The Federal Bureau of Investigations (FBI) director, James Comey, has been waging a war against effective cryptography. Although he can’t beat math he’s hellbent on trying. To that end, he and his ilk have proposed schemes that would allow the government to break consumer cryptography. One of those schemes is call key escrow, which requires anything encrypted by a consumer device be decipherable with a master key held by the government. It’s a terrible scheme because any actor that obtains the government’s master key will also be able to decrypt anything encrypted on a consumer device. The government promises that such a key wouldn’t be compromised but history shows that there are leaks in every organziation:
A FBI electronics technician pleaded guilty on Monday to having illegally acted as an agent of China, admitting that he on several occasions passed sensitive information to a Chinese official.
Kun Shan Chun, also known as Joey Chun, was employed by the Federal Bureau of Investigation since 1997. He pleaded guilty in federal court in Manhattan to one count of having illegally acted as an agent of a foreign government.
Chun, who was arrested in March on a set of charges made public only on Monday, admitted in court that from 2011 to 2016 he acted at the direction of a Chinese official, to whom he passed the sensitive information.
If the FBI can’t even keep moles out of its organization how are we supposed to trust it to guard a master key that would likely be worth billions of dollars? Hell, the government couldn’t even keep information about the most destructive weapons on Earth from leaking to its opponents. Considering its history, especially where stories like this involving government agents being paid informants to other governments, there is no way to reasonably believe that a master key to all consumer encryption wouldn’t get leaked to unauthorized parties.
I’m guessing that master key escrow mandates won’t fly, as the objections you list are both very strong and comprehensible to the average person as well. What I’m afraid will fly is mandatory government back doors by other means (forcing companies like Apple to disable code at government “request” that makes brute-force hacking of passwords difficult or slow, for example).