David Ross -- PGP -- Backdoors and Key Escrow (2024)

Copyright © 2001, 2003 by David E. Ross

Backdoors

A backdoor is a "feature" in the software of PGP — in what I call the utility functions and not in the encryption algorithm — that allows an outside party to decrypt what you have encrypted. While the ADK feature is technically a backdoor, most attention is directed to the possibility of an unknown, hidden backdoor. ADK is well known, however; and PGP users are even informed of keys that use ADK and of encryptions where ADK is required. Nevertheless, even ADK can be used to subvert the security of our messages and files.

Is There a Backdoor?

How can we know whether someone has deliberately planted their own security hole in PGP? What if the government (pick any government) induced the PGP Corporation to insert a "backdoor" that allows the police, FBI, KGB-reincarnated, et cetera to decrypt our messages and files with ease?

As a software test engineer, I must admit that code examination has its limits. Each newer version of PGP released by the PGP Corporation seems much larger than its predecessors, making code examination ever more difficult. For that reason, many individuals continue to rely on PGP 2.6.x, which is quite small and readily subject to examination. However, the mere knowledge that outsiders are looking for backdoors and other deliberate flaws inhibits the PGP Corporation from inserting those weaknesses.

In the meantime, the PGP Corporation signs its executable programs with a key that can be traced back to that company. Anyone who downloads a copy of a PGP program can thus check the authenticity of its source. I would avoid installing any version of PGP that does not include signature files for each component. And I do indeed check the downloaded files against their signatures after verifying the authenticity of the PGP Corporation's public key. In this manner, I try to protect myself from a tampered version of PGP that could have a backdoor.

Backdoors for the Government

As a consequence of the terrorist attack against the Pentagon and World Trade Center on 11September 2001, a backdoor to PGP may indeed be in the future. On 14September, Senator Judd Gregg of New Hampshire gave a speech on the floor of the U.S. Senate in which he said:

In other words, Senator Gregg requested laws to mandate either a backdoor or key escrow. Ridiculous! Senator Gregg asked us to trust the courts to control the use of backdoors or key escrow, the same courts that rubber-stamp FBI requests for secret warrants. Coupled with an anti-terrorism law that allows the police and FBI to collect and view our E-mail messages without even a search warrant, we would have no privacy at all.

What Senator Gregg failed to understand is that the terrorists will accomplish a significant victory if we surrender our liberties while trying to fight terrorism. The best revenge would be to prove that our nation can indeed survive with our freedoms intact.

Fortunately, Senator Gregg has shelved his proposal (but maybe only temporarily). Unfortunately, the FBI and local police have not removed this concept from their "wish lists".

Key Escrow

Rather than a backdoor, the government of the United Kingdom requires any PGP user to give the police both his private key and his passphrase on demand. Failure to comply is a criminal offense, punishable by a jail term of two years.

Rather than handing over the ability to decrypt after-the-fact, key escrow would have us give the police our private keys and passphrases immediately, as soon as we start using them. Representative Bob Goodlatte of Virginia said about this:

Besides allowing the police to decrypt our E-mail without a search warrant, key escrow would also allow the government to sign our messages, a basic violation of the concept of digital signing. The California regulations on the legality of digital signatures clearly state:

Fundamental Problems

Backdoors and key escrow on behalf of the government have certain problems:

• The PGP design and algorithms are well known. If commercial sources all have backdoors, criminals will simply implement their own versions. If we make homemade PGP illegal, do you really think criminals will care?
• Contrary to Senator Gregg's expectations, other nations will not jump on the backdoor bandwagon. With international borders having only slight meaning to the Internet, non-backdoor versions of PGP will remain available.
• Both backdoors and key escrow presume that the government will keep our messages and keys secure. Why should we trust the government to protect business plans for new products, love notes, and counseling by priests of their congregants when the government cannot protect its own very important secrets (e.g.: the secrets sold by FBI agent Robert Hanssen to Russia and the confidential details of a corruption investigation of Senator Robert Torricelli)? What recourse would we have if the government improperly discloses our sensitive messages and data, either directly or though careless security for our escrowed private keys? What compensation would be made to a company whose trade secrets become public knowledge? None!
• If we provide our private keys to the government under the mandate of a law that says the escrowed keys cannot be used without a judge's warrant, what would prevent Congress from later amending the law to eliminate the need for a warrant?
• The weaknesses proposed by Senator Gregg could seriously undermine the protection against self-incrimination stated in the 5th Amendment to the Constitution. If the police used a backdoor or escrowed key to snoop on the encrypted E-mail messages exchanged between a lawyer and his client — if there were merely a strong suspicion that this happened — would not a judge dismiss all criminal charges against the client? However, that judge could not erase from the minds of the police and prosecutors what they learned about the client.
• The most simple implementation of a backdoor would be to mandate use of ADK on all PGP users, with the government holding the additional decryption key. Just imagine the impact on business and individuals if the private part of the government's additional key were leaked. The effect would be the same if our escrowed private keys were leaked, with one important difference: A leaked private key compromises only the key's owner, but a single leaked additional decryption key could compromise everyone.
• The whole structure of E-commerce, electronic funds transfers, and business telecommunications depends on secure communications. A backdoor for the government would be a target for criminals and terrorists to hack. Congressman Goodlatte recognizes this. He said:

  It's not a matter of privacy vs. security, but security vs. security. Encryption protects our national security. It protects the controls of everything from nuclear power plants to the New York Stock Exchange, government communications, credit cards and the electric power grid. Encryption plays a critical role in our entire communication system, and to require that a backdoor be built into that system is just an incredibly dangerous thing to do.

  Interview reported in CNET News.com
  26 September 2001

  After all, terrorists can wreak damage on our nation not only by destroying physical property but also by interfering with commerce.

Last updated 18 November 2003