15 highly-respected computer scientists and security experts who came together to outline how law enforcement’s proposed requirement for “backdoor” access to all encrypted files would actually make the Internet more vulnerable to crime and deception were recognized for their work today with the M3AAWG 2015 J.D. Falk Award. “Keys Under Doormats: Mandating Insecurity by Requiring Government Access to All Data and Communications” explains how the government’s request for a system that would allow it to access any secured file would set back Internet security, raise legal and ethical questions, and be impractical to implement.
The report cites three general problems:
- Providing exceptional access would impede the best practices currently being deployed to make the Internet more secure, including deleting encryption keys immediately after use and using keys to authenticate that a message has not been manipulated or forged.
- A new surveillance ecosystem built to accommodate exceptional access would substantially increase system complexity, be less secure and be susceptible to operator errors that could put millions of end-users at risk.
- The existence of an additional pathway to access encrypted data would create concentrated targets, attracting cybercriminals and endangering end-users and commerce.
Respected Computer Scientists and Security Experts
The authors are accomplished security experts from a range of academia, research and business who add a variety of perspectives to the report:
- Harold Abelson, MIT professor of electrical engineering and computer science, IEEE fellow and a founding director of both Creative Commons and the Free Software Foundation
- Ross Anderson, University of Cambridge professor of security engineering
- Steven M. Bellovin, Columbia University professor of computer science
- Josh Benaloh, Microsoft Research senior cryptographer researching verifiable election protocols and related technologies
- Matt Blaze, associate professor of computer and information science at the University of Pennsylvania where he directs the Distributed Systems Lab
- Whitfield Diffie, an American cryptographer whose 1975 discovery of the concept of public-key cryptography opened up the possibility of secure, Internet-scale communications
- John Gilmore, entrepreneur and civil libertarian, an early employee of Sun Microsystems, and co-founder of Cygnus Solutions, the Electronic Frontier Foundation, the Cypherpunks, and the Internet’s alt newsgroup
- Matthew Green, research professor at the Johns Hopkins University Information Security Institute focusing on cryptographic privacy techniques and new techniques for deploying secure messaging protocols
- Peter G. Neumann, senior principal scientist at the SRI International Computer Science Lab and moderator of the ACM Risks Forum for thirty years
- Susan Landau, professor of cybersecurity policy at Worcester Polytechnic Institute and author of two books on the subject
- Ronald L. Rivest, MIT Institute Professor, co-inventor of the RSA public-key cryptosystem, and founder of RSA Security and Verisign
- Jeffrey I. Schiller, Internet Engineering Steering Group Area Director for Security from 1994 to 2003
- Bruce Schneier, fellow at the Berkman Center for Internet and Society, Harvard University, and author of numerous books
- Michael A. Specter, security researcher and Computer Science Ph.D. candidate at MIT’s Computer Science and Artificial Intelligence Laboratory
- Daniel J. Weitzner, principal research scientist at the MIT Computer Science and Artificial Intelligence Lab, Founding Director of the MIT Cybersecurity and Internet Policy Research Initiative, United States Deputy Chief Technology Officer in the White House (2011-2012)
Original Article can be found here
Original Paper can be downloaded here