Rietta: Web Apps Where Security Matters
You are reading The Rietta Blog, a publication about the web since 2005.

It Is Not Just One iPhone, the FBI Wants a Future Where It Is Impractical to Deploy Strong Encryption Without Key Escrow


Crypto War II, the first crypto war having taken place in the 90s with the clipper chip, is in full swing with hostilities started back up a few years ago when FBI Director James Comey and others started lobbying congress and giving public speeches about how being unable to unlock some devices and communications makes it hard to do their job. It has been an unrelenting full public relations assault on practical strong encryption.

Ultimately FBI Director James Comey wants a future where it is illegal or impractical to deploy strong encryption without key escrow, which is a key backup system that the great consensus of cryptographers and computer scientists assert is insecure at scale. As a statesman he never comes out and says this directly, but it is the only conceivable outcome to what he is demanding of tech companies before congress and the actions that the FBI has taken in court.

Few companies, actually practically no one, will offer encryption if it is going to cost them tremendous amounts of money and engineer time to hack each and every device on a piecemeal basis. The siren call of key escrow or an alternate decryption key that they maintain will be irresistible. Our secure devices will be less secure. And for organizations and their employees that handle sensitive information, the risk of data breaches resulting from lost or stolen phones, even when encrypted, will increase.

Or the industry will move back in the direction of unencrypted devices, which would be just fine by the FBI but would be ultimately very bad for everyone who keeps sensitive information or accesses sensitive information through apps on their devices.

Further reading

Social media discussion

On March 16, 2016, this article made the front-page of Hacker News, remaining in the #1 position for over an hour and staying on the first page for much of the day. The comments are available at FBI Wants It to Be Impractical to Deploy Strong Encryption Without Key Escrow (news.ycombinator.com).

There is also a good discussion over on the Technology Subreddit (reddit.com).

About Frank Rietta

Frank Rietta's photo

Frank Rietta is specialized in working with startups, new Internet businesses, and in developing with the Ruby on Rails platform to build scalable businesses. He is a computer scientist with a Masters in Information Security from the College of Computing at the Georgia Institute of Technology. He teaches about security topics and is a contributor to the security chapter of the 7th edition of the "Fundamentals of Database Systems" textbook published by Addison-Wesley.