Computer Science and Artificial Intelligence Laboratory Technical Report

In the last decade the internet has evolved into a vast and rich domain of data. While this data is essential to many companies, there is also recent interest from law enforcement organizations. Recently law enforcement organizations have made requests for exceptional access to the data storage and communications systems underlying web services. They argue that the use of encryption prevents them from performing their investigative duties to their full ability. This paper written by prominent computer scientists with decades of security and systems experience argue against this request.

The paper has many technical reasons arguing against exceptional access. Their first point is that giving them this access would cause developers to stray from best practices such as “forward secrecy” and “authenticated encryption” which make the internet more secure. Building systems with exceptional access would also cause a large increase in the complexity of security systems. As complexity increases, unintended interactions between subsystems cause new security vulnerabilities which also decrease the overall security of the internet. Another issue exceptional access causes is the creation of predefined targets for bad actors to attack. If law enforcement has keys that access everything, then bad actors just need to attack one source to get all the information they need. The final technical issue the paper addresses is that of jurisdiction. For multinational companies many countries would request exceptional access causing national security issues. The paper goes into more detail regarding the technicalities for each of these points, how these systems can be used for evil, and scenarios for illustrative purposes.