iPhone Backdoors for the FBI, a blockchain approach for transparent due process, and why it’s a bad idea
The national security complex is putting on the full court PR press for encryption back doors. See here and here. Basically this is about giving someone a TSA lock to your phone and promising to keep it really really safe unless a legit law enforcement request is received. Of course, legitimacy is in the eye of the beholder. One place where the real-world analogy breaks down is that any backdoor, in theory, enables industrial-scale exploitation. Potentially, it’s not just making it possible to open a car trunk that contains a body but more like requiring cars made out of material that’s transparent to the state. And then counting on due process to make it not infringe on the 4th Amendment and freedom from constant state surveillance.
The problem is, the folks at the NSA, CIA, DIA are in the deception business, and feel they have a moral imperative that demands deceiving the enemy, which in turn demands deceiving (lying to) the public.
I don’t even blame them, they have a job with a lot of risk, no real glory. Their job is to do what they can with the tools they’re given, and probably take the fall for ‘not connecting the dots’ even when they pretty much connected the dots.
Hillary talks about a Manhattan Project for cybersecurity…the truth is there is no way to create a magic bullet that can only be fired by the good guys, and there has been a $10b annual Manhattan project for years to enable the NSA to undermine and exploit the tech industry’s security.
So, I really thank Tim Cook for standing up to useful idiots who say Apple enables terrorists.
But with the current level of stupidity, there’s a very real possibility it’s a losing battle against that accusation, especially if there actually is a terrorist attack that hits an investigation roadblock due to iPhone encryption.
If you go down the backdoor road, there has to be maximum real-time transparency and due process. That’s kind of what the blockchain is: a secure, open public ledger of transactions. They can be money transactions, or transfer of ownership of other rights or responsibilities, or any bits, really.
So anyway, here is, as a thought experiment, how you can use the blockchain to enable transparency and due process in a key escrow scheme.
1) When Apple generates keys to encrypts your phone, they keep a copy. The copy is kept in such a way that the only way to release it is through due process.
- Records of keys to be kept in one location, e.g. basement vault at Apple HQ.
- They are kept only on physical media.
- There is no network access to that storage
- The location is electromagnetically shielded, physically secured per DoD standard for most secret information.
- The keys are generated and conveyed to that storage securely, and any copy outside the room is destroyed. How to actually guarantee that is another giant bag of worms that is beyond my pay grade. But it has to be done per a checklist like generating nuclear launch codes, and the process audited regularly, and e.g. Tim Cook to certify annually under criminal penalty that the procedures were followed, and any shortcomings or attempts at circumvention publicly disclosed.
2) When law enforcement wants access to a phone for a criminal investigation, they post the request on public blockchain that is jointly maintained by all the interested parties, including watchdogs like the ACLU. The request records
- requestor (state attorney general, US attorney, etc.)
- target device
- specific major felony accusation
- specific individual or witness
3) Judge approves the request and posts approval on the blockchain.
4) There is a reasonable delay e.g. 72h to allow challenging/appealing the request.
5) Public signature by e.g. Tim Cook that he personally authorized access after finding it was legit and all necessary information was public on the blockchain, and appeals/challenges exhausted.
6) Keys transmitted to law enforcement by similar nuclear launch code checklist, e.g. all access to the physical location and media where it’s stored by two people who follow the checklist and record that it was followed, under criminal penalty for exfiltrating information inappropriately, or not documenting any attempt at circumvention. And again, procedures and logs subject to annual 3rd party audit, and management to certify that all procedures followed, any gaps or attempts at circumvention publicly disclosed.
The point of this exercise is that once you have a backdoor, you need real, public due process with teeth.
This process will satisfy no one. It’s a huge hassle for e.g. Apple. The security community wants something where they can ask for an inch and take a mile, and blame civil authority when they don’t find the threats. The civil liberties community will rightly suspect there is a hole in there somewhere, or that one will be created at the next ‘national security emergency,’ because that’s what the public raised on ’24’ and ‘Homeland’ expects.
And of course China and Russia will demand their own, much more leaky version of this, and Apple will end up in the Stasi-enabling business.
More and more, your whole life is on the phone. It leaks plenty of information semi-voluntarily about everywhere you go, everyone you spend time with, communicate with, what sites you browse, who you transact with. The security guys can do all kinds of other things to track you, GPS monitors, hack your phone, search your garbage.
Better to not go down this road of giving the surveillance state unfettered access to everything. And maybe it’s time to try to use technology for cryptographically secure transparency and due process.