Nominee US attorney-general senator Jeff Sessions has said the new administration will seek to “overcome encryption” in remarks that have been interpreted as a veiled reference to backdoors.
It’s worth stressing that at no point during his recent confirmation hearings did Jeff Sessions actually mention the term ‘backdoor‘ although he is on record as strongly supporting efforts by law enforcement to bypass encryption during police investigations.
Answering a question about the importance of encryption in protecting the US from cyberattack, Sessions wrote:
Encryption serves many valuable and important purposes. It is also critical, however, that national security and criminal investigators be able to overcome encryption, under lawful authority, when necessary to the furtherance of national-security and criminal investigations.
It’s a response that leaves Sessions trapped in the same contradictory world as his predecessors: he must simultaneously extol encryption as a security virtue but also rail against it as a vice that thwarts law and order.
It sums up the orthodoxy built up by over recent US administrations that the world’s leading tech superpower can have it both ways by unlocking fundamental security protections at its convenience.
The high point of this thinking was the NSA’s 1993 Clipper chip, a hardware backdoor that allowed eavesdropping on conversations sent over any telecoms networks using it. Every device containing Clipper was to have a symmetric encryption key assigned to it and stored in a secure system called an escrow. If the Feds fancied a wiretap, the key would be sent to them – and only them.
The idea eventually imploded as critics pointed out the absurdity of a backdoor the entire world knew about. How stupid would a criminal have to be to use such as system? By the time experts started worrying about criminals finding vulnerabilities in its makeup – unintended backdoors in the official backdoor, if you will – the idea had flatlined.
Today, the mere suggestion of encryption backdoors alarms tech companies who market themselves on security. This is one reason why many of them are today busily building layers of end-to-end encryption into the software their customers use.
As was seen during the 2016 court case between the FBI and Apple for access to the encrypted storage on the iPhone of the St Bernardino shooter, it also shifts the focus from them to the individual user.
According to reports, the FBI eventually found a way around the iPhone’s encryption by exploiting a software vulnerability in the way encryption had been implemented.
With mandated backdoors discredited, this is probably how intelligence services now approach the issue of backdoors. It’s not perfect because finding flaws big enough to give complete access are bound to be rarities, more so as software development improves.
But this doesn’t mean that the US government under Sessions will give up on the intellectual and legal arguments still seen as essential to lend credibility to whichever techniques they choose to use to bypass encryption.
It is the battle of ideas that will define the future for both the attackers and defenders of encryption. As Sophos says in its argument against backdoors:
Backdoors in encryption would undermine freedom of speech and the freedom to conduct our affairs without interference or fear.
For now at least, the world can’t be sure whether the next US attorney-general agrees.