Secret Doors and Mystery Keys

What if the hardware store that sold you a front door lock automatically -- without your knowing it -- gave a copy of the key to the police? More than simple paranoia, there is a basic principle at stake here: Unless authorized by due process, law enforcement authorities must have your consent to have those keys and the ability to enter your house.

As I write this, Microsoft Corp. has been accused of inserting a secret back door into every copy of Microsoft Windows and giving the key to a federal intelligence agency. At a conference of cryptographic experts last year, a British security specialist announced that he had disassembled the standard Windows driver ADVAPI.DLL and found two crypto keys. One was a tool for Microsoft to control the cryptographic functions it enabled in Windows -- a requirement of the export restrictions on U.S. cryptography regulations.

The reason for the second key -- and its owner -- remained a mystery for many months. Enter Andrew Fernandes, chief scientist at Cryptonym Corp. (www.cryptonym.com). He started poking around in the copy of ADVAPI.DLL shipped with Windows NT 4.0 Service Pack 5. To his astonishment he found that the debugging symbols had not been removed from the library and that the keys were labeled KEY and NSAKEY.

With this revelation, many in the industry quickly assumed that one of the keys had been put in place by Microsoft programmers for use by the U.S. National Security Agency. If true, the most commonly used operating system in the world has a prebuilt backdoor that makes it easy for one of the nation’s intelligence services to load information gathering software onto any Windows platform without the owner’s knowledge.

"Nonsense," Microsoft responded. Sure, using NSAKEY as a label was unfortunate, but it was only because the NSA is the review body for approving the export of encryption technology. According to Microsoft, the key with the label NSAKEY was there in the event of a problem with the key Microsoft commonly uses to update its own cryptography components: the one labeled KEY. The NSAKEY, according to Microsoft, would be used in the event of a natural disaster and the first key was lost or unusable.

Whether or not you believe Microsoft -- and you have to wonder what kind of natural disaster would render a crypto key stored in a variety of locations unusable -- two important issues get lost in the rush to condemn them.

First, American regulations on encryption technology are not just Byzantine, they’re absurd. Even if you believe Microsoft’s explanation, the problem originates from the fact that a company is forced to write software that works for the U.S. market and then has to dumb it down for export. Pretending that export controls prevent quality encryption tools from getting in the hands of terrorists or criminals ignores the fact that strong, reliable encryption is widely available globally. Since most other countries have abandoned policies limiting cryptography export, why not the United States?

A more sinister picture emerges if you don’t believe Microsoft’s explanation. After all, law enforcement officials routinely ask for plaintext access to encrypted electronic communications. One way to allow this to happen is to give law enforcement back door access to every computer that might encrypt messages long before they were sent over the Internet. But this practice, too, is sheer folly.

Two years ago, in June 1997, a group of prominent computer security experts and cryptographers issued a compelling critique of government plans to require plaintext access loopholes in encryption software. Their report, The Risks of Key Recovery, Key Escrow, and Trusted Third Party Encryption concluded that: "The deployment of key-recovery-based encryption infrastructures to meet law enforcement's stated specifications will result in substantial sacrifices in security and greatly increased costs to the end-user. . . . These basic requirements [for plaintext access by government] make the problem of general key recovery difficult and expensive -- and potentially too insecure and too costly for many applications and many users."

In September, the Clinton administration announced a proposal to relax controls on the export of encryption software. On the surface that appears to be good news, but part of the announcement included legislation that would allow law enforcement to subpoena the keys for encrypted data. If the FBI and large software companies have already reached an agreement on encryption, the result could be products that are far less secure than advertised with hidden vulnerabilities that the government could exploit whenever they choose.

Whether or not Microsoft has opened the door to law enforcement authorities without your permission is an interesting issue, one you’re likely to hear about for some time. Far more important and useful would be an informed debate on the balance between the needs of law enforcement, your business and your private use of the Internet. I worry that another round of Microsoft-bashing -- deserved or not -- keeps all of us from discussing the more compelling issue: the availability of secure unfettered communications for every business and user on the Internet. --Mark McFadden is a consultant and is communications director for the Commercial Internet eXchange (Washington). Contact him at mcfadden@cix.org.