Note: My Web pages are best viewed with style sheets enabled.

PGP: Backdoors and Key Escrow

Copyright © 2001, 2003 by David E. Ross

Backdoors

A backdoor is a "feature" in the software of PGP — in what I call the utility functions and not in the encryption algorithm — that allows an outside party to decrypt what you have encrypted. While the ADK feature is technically a backdoor, most attention is directed to the possibility of an unknown, hidden backdoor. ADK is well known, however; and PGP users are even informed of keys that use ADK and of encryptions where ADK is required. Nevertheless, even ADK can be used to subvert the security of our messages and files.

Is There a Backdoor?

How can we know whether someone has deliberately planted their own security hole in PGP? What if the government (pick any government) induced the PGP Corporation to insert a "backdoor" that allows the police, FBI, KGB-reincarnated, et cetera to decrypt our messages and files with ease?

*** Begin Right Sidebar ***

For a while — when NAI owned the PGP product — the source-code was unavailable and outside inspection became impossible. As a result, experienced users of PGP lost confidence in newer versions of the product. This situation has been reversed by the PGP Corporation in an attempt to restore confidence.

*** Begin Right Sidebar ***

The source code for various PGP versions is public. Expert computer programmers — definitely not employed by the PGP Corporation — can pounce on each new version and study the code carefully. After determining that the source code contains no backdoors, they can compile that source code and compare the result with the executable program obtained from the PGP Corporation. Not once has an alarm been raised that a deliberate weakness was inserted into PGP by the PGP Corporation. The same is true of implementations by others of the PGP concept.

As a software test engineer, I must admit that code examination has its limits. Each newer version of PGP released by the PGP Corporation seems much larger than its predecessors, making code examination ever more difficult. For that reason, many individuals continue to rely on PGP 2.6.x, which is quite small and readily subject to examination. However, the mere knowledge that outsiders are looking for backdoors and other deliberate flaws inhibits the PGP Corporation from inserting those weaknesses.

In the meantime, the PGP Corporation signs its executable programs with a key that can be traced back to that company. Anyone who downloads a copy of a PGP program can thus check the authenticity of its source. I would avoid installing any version of PGP that does not include signature files for each component. And I do indeed check the downloaded files against their signatures after verifying the authenticity of the PGP Corporation's public key. In this manner, I try to protect myself from a tampered version of PGP that could have a backdoor.

Backdoors for the Government

As a consequence of the terrorist attack against the Pentagon and World Trade Center on 11 September 2001, a backdoor to PGP may indeed be in the future. On 14 September, Senator Judd Gregg of New Hampshire gave a speech on the floor of the U.S. Senate in which he said:

We need to have the cooperation of the manufacturing community and the inventive community in the Western World and in Asia in the area of electronics. These are folks who have as much risk as we have as a nation, and they should understand, as a matter of citizenship, they have an obligation to allow us to have, under the scrutiny of the search and seizure clauses, which still require that you have an adequate probable cause and that you have court oversight--under that scrutiny, to have our people have the technical capability to get the keys to the basic encryption activity.

Congressional Record, Senate
13 Sep 01, p.S9357

In other words, Senator Gregg requested laws to mandate either a backdoor or key escrow. Ridiculous! Senator Gregg asked us to trust the courts to control the use of backdoors or key escrow, the same courts that rubber-stamp FBI requests for secret warrants. Coupled with an anti-terrorism law that allows the police and FBI to collect and view our E-mail messages without even a search warrant, we would have no privacy at all.

What Senator Gregg failed to understand is that the terrorists will accomplish a significant victory if we surrender our liberties while trying to fight terrorism. The best revenge would be to prove that our nation can indeed survive with our freedoms intact.

Fortunately, Senator Gregg has shelved his proposal (but maybe only temporarily). Unfortunately, the FBI and local police have not removed this concept from their "wish lists".

Key Escrow

Rather than a backdoor, the government of the United Kingdom requires any PGP user to give the police both his private key and his passphrase on demand. Failure to comply is a criminal offense, punishable by a jail term of two years.

Rather than handing over the ability to decrypt after-the-fact, key escrow would have us give the police our private keys and passphrases immediately, as soon as we start using them. Representative Bob Goodlatte of Virginia said about this:

That's like telling people to take their house key down to the police station. People are not going to have greater confidence in their security by doing that.

[Reuters/Yahoo, 21 Sep 01]

Besides allowing the police to decrypt our E-mail without a search warrant, key escrow would also allow the government to sign our messages, a basic violation of the concept of digital signing. The California regulations on the legality of digital signatures clearly state:

An acceptable technology must be capable of creating signatures that conform to requirements set forth in California Government Code Section 16.5, specifically,

3. It is under the sole control of the person using it;

Fundamental Problems

Backdoors and key escrow on behalf of the government have certain problems:

The PGP design and algorithms are well known. If commercial sources all have backdoors, criminals will simply implement their own versions. If we make homemade PGP illegal, do you really think criminals will care?
Contrary to Senator Gregg's expectations, other nations will not jump on the backdoor bandwagon. With international borders having only slight meaning to the Internet, non-backdoor versions of PGP will remain available.
Both backdoors and key escrow presume that the government will keep our messages and keys secure. Why should we trust the government to protect business plans for new products, love notes, and counseling by priests of their congregants when the government cannot protect its own very important secrets (e.g.: the secrets sold by FBI agent Robert Hanssen to Russia and the confidential details of a corruption investigation of Senator Robert Torricelli)? What recourse would we have if the government improperly discloses our sensitive messages and data, either directly or though careless security for our escrowed private keys? What compensation would be made to a company whose trade secrets become public knowledge? None!
If we provide our private keys to the government under the mandate of a law that says the escrowed keys cannot be used without a judge's warrant, what would prevent Congress from later amending the law to eliminate the need for a warrant?
The weaknesses proposed by Senator Gregg could seriously undermine the protection against self-incrimination stated in the 5th Amendment to the Constitution. If the police used a backdoor or escrowed key to snoop on the encrypted E-mail messages exchanged between a lawyer and his client — if there were merely a strong suspicion that this happened — would not a judge dismiss all criminal charges against the client? However, that judge could not erase from the minds of the police and prosecutors what they learned about the client.
The most simple implementation of a backdoor would be to mandate use of ADK on all PGP users, with the government holding the additional decryption key. Just imagine the impact on business and individuals if the private part of the government's additional key were leaked. The effect would be the same if our escrowed private keys were leaked, with one important difference: A leaked private key compromises only the key's owner, but a single leaked additional decryption key could compromise everyone.
The whole structure of E-commerce, electronic funds transfers, and business telecommunications depends on secure communications. A backdoor for the government would be a target for criminals and terrorists to hack. Congressman Goodlatte recognizes this. He said:
It's not a matter of privacy vs. security, but security vs. security. Encryption protects our national security. It protects the controls of everything from nuclear power plants to the New York Stock Exchange, government communications, credit cards and the electric power grid. Encryption plays a critical role in our entire communication system, and to require that a backdoor be built into that system is just an incredibly dangerous thing to do.
Interview reported in CNET News.com
26 September 2001

After all, terrorists can wreak damage on our nation not only by destroying physical property but also by interfering with commerce.

Last updated 18 November 2003