Some of the bureaucrats in charge of the federal government's efforts to recruit and then punish domestic terrorists have been giving public speeches in which they advocate “responsible encryption.” It seems that encryption is an occasionally effective way for American citizens to protect their rights under the First, Fourth, Fifth, and Sixth Amendments against eavesdropping and unwarranted searches and seizures by government officials and their corporate accomplices. The G-men would prefer us to use only encryption systems that register plaintexts, keys, or both either with service providers or specialized escrow companies that can be relied on to yield our protected information to the authorities whenever they demand it.
A researcher at the Stanford Center for Internet and Society lists the ways in which such escrow systems undermine their users' security:
(A) There will be so many requests from counterterrorism and law-enforcement officials that the organization charged with the responsibilities of escrow will find it difficult to manage and restrict the distribution of their own keys:
The exceptional-access decryption key would have to be accessible by far more people than those currently entrusted with a software update signing key. That puts the key at risk, and also makes it harder to detect inappropriate use of the key. … Increasing frequency of use and the number of people with access unavoidably means increasing the risk of human error (such as carelessly storing or leaking the key) or malfeasance (such as an employee releasing the key to an unauthorized outside party in response to extortion or bribery).
(B) The organization charged with the responsibilities of escrow will find it difficult to reliably distinguish authentic requests for access to escrowed information from requests generated by attackers, particularly since counterterrorism and law-enforcement officials are likely to grow impatient with strict authentication procedures and look for ways to bypass them even when making legitimate requests.
(C) Attackers, knowing that a device uses an escrowed-key encryption mechanism, will seek out vulnerabilities related to the implementation of this mechanism:
The information the attacker obtains from the device could then be sold or otherwise exploited. That is, compromised devices would lead to identity theft, intellectual property misappropriation, industrial espionage, and other economic harms to American individuals and businesses. These are the very harms from which phone manufacturers are presently protecting Americans by strengthening their device encryption in recent years. An exceptional-access mandate would not only hurt U.S. smartphone manufacturers and app makers, it would end up taking a toll on other people and industries as well.
The premise is that end-to-end encryption systems are not subject to these particular vulnerabilities because they do not provide the access mechanisms (and so do not contain the hardware or software support) in which the vulnerabilities would be found.
(D) Users who want to protect their information can apply a second level of encryption, using a different key, before turning it over to the application that escrows its key, or use other techniques (such as steganography) to conceal information. Alternatively, such users can switch to apps made in free countries or develop their own, using free-software libraries that are already widely available. Any of these approaches would render the escrowed-key system pointless.
If the most commonly-used devices or messaging apps are exceptional access-compliant, then not only will the majority of bad actors — the average, unsophisticated criminals — be using weakened encryption, so will the majority of innocent people. By imposing an exceptional-access mandate, law enforcement officials charged with protecting the public would create a world wherein the shrewdest wrongdoers have better security than the innocents they victimize, who, in turn, would by law have worse smartphone and communications security than they do now, leaving them even more vulnerable to those same criminals.
“The Risks of ‘Responsible Encryption’”
Riana Pfefferkorn, Stanford Center for Internet and Society, February 5, 2018