It’s a technique that’s been used to calculate the odds of everything from the likelihood of a nuclear meltdown to the chances of getting sick from eating bad seafood.
Today, a CISAC scholar told the U.S. Senate Judiciary Committee that he hoped probabilistic risk analysis could help move the ball forward in the debate over encryption that’s pitted law enforcement and national security agencies against some of Silicon Valley’s most influential technology companies.
“Neither side can prove its case, and we see a clash of theological absolutes,” said Herb Lin, senior research scholar for cybersecurity at the Center for International Security and Cooperation and research fellow at the Hoover Institution, in his testimony before a full hearing of the committee.
The contentious debate over encryption has developed in the wake of the National Security Agency spying scandal, with tech titans Apple and Google recently announcing plans to implement stringent new cryptography protocols to protect customer data.
“When the Snowden documents revealed that NSA was hacking [the tech companies], there was a real sense of betrayal,” Lin said.
“You now hear tech companies talking about the U.S. government in the same way they talk about China. They feel like they have to protect themselves against the U.S. government in the same way they have to protect themselves against China. That’s a terrifying thought. In that kind of environment, there’s no trust.”
Law enforcement and national security agencies want tech companies to integrate a mechanism for the government to gain “exceptional access” to encrypted data into their new encryption technology. But, industry and privacy advocates have resisted, arguing that creating a so-called “backdoor” would make their software more vulnerable to attacks from hackers.
FBI director James B. Comey, who also testified before the committee, warned that the latest generation of encryption technology was putting American lives at risk. He said that the Islamic State in Iraq and Syria (ISIS) was actively recruiting homegrown terrorists via Twitter then using end-to-end encrypted mobile messaging apps to secretly send orders for them to carry out attacks within the United States.
“Our job is to look in a haystack the size of this country for needles that are increasingly invisible to us because of end-to-end encryption,” Comey said.
Deputy Attorney General Sally Quillian Yates, who testified at Comey’s side, said law enforcement could not get access to that kind of encrypted communications, even with a valid court order.
“Critical information becomes in effect ‘warrant proof’,” she said.
“Because of this, we are creating safe zones where dangerous terrorists and criminals can operate and avoid detection.”
It is a polarizing debate.
“You listen to what the privacy advocates say and what the government says and there’s no common ground,” said Lin.
“I’d like to find a way to move the ball forward rather than seeing both sides being stuck in the trenches shouting at each other.”
Lin’s proposal, which he presented to the Senate Judiciary Committee on Wednesday, recommended that both sides focus on estimating how long it would take a hacker to break into an encrypted device equipped for “exceptional access.”
“If it takes a thousand years for a bad guy to figure out how to hack…that’s probably secure enough,” Lin testified.
“If it takes him 30 seconds, using that mechanism is a dumb idea. So somewhere between 30 seconds and a thousand years, the mechanism changes from being unworkable to being secure enough.”
Not all computer security experts believe such a calculation would be possible.
“It’s challenging to come up with a defensible methodology for estimating the risk that a backdoor system will be compromised,” said Jonathan Mayer, a Stanford PhD candidate in Computer Science and former CISAC cybersecurity fellow who garnered national headlines for his research demonstrating that the NSA could use phone metadata to reconstruct detailed personal information.
“Not only are the risks of compromise unknown – they’re unknowable.”
However, Lin said the mathematical methodology known as probabilistic risk analysis, which has widely been used to predict the likelihood of catastrophic failure in complex systems from nuclear power plants to the space shuttle, might be able to shed some useful light on the risks.
And, he said, the only way to find out if it could successfully be used to calculate the risks of encryption software getting hacked would be to conduct more research.
Veterans of the so-called “Crypto Wars” of the ‘70s and ‘90s (when the U.S. government tried to limit public access to encryption technology), like Stanford professor emeritus of electrical engineering and CISAC affiliated faculty member Martin Hellman, said proposals like Lin’s could help advance the public debate and bring both sides closer together.
“Getting the two opposing sides to talk — and listen — is really important,” Hellman said.
“That's what happened 20 years ago when Congress asked the National Academies to look at an almost identical problem. It got those different groups talking and working out compromises.”