Master Key

When it comes to infosec, the magnitude of ignorance amongst people astounds me. People like this actually get taken seriously, requesting backdoors in encryption algorithms so government officials can take a peek once they get a warrant. That sounds like a good idea when he frames it that way, but encryption, data, and computers in general are really abstract. Let me give you an analogy that’s a little more concrete, and then I wanna poke at why they even want this shit in the first place.

Let’s say FBI Guy were proposing a mandate for a national master key. Any door in the country, and with a warrant, an officer of the law could get a copy of the national master key and open the door to the house.

Totally creepy, of course, knowing that at any time some guy could just show up with a magic key that opens the door to your house. Even ignoring the potential for abuse–“pretty please, we promise not to abuse our national master key privileges”–there’s the inevitability that someone could figure out what the national master key is. If there’s one of these things built into every house in the country–even if there’s a special master key for each house–there’s some pattern to figure out. Someone’s gonna want to find out that pattern, because all the national mandate has done is create a puzzle to crack.

And these kinds of puzzles always get cracked. Especially when the prize is so big–access to literally every house in the country–it will get cracked. The solution will get plastered all over the Internet as a big “fuck you” right back at the people that failed to grasp the consequences of their poorly planned policies. It’s happened before, and it will happen again.

If the consequences are so bad–the neutering of every lock in the country–why does the NSA, FBI, and seemingly every other triple letter agency want something like this?

Roughly speaking though, the FBI already has that national master key–a state monopoly on coercive force. With a warrant, they can kick down your door, shoot your dog, throw you in jail, and throw all your personal belongings into duffel bags to get torn apart in a forensics lab.

They can’t do that with encrypted data, not without millions of computer hours for decryption. That’s not as easy as kicking your door down and stealing seizing all of your shit. That’s what they really want; from their point of view, encrypted data is a domain beyond the reach of brute force, and they want to reel it back in.

Maybe, in the end, they shouldn’t be focused on breaking encryption, but strengthening it for everyone, including themselves. While the FBI was busy petitioning for laws that break encryption, another massive government data breach was revealed, probably including personal information about Mr. Steinbach–the very official begging for weaker standards. We’re stuck with 20th century barons imposing 20th century standards on 21st century problems.