If you fly with checked bags, at some point you’ve probably seen a notice left in your bag saying that your luggage was searched by the Transportation Security Administration. The TSA regularly opens bags at airports for security searches. In order to do this, they often use special keys which can open a large number of commercially sold baggage locks. The idea is that the TSA can get into your bags and check if you have explosives, but thieves can’t steal the gifts you bought while you were on vacation.
A few months ago, the director of the FBI, James Comey, asked Congress to set up a similar system for Americans’ electronic data, citing a number of cases in which law enforcement agencies have had to stop or delay investigations because they couldn’t access a suspect’s iPhone or Gmail account. Comey wanted to have his own special key so that law enforcement could search your iPhone if they had a warrant, but thieves still couldn’t access your data.
In many cases, police and federal agencies can find ways to access data on a device or website even if they don’t have a special key giving them access. But over the past couple of years, device manufacturers such as Apple and web service providers such as Google have begun encrypting users’ data. The latest version of iOS encrypts all data on an iPhone by default, and most other operating systems give users the option of encrypting their data.
When data is encrypted, it is virtually impossible to access without a digital encryption key, which is often generated from a password. As a result, even the companies who created your smartphone or host your email cannot actually access encrypted data if they do not store a copy of the encryption key.
This is not a situation that law enforcement agencies want to be in. The nightmare scenario is one where a device has information on it that could help stop a dangerous crime, but the police can’t find any way to access the information because the device is encrypted. To prevent these kinds of incidents, Comey asked Congress to require that the FBI and other law enforcement agencies be given “backdoor access” to encrypted data – some sort of special key that could decrypt data on an iPhone or in a Gmail account.
So what could go wrong?
Consider the analogous case of TSA baggage locks, where the government has “backdoor access” to your luggage. The entire system depends on the government’s secret keys staying secret and hidden from the public. The moment someone starts making copies of the baggage lock keys and distributing them, everyone’s luggage becomes incredibly vulnerable to theft.
And sure enough, the keys haven’t stayed secret. A Washington Post story about the TSA published last November accidentally included a clear picture of the TSA secret keys. The picture was later taken down, but not before it began circulating around the internet. A few months later, a hacker created a 3D model of the keys in the picture that could be used to create duplicates using a 3D printer. He put the model on a website and suddenly, everyone could create their own working TSA key. Your TSA-approved baggage locks are now worthless.
The risk with giving the FBI (or anyone else) special keys to access digital information is similar but also much more dangerous. If Apple creates a secret key that gives access to all iPhones and that key gets into the wrong hands, suddenly all the data in your email account is no longer safe. Your contacts, confidential documents, and private communications could be easily hacked and used against you.
Perhaps even more troubling is the potential for countries with less freedom to abuse government backdoor access. In the US, law enforcement agencies would still need a warrant to access data on a personal device. But authoritarian regimes would give users no such guarantees, and a secret key would allow those regimes to look at the confidential information of journalists, dissidents, and opposition politicians.
It’s no wonder, then, that the technology industry and the computer security community have been adamantly opposed to any kind of backdoor access to encrypted data. In the wake of the pushback against the most recent attempts to require government access, the Obama Administration has said that it will not seek to pass legislation giving the government backdoor access to encrypted data, at least for now.
But this issue will come up again. Police will find more cases where evidence needed to prosecute crimes will be stored on encrypted devices, and one day the government will say that it is unable to access the location of a ticking time bomb because it is stored on an encrypted device. At that point, Americans will once again be asked to consider whether they are willing to take the risk of giving the government a backdoor to encrypted data. If, as has happened before, the country decides to err on the side of national security, we may find ourselves in a situation where the security of our personal electronic data is at risk.