Advertisement

Security experts warn against encryption 'backdoors'

Scottrade said it believes that the illegal activity involving its network occurred between late 2013 and early 2014, and targeted client names and street addresses

A group of computer code experts said Tuesday that law enforcement cannot be given special access to encrypted communications without opening the door to "malicious" actors. A research report published by the Massachusetts Institute of Technology challenges claims from US and British authorities that such access is the policy response needed to fight crime and terrorism. Providing this kind of access "will open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend," said the report by 13 scientists. The paper was released a day after FBI Director James Comey called for public debate on the use of encrypted communications, saying Americans may not realize how radical groups and criminals are using the technology. Comey argued in a blog post that Islamic State militants are among those using encryption to avoid detection. The New York Times, which reported earlier on the study, said Comey was expected to renew a call at a congressional hearing for better access to encrypted communications to avoid "going dark." The computer scientists said, however, that any effort to build in access for law enforcement could be exceedingly complex and lead to "unintended consequences," such as stifling innovation and creating hostility toward new tech products. "The costs would be substantial, the damage to innovation severe, and the consequences to economic growth difficult to predict," the report said. "The costs to developed countries' soft power and to our moral authority would also be considerable." In the 1990s, there was a similar debate on the "clipper chip" proposal to allow "a trusted third party" to have access to encrypted messages that could be granted under a legal process. The clipper chip idea was abandoned, but the authors said that if it had been widely adopted, "it is doubtful that companies like Facebook and Twitter would even exist." The computer scientists said the idea of special access would create numerous technical and legal challenges, leaving unclear who would have access and who would set standards. "The greatest impediment to exceptional access may be jurisdiction," the report said. "Building in exceptional access would be risky enough even if only one law enforcement agency in the world had it." The British government is considering legislation to compel communications service providers, including US-based corporations, to grant access to British law enforcement agencies. "China has already intimated that it may require exceptional access," the report said. "If a British-based developer deploys a messaging application used by citizens of China, must it provide exceptional access to Chinese law enforcement?" Among the report's authors are Daniel Weitzner, director of the MIT Computer Science and Artificial Intelligence Laboratory, and well-known MIT cryptographer Ronald Rivest.