Encryption Is All Or Nothing

Laptop, book, and phone chained together.

On December 2, 2015, 14 people were killed and 22 others were injured in a terrorist attack that occurred in San Bernardino, CA. An iPhone was found at the scene, and the FBI requested that Apple make a version of iOS that would allow them to bypass many security features of iOS in order to gain access to the device(crack it’s encryption).

Apple Refused

Luckily for us, Apple refused to comply with such a request. They issued a statement saying that they won’t comply because

while the government may argue that its use would be limited to this case, there is no way to guarantee such control.

Unfortunately, the device was then sent to a company that was able to decrypt it for the FBI. But it wasn’t from Apple, and they proved that they will go to great extremes to protect their customer’s privacy.

Backdoors

Once a backdoor is created, there is no way of knowing who would exploit it and for what purpose. We all know what happened when the government found an exploit in Windows: Wannacry. Hundreds of thousands of computers got infected with that virus, which used an exploit found by the NSA(EternalBlue). As far as I know, Wannacry only encrypted files, but imagine if a backdoor to iOS, or any other operating system for that matter, was found by the government and then leaked. It would mean that all devices using that operating system would be vulnerable to an attack by anyone, not limited to government entities.

Encryption

Now, onto the main point of this post: Encryption is all or nothing. There is simply no way to allow the NSA and/or FBI access to encrypted data without allowing anyone to access encrypted data.

How It Works

Encryption is the process of taking a readable plaintext, and converting it into a pile of junk called a ciphertext. The ciphertext is generated by running the plaintext through an encryption algorithm, along with a key. In symmetric encryption, the same key is used to encrypt and decrypt the data. In asymmetric encryption, there are two keys: one which encrypts(public key), and another one which decrypts(private key) the data.

Brute Force

If the encryption key is not known, the only way to find it, assuming the cipher is not yet broken, is by doing what’s called a brute force attack. A brute force attack is simply going through all possible combinations of the key until the plaintext is recovered. Since, chances are, you won’t get unicode characters if you decrypt with the wrong key, a brute force attack can be automated. But, it will take a ridiculously long time to achieve. To crack the weakest version of AES, 128 bits, it would take well beyond billions of years to find the key. As you can see, it’s not something that can be done by even the government. Just imagine the electricity bill to crack one of these keys, let alone the thousands they want to.

“Solutions”

Multiple Keys

One suggested way for the government to have access to encrypted data is to encrypt everything with two keys: one for whatever the program is supposed to do, and another for the government. Since both versions are encrypted, they can be safely sent over the open internet. Should the NSA or FBI want to access any data, they simply need to get the version encrypted with their key, and then they can decrypt it.

The major downside is that the instance that one key is found, anyone can decrypt literally any message. And it won’t just be all messages sent that day, it would be all messages ever sent with that key. Even if the government were to change it every day, there would still be too big a risk(a single mistake in sending one key would result in millions of messages being cracked). Imagine if every iPhone accepted two passwords: one that’s yours, and another one that’s the FBI’s. First of all, since the iPhone would have to encrypt everything twice, you’d only have half the storage available, and need more computing power to take care of all that encrypting. That would not only make iPhones more expensive, but if anyone figured out the FBI’s master password, they would be able to decrypt all the iPhones that have that master key.

Sending The Government A Copy

Well, if multiple keys won’t work, then why not just send the FBI a copy of everything? Obviously, there are many problems with that. The big one being that if you’re sending the FBI a plaintext version of everything, anyone on the network can also read that plaintext version. Sure, you could use TLS to securely send the data over, and have all the FBI’s servers encrypted, but that still would be open to so many attack vectors.

If someone gains access to a running server, even with encrypted disks, they would be able to read the data. That’s because even disk-level encryption is only for disks at rest, not when they’re in a running system. The next problem is what happens if the FBI decides to look at everyone’s data? What if an employee at the FBI or NSA is bribed with tens of millions of dollars from a foreign government to look up your data? With how things are now, they simply wouldn’t be able to send anything(not encrypted messages, anyways) because they don’t have it. If they did, it would be a lot worse for everyone.

Anything Else

There are problems with every “solution” to this problem, because there isn’t one. It’s simply impossible to have encryption in which only the recipient and the government have access to. Encryption ciphers don’t care if a potential hacker is the government or not. They either let only the recipient have access, or let everyone have access. And, if everyone has access, then what’s the point of encryption?

We have a right to privacy, and I don’t think the government should have access to everyone’s personal information. But, even if I did, there isn’t a secure way to let the government have that information.

The Government Can Crack It Anyways

This seems to be a popular misconception. The U.S. government is not all-powerful, and there are things that even they can’t do. It’s simply impossible to crack modern ciphers with modern computing power. Encryption is fast and easy if you have the keys. But, without the key, it would require a significant amount of computing power to crack even a single message. I don’t want my tax money going towards datacenters full of computers to break citizen’s encryption.

Encryption keeps us safe, so why compromise it?