Encryption that Makes Everyone Happy

[Editor's note: This is a compilation of several posts I made over the years which discusses a solution to the seemingly intractable disagreement between law enforcement and privacy advocates over the encryption of personal data.  This has little to do with photography.]

I think I found a solution to the Apple vs. FBI stalemate that requires no back door, maintains strong privacy, and still provides for legimate law enforcement access when there is a warrant.  What do you think of this idea?  

1st Post - February 18, 2016

As often happens with politicized topics, there is much ignorance and lies being spewed by all parties when it comes to the encryption vs. privacy vs. government access vs. security debate.  I'm not advocating mass eavesdropping; rather I'm talking about legitimate law enforcement needs to solve murders and kidnappings in cases where a warrant has been issued.  (Traditionally, warrants have been the mechanism to keep power-hungry government officials in check.)

If you've been following this subject at all in the media, you'll be hearing two major arguments:

1) "Strong encryption prevents the government from preventing terrorism, therefore manufacturers must install 'back doors' to the encryption that the government can use to eavesdrop".  (This has been proven to be propaganda, as there are no demonstrated cases where not having access to an encrypted channel would have prevented anything.)

2) "We want to help law enforcement, however if such back doors were to be installed, hackers would be able to access it too, allowing no shortage of evil to take place.  Plus, the NSA and other officials have demonstrated that they're not as concerned about due process when it comes to overstepping eavesdropping authority.  It would be a public policy disaster and U.S. tech companies would lose international business as confidence in their security drops."

The above set of arguments is what's called a false dichotomy; it implies that these are the only two options available.  Throughout this argument, nobody - not even encryption experts - has talked about existing encryption algorithms which can meet everyone's legitimate needs without necessitating a back door.  It's called (m,n)-threshold encryption, and it works like this: Instead of having one key (that can both encrypt and decrypt), or two keys (one to encrypt and another to decrypt), you can encrypt anything using m of n keys, meaning you can have multiple keys floating around, and any 2 or 3 (or whatever combination you choose) of those keys can decrypt the contents.  You can also configure it to have just one of the keys lock but two of any of the other keys will be required to unlock.  It can be custom-tailored to meet specific use cases.

How would this work in the case of a smartphone?

In this instance I would propose issuing three keys, one of which works as it does now, and two others being distributed to the mobile phone manufacturer (let's say Apple for the sake of example), and the FBI.  By themselves, neither Apple nor the FBI would be able to decrypt the phone.  However, when a warrant is issued the FBI approaches the mobile phone manufacturer with the warrant and their key, and upon verification of the warrant the manufacturer can combine the FBI's key with their own key to decrypt the information.  And since each person / phone / communication channel would get their own unique set of 3 keys, if one decrypting key combination were to be stolen or leaked, all the other phones would still be secure.

Of course I'm not familiar enough with the ways key management is used in modern mobile phones.  So I emailed a foremost expert on the subject, Bruce Schneier, whose book "Applied Cryptography" has been referenced by me for longer than I care to admit.

Bruce wrote back the next day:  "Many people have proposed secret sharing schemes for government access. What you're missing is that the problems are legal, and not mathematical."  (Gotta love a busy guy who answers his own email!)  Unfortunately he didn't go into more detail, but at least my premise has been validated: This problem has a technical solution which can be a win for all parties involved.

So, this is an opportunity to save the world from an epic political logjam, protect people's information from overzealous snoops and hackers alike, yet still give law enforcement a valuable tool to help track down that kidnap victim when there is a warrant.

(I haven't asked Edward Snowden his opinion yet.  I think he has bigger problems to deal with right now.)

2nd Post - March 9, 2017

Remember the big brouhaha a year ago, when the FBI wanted to read the contents of a terrorist shooter's phone, and Apple said no?  That re-ignited the eternal "Should governments have easy access to encrypted communications?" debate.

Right about that time I proposed a technical solution this very problem, which would break the impasse between the "Strong encryption prevents the government from preventing terrorism" camp and the "If you install a back door, hackers will be able to access it also!" camp.  (You can read about my proposed solution here, and scroll down to "Encryption That Makes Everyone Happy".)

Shortly after that was published, someone else proposed my very same idea to a reputable engineering discussion forum called risks.org (where engineers discuss potential risks of technology to society in an effort to prevent ill-thought-out systems).  You can read that proposal here.

So my idea has been validated!  Although I'm not impressed with the moderator's response: he essentially dismissed it because it wasn't a million percent perfect, while completely ignoring the fact that it was five hundred thousand times better than what we have now.

3rd Post - July 4, 2018

Back in 2016 I talked about how there could be a solution to the current ill-informed encryption debate - that you could encrypt private information (on a smartphone, for instance) yet still provide for law enforcement's legitimate needs without having to build a "back door" which could be exploited by bad actors.  Although others have echoed my case (see the bottom of this follow-up blog post from 2017), the proposed solution seems to have fallen on deaf ears.  Even my personal message to the deputy director of the FBI, who has publicly called for a balanced solution like the kind I proposed, has gone unanswered.  

This is another instance of "ideas do not catch on by merit alone".  I say this because someone else with more street cred than an overeducated photographer has been evangelizing this very idea, and taking it on the road and presenting it to "all the right people".  You can read much more about him in this article from wired.com.

Another article exposing the same ideas has been published in Techcrunch as well.

Once again, my ideas have been validated.  But what good is being able to solve problems if those solutions fall on deaf ears?  Of course, I know full well the most likely explanation for the deafening silence is that these folks aren't really interested in solving the problem; they are more interested in earning political points and bashing big tech.  It is inconceivable to me that the NSA hasn't already found a way to break into phones and gather the info they need.

4th Post - Jan. 9, 2019

Was covering the Consumer Electronics Show in Vegas for Cameracraft magazine.  Went to the FBI booth.  Thanked them for their work.  Told them I had the answer to the rift between Apple and the FBI in terms of being able to access phone info to catch criminals.  "I even sent a detailed letter to the deputy director of the FBI, which got no response at all."  He didn't care to ask for additional information.  (Scholarly comment: "Hmmmph!!")

=== END OF SUMMARY ===