The NSA Wants a Skeleton Key to Everyone’s Encrypted Data


by Gavin Hanson, Activist Post:

Like it or not, you are your data. In this day and age, your receipts, social media activity, public records, GPS data, and Internet search history are the proof of who you are. And while you may have thought you had secrets, the Federal Government would like the rest of them.

The seemingly innocuous pieces of information we trade away every day create a detailed mosaic of our lives used to target advertising and create personality profiles that are exploited by the FBI, political operatives like Cambridge Analytica, and Russian propagandists.

And those are just the legal shenanigans! Instances of malicious hacking that jeopardize social security numbers and other important data are on the rise as well.

But all hope is not lost! There is but one meaningful defense against such intrusions, one used by whistleblowers, banks, the government (often poorly), and college students: encryption.

Encryption Is Powerful, so Naturally the Government Wants to Control It
Encryption, to oversimplify, is the process of putting your data in a combination locked safe, and it’s becoming more popular. Like all passcodes, these combinations are best stored non-electronically.

Automatically encrypted search engines and Internet services simplify the process for users. They protect individuals’ data from hacking, theft, and even the government, but they also retain a repository for all the combinations they use to lock data up.

But that may soon change.

If the executive agencies have their way, the NSA will have a record of every lock combination in use by every company—a skeleton key, if you will, to gain access to your digital home, papers, effects, and aspects of your person without warrant or probable cause—effectively mandating that companies hand over skeleton keys to the locks that they provide to their users, at any time: what they call “exceptional access.”

This is this Trojan horse that the NSA means to use to gain access to your private data even when it is encrypted.

Inherently, these central repositories for lock combinations are far more susceptible to brute force hacking than a distributed system wherein every individual secures their own lock combinations. Skeleton keys can be handy or, if they fall into the wrong hands, devastating.

This is this Trojan horse that the NSA means to use to gain access to your private data even when it is encrypted.

The NAS Proposal
In February, the prestigious National Academy of the Sciences (NAS) prepared “A Framework for Decision Makers” addressing encryption. Their solution? You guessed it: exceptional access. Even though their report has slipped under the radar, NAS reports often carry a lot of weight in Congress and within executive agencies, and it seems this one has.

But, importantly, a key source for the NAS report has cried foul.

The Electronic Frontier Foundation (or EFF) is the foremost mainstream defender of the First Amendment online. They are concerned that they were dismissed by the NAS proposal, calling it, “At best, unhelpful.”

Read More @