In this sequel to my previous post on backdoors in cryptography, I evaluate the suggested idea of compelling public key infrastructure (PKI) for all secure communications.
I have had plenty of experience dealing with PKI. While it works well for governments or organizations, it requires the participants to be members of or associated with those organizations, undergoing an “out-of-band” authorization process. The employee gets the certs on a common access card (CAC) issued to him or her only after he or she has gone through the proper hiring and background-checking process. Naturally, at a government organization that handles sensitive data, employees are expected to play by the rules of the employing agency. Backdoors are considered an acceptable control measure to ensure employees do what they are expected to do and that they continue to serve the interests of the organization. Employees make an informed and conscious choice to seek employment at such a place of work.
Now, if the same system were to be used on the general population, it would require the whole public to be compelled to participate in the PKI scheme, even if they are not government employees, want nothing to do with working for the government, or be identified through certs by a federal agency. Basically, everyone would be forced to use crypto, keys, and certs issued by an agency or ruling body. The merits of this national ID card style system and forcing its use for all electronic communications and data transfer probably can be argued somewhere else, but basically, the checks and balances are taken away from constituents. It would also circumvent the judicial review and ruling processes law enforcement would otherwise have to go through to search someone’s data. The only way to legally have data privacy would be by using PKI; not true privacy if the government has access to the keys or can identify the users. Cryptography must not force users to sign or authenticate data in a non-repudiable manner that can be tied to an individual. Anonymity must be available to all users of an encryption method, and so must be the right to choose one’s own crypto, generate one’s own keys and certificates, and to act as one’s own certificate authority.
Enforcement of PKI is also problematic. It would require tyrannical measures to make sure nobody uses “unauthorized” cryptographic methods. Are governments going to arrest and convict everyone who is caught transmitting a file on the Web with Serpent, Twofish or AES encryption, or communicate through GnuPG? The only way to even find those users would be by capturing (not impossible) and analyzing (a lot more difficult) every piece of data communicated.
The technology for enforcement is available, and the real challenge would only be the scale at which such infrastructure would have to be deployed, but there is no way to fairly implement it in a democracy without some serious civil, legal, Constitutional and even human rights violations.
In the end, even the tightest technological and engineering controls are not immune to the human error or compromise factor. An insider agent or employee could gain access to the certificates and keys, sell them to agencies, organizations or nation states that would use them to undermine the national interests of the source country.
Compelling PKI is sitting just uphill on a slippery slope from forcing people to record all their private conversations and submit them to governments, or writing all their private thoughts and surrender them to authorities for review.