Back in April, Matt Blaze, a cryptographer and security expert from the University of Pennsylvania, testified before Congress concerning proposals to require “back doors” in encryption systems—especially in communication applications. The idea is that law enforcement would have a special key—the infamous golden key—that would enable them to decrypt messages. Since this key would be known only to the proper authorities, it would ensure the security of legitimate communications while still allowing the investigation of terrorist or criminal messages.
Everyone with the slightest bit of technical sophistication knows that such a system is impossible. Even if we pretend for a moment that the key wouldn’t be leaked or sold, once the back door is there it will be discovered and exploited by criminals and foreign state entities. The result is that we will all be less secure and the criminals will move on to other ways of communicating. We will have sacrificed our security without making much real difference in law enforcement effectiveness.
Blaze’s testimony focuses on how difficult it is to build correct software, especially security software. He makes the point that we simply don’t know how to do it. The security of software goes down as its complexity increases and Blaze explains why providing a back door inevitably increases complexity, sometimes dramatically so.
The testimony is about eight and a half pages long and an interesting read so take a look if you have an interest in these matters. We can only hope that Congress takes his testimony to heart.