Report: U.S. Gov't Revises Stance On 'Golden Key' Approach To Encryption

News
By Lucian Armasu
published

According to a report in the Washington Post, the U.S. government has "evolved" its thinking on backdoors. It's not looking for a "golden key" anymore. Instead, it's now considering requiring companies to give it remote access to the targets' devices through automatic updates to users' devices and software, making them implement special encrypted ports in hardware that gives the government access to devices, setting up a system of split-key backdoors (so like a "golden key" broken into multiple pieces), or forcing them to backup users' data when they are not paying attention.

Malicious Automatic Updates

From the report, it appears that the U.S. government would like to be able to force companies to send malicious updates to users, through the automatic update systems that many products incorporate these days, including Windows, Mac OS X, iOS, Android, Chrome, Firefox and so on.

This could validate a fear that "non-expert" users had earlier this year in a study concerning automatic updates that could be hijacked by the U.S. government. However, at least officially, this is not the policy or law just yet, but law enforcement officials consider it as one of the official solutions for getting encrypted user data.

Government officials also seem to recognize that this solution could lower trust in companies, and many users could start disabling the automatic update features on their apps or operating systems. This is often trivial to do, and given enough awareness, it's likely that such a solution to hack users and get their data could soon become obsolete. At the same time, it would make everyone never trust automatic updates again, exposing them to other security risks.

Encrypted Physical Ports

The officials also suggested that companies offer encrypted ports to their devices, and the companies would unlock their devices with those keys when the government requests their assistance. Of course, this is technically a backdoor that would make the encryption of devices much more complex. The companies would have to ensure the data is encrypted with the users' keys, but also their own, which would further introduce weakness into the system, that could be exploited by others who steal the devices, or even through remote hacking.

Such a solution would also increase the cost of the hardware for companies, which basically translates to users paying for the privilege of having backdoors in their devices. If such a solution is mandated in the U.S., many may start importing their devices from other countries.

Forced Backups

Another approach the government has been considering is the idea of forced backups. The companies would have to take people's files from their devices and upload them to a different location where the government could access them, unencrypted.

However, the officials once again recognized that this could include a significant redesign of the companies' systems. The uploading of the data would also have to happen without the targets realizing their data is being uploaded in the cloud. If it's gigabytes' worth of data, then it would only have to be done through Wi-Fi, but even then it could kill much of the device's battery life or slow down performance, which would clue users into noticing that something is amiss.

One of the weaknesses of the "end-to-end" encrypted iMessage for instance, is that it automatically backs up all the messages to iCloud, with no way to turn off syncing, unless you completely disable iCloud syncing. Experts warn that all cloud storage is also vulnerable to Sony-style hacking, and despite the fact that many companies offer such services today, it's far from an ideal solution for keeping user data safe.

Split Golden Keys

Although the FBI has changed its discourse from a few months ago by saying it doesn't want a golden key anymore, one of the solutions is to have a key split into multiple pieces, with the keys to be recombined only under a court order. However, it's not clear how this would work in practice.

Plus, as we've seen with the OPM hack, it's not clear that even having multiple parts of a key spread across different agencies or people would work very well. For this to be practical for investigations, the key pieces would likely have to be owned by hundreds of people, if not more. This leaves much room for those employees to lose the keys by getting hacked by nation states that know those keys could give them access to the data of millions of Americans.

Security Weakening Front Doors

Although all security experts seem to call these "backdoors," U.S. officials have rejected this term, preferring instead to say that they are "front doors." This differentiation seems to come from the fact that the government believes a backdoor is something that has to be hidden, while this would be a transparent solution that everyone would know about.

However, for all intents and purposes, it would technically function the exact same way, and this is likely why security experts call them "backdoors." Whatever the nomenclature, though, they both end up weakening the security of a system.

The government also seems to act as if the digital world has "pretty good security," and it's worth weakening a little bit in order to serve law enforcement data requests. However, many security experts say that, in fact, even the most secure systems today are still quite vulnerable to hacking by sophisticated attackers, so if anything, companies should keep striving to increase the security of their systems, not weaken them. This is true if we simply look at how many hacks have happened in the past few years at major corporations that are supposed to have enough money and resources to secure themselves.

Follow us @tomshardware, on Facebook and on Google+.

