One thing I’ve found recently is that it can be hard to explain to people who don’t understand the nature of encryption on the Internet exactly why we can’t have a system of encryption that keeps the bad guys out but can let the good guys in. It sounds so simple in the abstract, our government should not be denied the ability to get to important data just because it is encrypted. What is wrong with key escrow or back doors? No matter what I say about encryption keys being stolen, governments being corrupt, etc. I just can’t seem to make my point the way I want to.
Fortunately Bruce Schneier has posted a blog piece that makes the case for us. It is called “Encryption is Harder Than It Looks.” This piece does a great job of explaining just why good encryption cannot and should not be undermined. He points out two truths in cryptography:
- Cryptography is harder than it looks.
- Complexity is the worst enemy of security.
And gets right to the point:
“Cryptography is harder than it looks, primarily because it looks like math. Both algorithms and protocols can be precisely defined and analyzed. This isn’t easy, and there’s a lot of insecure crypto out there, but we cryptographers have gotten pretty good at getting this part right. However, math has no agency; it can’t actually secure anything. For cryptography to work, it needs to be written in software, embedded in a larger software system, managed by an operating system, run on hardware, connected to a network, and configured and operated by users. Each of these steps brings with it difficulties and vulnerabilities.”
“Although cryptography gives an inherent mathematical advantage to the defender, computer and network security are much more balanced. Again and again, we find vulnerabilities not in the underlying mathematics, but in all this other stuff. It’s far easier for an attacker to bypass cryptography by exploiting a vulnerability in the system than it is to break the mathematics. This has been true for decades, and it’s one of the lessons that Edward Snowden reiterated.”
“The second truism is that complexity is still the worst enemy of security. The more complex a system is, the more lines of code, interactions with other systems, configuration options, and vulnerabilities there are. Implementing cryptography involves getting everything right, and the more complexity there is, the more there is to get wrong.”
“Vulnerabilities come from options within a system, interactions between systems, interfaces between users and systems- everywhere.”
A security researcher told him:
“If anyone tells you that [the vendor] can just ‘tweak’ the system a little bit to add key escrow or to man-in-the-middle specific users, they need to spend a few days watching the authentication dance between [the client device/software] and the umpteen servers it talks to just to log into the network. I’m frankly amazed that any of it works at all, and you couldn’t pay me enough to tamper with any of it.“
Says Schneier - “The designers of this system aren’t novices. They’re an experienced team with some of the best security engineers in the field. If these guys can’t get the security right, just imagine how much worse it is for smaller companies without this team’s level of expertise and resources. Now imagine how much worse it would be if you added a government-mandated back door.”
Please take a moment to read his post. I think every business leader, politician, and anyone else with an opinion on the encryption debate should read his post and the references he provides. If we don’t stand strong on encryption now, we will never gain back the ground that is lost.