A UK company has made a proposal that could solve the heated debate between tech companies and government over access to encrypted communications.
Post-Quantum already provides secure communications to the likes of GCHQ and NATO and is currently the last remaining British company pitching to provide an algorithmic code for the next level of encryption.
Now it has put forward the idea of a five-part virtual key that would allow access to encrypted communications, but only when the holders of all five keys were in agreement.
How would a five-part virtual key work?
We have all watched those adventure movies from the 1980s when an explorer has to go around the world the reunite the parts of a key that can unlock some Aztec treasure-trove or long-lost Egyptian tomb.
The proposal made by Anderson Cheng, the CEO of Post-Quantum is based on a very similar premise. According to the Telegraph (£), he has suggested that a virtual key could be built into encrypted communications.
Previous proposals along these lines have been dismissed as introducing a vulnerability and privacy experts have long pointed out that it will only be a matter of time before hackers identify this vulnerability and can access communications too.
But Cheng’s proposal is to have not one key but five. Each of these keys would be held by a separate responsible party and it would not be possible to access the encrypted communications unless every keyholder was in agreement.
He suggests that the five parties who would hold the key could include the likes of the police or security services, the tech company behind the platform in question, an independent privacy advocate, and a Judge.
In other words, both sides of the debate would be keyholders meaning that only when everyone was convinced that there was a good reason to unlock communications could it be done.
The advantages of a five-part key
This would appear to mean that communications related to child abuse, terrorism, or organized crime could be accessed if a strong enough case was made, but this would be the exception rather than the rule.
As Cheng also explained, a five-party key could actually make encrypted communications more secure as it would mean that tech companies which currently do sometimes have ways of monitoring content would no longer be able to do so themselves unless all the other key holders agreed.
“The tech firms have pushed back because they do not want the security agencies to have access to the data and risk them monitoring it all of the time. But at the same time under this model the tech firms would also not have access to the stored data,” Cheng explained.
The process of accessing these encrypted communications would be enshrined in law and subject to any relevant oversight.
Cheng is also only suggesting five key-holders as a recommended number. In practice, it could be fewer or more as individual countries or tech companies see fit.
Cheng is bullish about the feasibility of this proposal and insists that not only is it possible but the technology to do it already exists. “This is technology viable and a cryptographically proven procedure,” he insists.
The downsides to the proposal
While the Post-Quantum proposal is a definite improvement on the traditional backdoors that most western governments have been demanding of late, it is still not a 100% foolproof solution.
No matter how many keyholders you have, any way into an encrypted form of communication is, by definition, a vulnerability. Having five or more keyholders will make it much harder for hackers to find a way in, but it will not be impossible.
With the rapid progress being made in quantum computing, finding and exploiting even the most well-defended vulnerability will become easier and easier. It would be naïve to think that this power will not fall into the hands of hackers rather than nation-states.
Indeed, many of the most dangerous hacking groups are working on behalf of rogue states like Putin’s Russia or Communist China. As soon as they know such a vulnerability exists they will be working round the clock to get through it and sooner or later they will.
Full encryption is still best for consumers
A five-part virtual key is perhaps the most workable solution to the encryption debate that has emerged so far. It is a far better option than a backdoor and trumps GCHQ’s solution, that would involve every message being cc’d to them, hands down.
But the truth is that most internet users who value their privacy want to be sure that everything they do online is encrypted and private. This is why so many people are signing up for VPNs and the number of users of encrypted messenger services like Signal and Telegram is growing so rapidly.
Any form of virtual key will put a lot of these users off and especially for users who are up to no good. For them, the darknet will always offer alternatives meaning law enforcement will lose even the small amount of information they get from the existing system. This means that even this creative solution could wind up being counter-productive.