In what most cyber security experts would say is a surprising change of heart, former Homeland Security Secretary Michael Chertoff publicly discloses his disagreement with FBI Director James Comey on the governments desire to backdoor encryption (emphasis added):
I think that it’s a mistake to require companies that are making hardware and software to build a duplicate key or a back door even if you hedge it with the notion that there’s going to be a court order. And I say that for a number of reasons and I’ve given it quite a bit of thought and I’m working with some companies in this area too.
First of all, there is, when you do require a duplicate key or some other form of back door, there is an increased risk and increased vulnerability. You can manage that to some extent. But it does prevent you from certain kinds of encryption. So you’re basically making things less secure for ordinary people.
The second thing is that the really bad people are going to find apps and tools that are going to allow them to encrypt everything without a back door. These apps are multiplying all the time. The idea that you’re going to be able to stop this, particularly given the global environment, I think is a pipe dream. So what would wind up happening is people who are legitimate actors will be taking somewhat less secure communications and the bad guys will still not be able to be decrypted.
The third thing is that what are we going to tell other countries? When other countries say great, we want to have a duplicate key too, with Beijing or in Moscow or someplace else? The companies are not going to have a principled basis to refuse to do that. So that’s going to be a strategic problem for us.
Finally, I guess I have a couple of overarching comments. One is we do not historically organize our society to make it maximally easy for law enforcement, even with court orders, to get information. We often make trade-offs and we make it more difficult. If that were not the case then why wouldn’t the government simply say all of these [takes out phone] have to be configured so they’re constantly recording everything that we say and do and then when you get a court order it gets turned over and we wind up convicting ourselves. So I don’t think socially we do that.
And I also think that experience shows we’re not quite as dark, sometimes, as we fear we are. In the 90s there was a deb — when encryption first became a big deal — debate about a Clipper Chip that would be embedded in devices or whatever your communications equipment was to allow court ordered interception. Congress ultimately and the President did not agree to that. And, from talking to people in the community afterwards, you know what? We collected more than ever. We found ways to deal with that issue.
These are all the exact same arguments security experts have been saying in opposition of the idea for some kind of unicorn dust magic key that will unlock every form of encryption available on the planet. It is very curious to see Chertoff have this change of heart considering his background, and especially since he used to have to tow the governmental party line on law enforcement capabilities.
That he hits the nail directly on the head with respect to why the FBI’s notion of a backdoor is such a bad idea is quite noteworthy. Chertoff is quite possibly the first former federal law enforcement senior leader to publicly disagree with Comey and the Obama administration on its ardent desire to make it easy for the FBI and other federal agencies to spy on Americans.
Hopefully Chertoff’s influence extends beyond his own nose and others in his sphere come to the realization that this idea of the government holding a magic backdoor key is nothing but a pure pipe dream.