Lucian Armasu
Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
19 Comments Comment from the forums
  • thor220
    It would be funny if they did do Hijacked updates. Would make windows 10 all the more unpopular.
    Reply
  • Math Geek
    the "bad guys" the government wants to monitor is already smarter than these types of back doors would help them track. a simple encrypted message emailed is transferred to a thumb drive, then opened and read on a machine that is unconnected to the web in any way. the response is typed and encrypted on this machine as well, then transferred back to the first machine to be sent in an email. at no time is this data unencrypted and available for it to be uploaded to the web by whoever is trying to get it.

    this has been employed for a very long time by the "bad guys" since the backdoors have been in place for a very long time. think about the Bin Laden raid and all the juicy bits they got from the pc's they got there. all this was new info since it was kept off the grid by simply not connecting them to the web to be hacked and read by the governments who wanted to read it. everything was sent encrypted and only opened off the grid.

    the backdoors will only allow the gov to spy on citizens who really are not a threat. i spent a number of years working in the intelligence field and can say for sure that this method has been in use since before 9/11 and after. there is no reason to think that they will all of a sudden stop doing this now ESPECIALLY if the exploit is publicly known and acknowledged. the gov already intercepts all web traffic just about world wide and can't read this encrypted data. they are hoping this backdoor will allow them to catch the data before it is encrypted and vulnerable.

    the "bad guys" are just smarter than this and it won't have any effect.
    Reply
  • Onus
    In the US, this would be a clear violation of the 4th Amendment, which requires a warrant (supported by sworn affidavit) before a search (which must be specific) can be conducted.
    For those outside the US, this is the amendment that recognizes the right of the people to be secure in their persons, papers, and effects against unreasonable search and seizure. IMHO, it is important to note that neither this amendment, nor any other, grants any rights, they recognize inherent, pre-existing rights that it was our government's chartered purpose to secure. If you're laughing, you probably should be crying.
    Reply
  • skit75
    Front door, back door or my window..... Get a warrant, even if the door or window is open. The chilling effect of some of these ideas grossly outweighs any perceived benefit.
    Reply
  • Math Geek
    16677879 said:
    In the US, this would be a clear violation of the 4th Amendment, which requires a warrant (supported by sworn affidavit) before a search (which must be specific) can be conducted.
    For those outside the US, this is the amendment that recognizes the right of the people to be secure in their persons, papers, and effects against unreasonable search and seizure. IMHO, it is important to note that neither this amendment, nor any other, grants any rights, they recognize inherent, pre-existing rights that it was our government's chartered purpose to secure. If you're laughing, you probably should be crying.

    the 4th amendment has already gone out the window with the mass info grab they have been doing and the SCOTUS has upheld the gathering. this would actually require multiple agencies to agree and put their keys together to get at a person's data. arguably less intrusive since the exploit has to be specifically activated to be used rather than the mass data the collect now "in case they need it".

    i don't like either one myself but do understand what they are trying to do. i can say that in my years working in the field in an active war zone i never once used the mass collected data for anything useful. we got all we needed from specifically targeting a person's devices and/or pc's for data. we could tap a cell phone or other device of the person we wanted to monitor. this is why they quickly went back to staying off the grid and literally passing hand written notes to pass along data before they figured out encrypted data was the way to go so long as it was read off grid.

    this literally will have no effect on day to day for the true enemies who have already been pretty smart in their info security than we want to give them credit for.
    Reply
  • dgingeri
    I say we get a full on class action lawsuit going to sue the government and force the law to make it illegal to even ASK for such things.
    Reply
  • Math Geek
    16677952 said:
    I say we get a full on class action lawsuit going to sue the government and force the law to make it illegal to even ASK for such things.

    the SCOTUS has already upheld the data collecting multiple times now. we have already lost the case and can only take steps to protect yourself as you go. keep important data offline and only connect to send the data encrypted is the only way to go. if it is connected it WILL BE READ, is pretty much the moral of the story from here on out,.
    Reply
  • xenogen
    I can verify that the authorities have been targeting our smartphones/flip phones for a long time... I had to go to the SDPD for an errand. I noticed while waiting in the lobby that a virus had entered my phone through bluetooth. It created a small message in the phone, connect to xyz virus with some bug symbol that flashed for a second. At the time Bluetooth was new tech and there had been reports of Bluetooth viruses in the news. I was going to bring it up to the staff but decided not to. This was on a flip phone, blue in color, popular for t-mobile around 2003. I now believe that virus was not from a crook hacker but from the police department itself. Without a doubt. True story. 100%
    Reply
  • stuart lynne
    If the government wants weakened security will the government provide liability coverage for malicious use.

    The dollar value for data breaches that use these back doors (or Golden Keys) could amount to billions (with a B) of dollars. Will the government be there to pay that out to 1st parties (companies that get breached) or 2nd parties (users whose data got stolen.) Or reimburse for funds lost?

    While the government has a wicked problem protecting us from terrorist attacks. They run the risk of imposing far higher burdens on us from the run of the mill criminal use of our data and theft of our funds. If they are going to weaken security they need to say who is going to pay for the increase cost of that use by criminals. And it is a number in the billions of dollars per year range.
    Reply
  • Wisecracker
    1) You guys should read and comprehend the piece in the Post; and
    2) Lucian Armasu should be flogged.
    Reply