WASHINGTON: The US government cannot control the skyrocketing use of encrypted communications that allow adversaries, terrorists, criminals — and ordinary folks who care deeply about privacy, including journalists — to block eavesdropping by national security agencies, says a new study funded by DARPA and the Center for Advanced Studies on Terrorism (CAST).
“The ‘golden age of SIGINT’ may be over, particularly within the next five or ten years,” the study, “Going Dark: Implications of an Encrypted World,” finds. The traditional methods of collecting signals intelligence and eavesdropping on communications used by the Intelligence Community (IC) will no longer be effective. “End-to-end encryption of all communications and data, differential privacy, and secure communications for all users are likely to be the new reality,” the study says.
The study was presented today to the DoD Strategic Multilayer Assessment (SMA) program by two of the authors, Dr. Abraham Wagner, who teaches cyber law at Columbia and is a fellow at CAST, and Sophie D’Antoine, the Hacker in Residence at New York University. SMA does expert studies for the Joint Staff on emerging defense issues.
On one hand, the study notes, the boom in encryption technology is great for the Defense Department as it seeks to safeguard its vast data networks, as well as for those who comprise the defense industrial base. DARPA has a history dating back to the early 2000s of exploring quantum computing and quantum key encryption to protect DoD data. For example, last July DARPA asked experts and industry to weigh in on how quantum computing might enable artificial intelligence and high-speed data analytics.
The Trump Administration last June charged the Office of Science and Technology Policy with coordinating federal research on quantum computing issues under a new Subcommittee on Quantum Information Science. The Subcommittee developed a strategy in September 2018, the “National Strategic Overview of Quantum Information Science.”
More recently, the Defense Information Systems Agency (DISA) used its Other Transaction Authority to request white papers on a potential encryption model that can’t be broken by quantum computing.
Longstanding interest by US national security leaders has been heightened by Chinese advancements in quantum computing. For example, in 2017 China became the first country to demonstrate ‘quantum entanglement’ from a satellite to Earth. It could lead to much more secure communications between satellites and ground stations, as well as highly encrypted transponder feeds for communications.
Indeed, in 2017 the Office of the Director of National Intelligence (ODNI) funded a study on the threats to US IC and law enforcement operations from encryption, called: “Going Dark: Impact to Intelligence and Law Enforcement Threat Mitigation” that advised the IC to “look for data beyond signals intelligence (SIGINT).”
Unfortunately, the new study finds, explosive technological change — as encryption increasingly becomes a feature of software used by mobile phones, computers and other devices used around the world — and the US legal regime that, based on the Constitution, favors privacy are combining to tie the hands of the National Security Agency (NSA) and law enforcement.
Over the next decade new encryption methods — such as the use of quantum keys (keys to unlock coded data based on the actions of photons) and so-called ‘honey’ encryption that fools attackers by giving them access to fake texts — will mean that the IC and law enforcement can’t break coded communications.
“Encryption no longer requires costly electromechanical devices and in many cases doesn’t require specialized chips. All devices, from smartphones to large computers, contain powerful processors which continue to grow even more powerful. At the same time, encryption algorithms are readily available, and the marginal cost of employing encryption technology has fallen to zero,” the study says. “The Intelligence Community has vast resources but cannot perform miracles,” it says.
The study dismisses the on-again/off-again efforts by the US government and Congress to use controls on research and export of encryption technologies as “doomed to failure, as suppliers outside the U.S. are not subject to U.S. law and court order.” Further, it notes that “privacy advocates have been fighting a relentless legal battle in the courts to extend Fourth and Fifth Amendment constitutional protections to important national security programs. By and large, they are winning and will continue to do so in Congress, in the federal courts and with the Supreme Court.”
The study concludes that the US government will have to put more time and effort into studying the problems and to explore technologies that allow the IC to “scrape” data — that is, copy it and extract it — from computers, phones and networks before the data is encrypted. That will not be easy or cheap.
“To what extent lawful access by the Intelligence Community and law enforcement agencies, as well as hackers, employing new and sophisticated exploits will be possible remains an ongoing discussion, much of which is not open to public view. A general consensus, however, suggests that even where some access may be possible, it will be a highly limited and costly enterprise.”