There is a significant risk that widespread insertion of government-access key recovery systems into the information infrastructure will exacerbate, not alleviate, the potential for crime and information terrorism. Increasing the number of people with authorized access to the critical infrastructure and to business data will increase the likelihood of attack, whether through technical means, by exploitation of mistakes or through corruption. Furthermore, key recovery requirements, to the extent that they make encryption cumbersome or expensive, can have the effect of discouraging or delaying the deployment of cryptography in increasingly vulnerable computing and communications networks.
The predictable costs and risks of key recovery, particularly when deployed on the scale desired by law enforcement, are very substantial. The onus is on the advocates of key recovery to make the case that the benefits outweigh these substantial risks and costs.
– Various eminent cryptographers and scientists; The Risks of Key Recovery, Key Escrow, & Trusted Third Party Encryption, 1998.
Key recovery systems are designed to enable encrypted communications to be read by an authorized third party.
As described in the previous sections, governments are powerfully motivated to be able to intercept communications in order to help control crime and protect their national security. The uncontrolled, widespread deployment of strong encryption significantly prevents them from achieving this goal. Since the release of PGP, the US, UK, and other governments invested a lot of effort in trying to put the encryption cat back in the bag through implementation of key recovery systems, but the effort petered out as the rate of technology change outstripped the policy effort.
Key recovery systems require vendors of encryption software to add a “key recovery” mechanism that maintains normal security in usual use, but can be turned on by the government to decrypt your communications through a back door (sometimes called “trap door”) when authorized.
Key recovery systems use a “third key”, in addition to the public and private keys usually employed by Public Key Cryptography. This third key is typically kept in escrow with a third-party government or arms-length organization, and can be used to decrypt your communications when released to the authorities. The requirements for release of these keys varies from country to country, from almost no oversite at all, to the requirement to obtain a court order from a judge.
Naturally, key recovery is a controversial issue, pitting the needs of the national community against the rights of the individual. So the balance will always be a matter of debate. A summary of the arguments on each side can be found below:
- For. We can’t give criminal and terrorist organizations world-wide, completely secure communications to conduct their destructive work. Police don’t have the time or interest to read your email admission that you stole a pen from work, but need every edge they can get against the really bad guys.
- Against. Public key cryptography is a mathematical idea, like the equation that says that the area of a circle is equal to pi times the radius squared. The idea is part of the universe, and shouldn’t be monopolized by any one group, especially the disproportionately powerful state. This is an issue of freedom of speech, and a presumably innocent individual should have the right to engage in any type of speech, including unbreakably encrypted speech.
The Key Recovery Alliance (originally at KRA.org) was an industry organization of 30 international companies that supported key recovery, including the leading firm RSA Security, but it disbanded in 1999 under pressure from civil rights groups. Individual countries such as the US and UK have since moved to try and implement key recovery systems on their own.
In 1998, an eminent group of Cryptographers and Computer Scientists published the influential report The Risks of Key Recovery, Key Escrow, & Trusted Third Party Encryption, which helped slow the government push.