08:24 GMT +319 October 2019
Listen Live
    This rise in the incidence and severity of cyber-attacks is very concerning to the United Nations and to all of us

    NSA Wants 'Front Door' Access to Encrypted Data

    © Flickr/ powtac
    News
    Get short URL
    0 85
    Subscribe

    The head of the National Security Agency, Admiral Michael S. Rogers, said the intelligence group no longer is interested in backdoor solutions to digital surveillance.

    Instead, the NSA wants a "front-door" solution – which some privacy experts think could be even worse.

    Rogers suggested a solution in which at least two parties – one of which is the NSA – retain parts of a data encryption key. The solution would require all of the parties to provide their key in order for the NSA to access encrypted communications, as well as prevent the agency from acting unilaterally.

    Edward Snowden
    © REUTERS / Glenn Greenwald/Laura Poitras

    “I don’t want a back door,” Rogers said during a speech at Princeton University. “I want a front door. And I want the front door to have multiple locks. Big locks.”

    According to Joel Hrusky at ExtremeTech, "The first problem with Rogers proposed front-door solution is that it’s a meaningless feel-good measure given the current regulatory structure of our national security system."

    Prior to the Snowden leaks of 2013, digital providers were forbidden from disclosing that they had been contacted regarding national security matters. Documents leaked by Snowden showed that Yahoo! unsuccessfully challenged the legality and authority of the NSA.

    Moreover, giving half a key to Google or Yahoo would be meaningless unless the company possesses the authority to refuse to use it.

    Another problem with the front-door solution is that it requires cooperation between corporations and the NSA at a time when animosity between the two groups is at an all-time high.

    "The NSA could avoid this problem by sharing the key with government-appointed escrows rather than corporations," Hrusky writes, “but this simply hides the process from public view. That’s already extremely problematic.”

    There also would be technological questions about security and vulnerability of the two-key solution, as well as the escrow solution.

    "The basic question is, is it possible to design a completely secure system" to hold a master key available to the US government but not adversaries, said Donna Dodson, chief cyber­security adviser at the Commerce Department’s National Institute of Standards and Technologies.

    "There’s no way to do this where you don’t have unintentional vulnerabilities."

    Hrusky argues that what is really needed is structural change in the NSA.

    "The agency is loath to give up its ability to spy on American citizens, or even make meaningful concessions to it — which means whatever system it ultimately backs will be designed to preserve as much of its current capabilities as it can," he writes.

    Tags:
    data collection, Apple, Yahoo, Google, National Security Agency (NSA), Michael Rogers, United States
    Community standardsDiscussion
    Comment via FacebookComment via Sputnik