Microsofts leaky boot offers another reason to preserve encryption

R Street Institute's picture

Gandalf: A Palantír is a dangerous tool, Saruman.

Saruman: Why? Why should we fear to use it?

Gandalf: They are not all accounted for, the lost Seeing Stones. We do not know who else may be watching!

The Fellowship of the Ring

In the wake of this year’s court battle between Apple and the FBI over access to the cellphone of San Bernardino terrorist Syed Rizwan Farook, there has been much debate over the value of encryption and whether the government can or should ever compel companies and individuals to undermine their own security features.

A recent story from Ars Technica demonstrates yet again why Apple and other encryption “absolutists” were right to oppose creating an encryption backdoor. It turns out that Microsoft accidentally leaked the “golden key” that allows users to unlock tablets and phones protected by the company’s Secure Boot technology, which directs a system’s firmware to ensure the bootloader is signed with a cryptographic key. As Ars’ Tom Mendelsohn explains:

The key basically allows anyone to bypass the provisions Microsoft has put in place ostensibly to prevent malicious versions of Windows from being installed, on any device running Windows 8.1 and upwards with Secure Boot enabled.

And while this means that enterprising users will be able to install any operating system—Linux, for instance—on their Windows tablet, it also allows bad actors with physical access to a machine to install bootkits and rootkits at deep levels. Worse, according to the security researchers who found the keys, this is a decision Microsoft may be unable to reverse.

The security flaw was discovered by researchers, then posted on a funky retro website with this note to the U.S. Justice Department:

FBI: are you reading this? If you are, then this is a perfect real world example about why your idea of backdooring cryptosystems with a ‘secure golden key’ is very bad!

Members of Congress have taken differing approaches to these delicate issues. Sens. Richard Burr, R-N.C., and Dianne Feinstein, D-Calif., have practically disdained internet security, introducing a bill that would require tech companies provide “technical assistance” to agencies seeking to access encrypted data.

At the other end of the spectrum, Rep. Darrell Issa, R-Calif. – chair of the House Judiciary Subcommittee on Courts, Intellectual Property and the Internet – has pushed back against the White House’s charge that those who oppose mandatory backdoors are “absolutists,” explaining “encryption is either secure or not secure.”

Meanwhile, Rep. Mike McCaul, R-Texas, is exploring what he considers a middle option, calling on Congress to further study the issue through a blue ribbon commission.

We at the R Street Institute support strong encryption and have warned about the consequences of efforts to undermine this essential security tool through government-mandated backdoors, compelled assistance or other means. A similar position was reiterated by Apple CEO Tim Cook in his February “letter to customers” that clarified the company’s defense of encryption.

More recently, in an interview that ran in Sunday’s Washington Post, Cook was asked about his stand against the FBI. Without mentioning the breach of Microsoft’s Secure Boot, he reflected on his resolve, explaining:

Could we create a tool to unlock the phone? After a few days, we had determined yes, we could. Then the question was, ethically, should we? We thought, you know, that depends on whether we could contain it or not. Other people were involved in this, too — deep security experts and so forth, and it was apparent from those discussions that we couldn’t be assured. The risk of what happens if it got out, we felt, could be incredibly terrible for public safety.

We knew the positioning on the outside would not be public safety. It would be security vs. privacy — security should win. But we went through the deep, deep, deep discussions on that. It became clear that the trade-off, so to speak, was essentially putting hundreds of millions of people at risk for a phone that may or may not have anything on it, and that likely didn’t, because of other things that we knew about. We thought this actually is a clear decision. A hard one, but a clear one.

One of the central reasons to oppose efforts to establish government backdoors into iPhones or any other encrypted app or device is that there is no way the government can guarantee these backdoors won’t be exploited by bad actors, like hackers or foreign nations. This was precisely the concern evaluated by expert cryptographers, computer scientists and security specialists in the 2015 study “Keys Under the Door Mats,” which concluded:

[A]nalysis of law enforcement demands for exceptional access to private communications and data show that such access will open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend.

Both Cook and the researchers who found the Secure Boot vulnerability recognize the perilous threat to technological security posed by granting “golden keys” to law enforcement or other government agencies. As legislators further deliberate the right path forward, one hopes they will heed these expert warnings, rather than subject Americans to new cyber threats domestic and foreign.

Copy this html code to your website/blog to embed this press release.