Would a Government Accommodation Or Backdoor Undermine the Integrity of Default Consumer Encryption?
On July 14, 2016, a hearing on consumer encryption was held by John McCain. One of the witnesses giving testimony was Kenneth L. Wainstein, a former assistant attorney general for national security at the Department of Justice. In his testimony, he told lawmakers that the burden is on technology companies and privacy advocates to show how backdoors in consumer encryption would harm user security, rather than on law enforcement to prove that altering the encryption scheme would be safe.
Mr. Wainstein: “For the tech industry and civil liberties groups, this means laying out technically specific support for the contention that a government accommodation would undermine the integrity of default encryption. They should provide hard data that demonstrates exactly how — and how much — each possible type of accommodation would impact their encryption systems. It is only when Congress receives that data that it can knowledgeably perform its deliberative function and balance the potential cybersecurity dangers posed by a government accommodation against the national security and law enforcement benefits of having such an accommodation in place,” he said.
“There have been arguments raised as to why this [meaning backdoors or legal accommodations] mightend up unduly compromising encryption, which really is an important thing for society. But the only way that you’re going to be able to do your job and balance the need for an accommodation against the impact it might on encryption is for them to show exactly, specifically, and technically, how this damage would come about. … We haven’t heard that yet and until we hear that, you can’t do your job and come up with a solution,” he said.
After reading this I smiled to myself and thought, well the simple answer is we can’t trust the government with the keys to backdoors. How about the OPM breach? How about the US Government Accountability Office (GAO) Report on Federal Government Cybersecurity published and publicly released June 24, 2015? According to the GAO Report, it seems our government has some issues with cybersecurity.
It seems that the OPM breach and the GAO Report would be support enough for the contention that a government accommodation to access encryption would undermine the integrity of default encryption.