance internet security are unworkable in practice, raise enormous legal and ethical questions, and would undo progress on security at a time when Internet vulnerabilities are causing extreme economic harm, according to the Computer Science and Artificial Intelligence Laboratory Technical Report by Massachusetts Institute of Technology (MIT) experts.

Special access to encrypted communications, as the US and UK governments plan, is not possible without endangering the world’s most confidential data, the report said.

Computer scientists found that exceptional access to communications would force a U-turn from the best practices now being deployed to make the Internet more secure, such as forward secrecy, where decryption keys are deleted immediately after use, so that stealing the encryption key used by a communications server would not compromise earlier or later communications.

Building in exceptional access would also substantially increase system complexity. Security researchers inside and outside government agree that complexity is the enemy of security, as every new feature can interact with others to create vulnerabilities. New technology features would have to be deployed and tested with hundreds of thousands of developers around the world. MIT experts say this is a more complex environment than the electronic surveillance now deployed in telecommunications and Internet access services, which tend to use similar technologies and are more likely to have the resources to manage vulnerabilities that may arise from new features. Features to permit law enforcement exceptional access across a wide range of Internet and mobile computing applications could be particularly problematic because their typical use would be surreptitious, hampering security testing.

In addition, exceptional access would create concentrated targets. Security credentials that unlock the data would have to be retained by the platform provider, law enforcement agencies, or another third party. If law enforcement keys guaranteed access to everything, an attacker who accessed these keys would enjoy the same privilege.

“We believe that law enforcement has failed to account for the risks inherent in exceptional access systems. Based on our considerable expertise in real-world applications, we know that such risks lurk in the technical details,” MIT experts say. “Such access will open doors through which 24 criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend. The costs would be substantial, the damage to innovation severe, and the consequences to economic growth difficult to predict.”

Political and law enforcement leaders in the US and the UK have called in the last months for Internet systems to be redesigned to ensure government access to information, arguing that the growing use of encryption will neutralize their investigative capabilities.

About the author

Răzvan MUREȘAN

Former business journalist, Razvan is passionate about supporting SMEs into building communities and exchanging knowledge on entrepreneurship. He enjoys having innovative approaches on hot topics and thinks that the massive amount of information that attacks us on a daily basis via TV and internet makes us less informed than we even think. The lack of relevance is the main issue in nowadays environment so he plans to emphasize real news on hotforsecurity.com

1 Comment

Click here to post a comment
  • “Special access to encrypted communications, as the US and UK governments plan, is not possible without endangering the world’s most confidential data, the report said.”

    Obviously.

    “Computer scientists found that …”
    If they were truly computer scientists, they would know this already (and only be using the study as a way to say to those in denial – who, I might add, will still be in denial because it doesn’t fit their agenda otherwise – that ‘even the study shows it…’).

    “Building in exceptional access would also substantially increase system complexity.”

    It is impossible to implement a backdoor that can’t at some point be abused by someone other than the abuser (which is all they are in something like this). So it isn’t just increasing complexity; you have encryption or you don’t. That’s all there is to it.

    “Security researchers inside and outside government agree that complexity is the enemy of security, as every new feature can interact with others to create vulnerabilities.”

    Another obvious point; the larger the surface the easier it is to target.

    “Such access will open doors through which 24 criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend. The costs would be substantial, the damage to innovation severe, and the consequences to economic growth difficult to predict.”

    Obviously.

    “Political and law enforcement leaders in the US and the UK have called in the last months for Internet systems to be redesigned to ensure government access to information, arguing that the growing use of encryption will neutralize their investigative capabilities.”

    Last months? No. There is a reason the concept of export-grade encryption exists. This is years and years old. It is because of the same mentality. It is simple, really: control. It has nothing to do with any of their excuses; it is propaganda, lies, misinformation and all other things you would hope said governments would resort to. But of course that is wishful thinking.