Look, We Don’t Catch the Smart Ones
Every year at the RSA Conference, the opening set of keynotes includes a “Cryptographers Panel.” This is understandable since RSA has its roots in the invention of public key encryption, but quite frankly this is usually the most boring keynote of the entire week since the topics are somewhat obscure. However, this year was an exception.
The panel consisted of Ron Rivest, Addie Shamir, Whitfield Diffie and a gentleman from the NSA. Mr. Rivest and Mr. Shamir are the “RS” in RSA, while Mr. Diffie invented the key-exchange algorithm that bears his name – and is a somewhat flamboyant character with long white hair and beard and well known for speaking his mind.
Much of the discussion centered on an NSA-sponsored proposal to require “backdoors” or “skeleton keys” to be placed in technology products that feature strong encryption so that law enforcement can perform the digital equivalent of wiretapping. Those of us who have been around since the ‘80’s might remember a similar attempt – which ultimately failed – to require the “Clipper chip” to be placed in encryption products.
Mr. Rivest and Mr. Shamir presented various technical reasons why this idea would never work. I think Mr. Diffie drove the final nail in the coffin – at least at this debate – when he pointed out that data could always be encrypted at the source. What he means is that knowledgeable people will encrypt data they want to protect before it passes through whatever technology has been equipped with the backdoor. Thus, when law enforcement – or intelligence agencies – go to use their backdoor, all they would find is source-encrypted data to which they do not have the key. Mr Diffie’s point is that even if Mr. Rivest and Mr. Shamir are wrong and there is a feasible way to implement the backdoor, it still won’t meet its intended purpose.
Personally, I think there should be specially regulated access to encrypted data streams for law enforcement, just like there are wiretaps now and for the same reasons. Bad guys use technology to help them do their bad things, and the good guys need a way to counter it. I once had occasion to tour an FBI evidence library. It was pretty boring – a bunch of labeled and bagged disk drives, laptops and other computers, except for a pair of engineers from a local technology company who kept asking the FBI agent giving the tour about how they dealt with encrypted data. Twice, the agent told them that none of the data in the library was encrypted. When the men expressed incredulity that none of the data was encrypted a third time, the exasperated agent finally said, “Look, we don’t catch the smart ones.”
Mr. Diffie’s observations about encrypting at the source means that the smart ones – be they civil libertarians, privacy advocates, or criminals – will always be able to get around the backdoor. However, the ones that aren’t smart enough to do that may well be caught – and that’s a good thing.