On Ghost Users and Messaging Backdoors
The past few years have seen some amazing progress in the deployment of encryption protocols. In less than a decade, encryption protocols like TLS have gone from a novelty to the “table stakes” for running a secure website. Smartphone manufacturers have deployed default device encryption to billions of phones, and and end-to-end encrypted messaging and phone calls are now available to more than two billion users.
This progress hasn’t come without a price. In the U.S. and around the world, law enforcement agencies have begun to express concerns about potential loss of access to criminal devices. Some (not entirely well-thought-through) laws have been proposed overseas, and a few have been proposed over here as well. The Department of Justice has recently taken up the call, asking companies to deploy what they call “responsible encryption“.
What is “responsible encryption”? Well, that’s the problem. Nobody on the government side of the debate has been willing to say. In a recent speech, U.S. Deputy Attorney General Rod Rosenstein implored cryptographers to figure it out.