The Mythical Golden Key

The Washington Post’s editorial team published a pretty bizarre column in Saturday’s edition. In essence, they renew their call for a “golden key” — some way for authorities to decrypt data in cases where it’s required, but retain its security otherwise:

Last October in this space, we urged Apple and Google, paragons of innovation, to create a kind of secure golden key that could unlock encrypted devices, under a court order, when needed. The tech sector does not seem so inclined.

But the preceding paragraph with interviews from actual experts makes clear that this request is impossible:

A rule-of-law society cannot allow sanctuary for those who wreak harm. But there are legitimate and valid counter arguments from software engineers, privacy advocates and companies that make the smartphones and software. They say that any decision to give law enforcement a key — known as “exceptional access” — would endanger the integrity of all online encryption, and that would mean weakness everywhere in a digital universe that already is awash in cyberattacks, thefts and intrusions. They say that a compromise isn’t possible, since one crack in encryption — even if for a good actor, like the police — is still a crack that could be exploited by a bad actor. A recent report from the Massachusetts Institute of Technology warned that granting exceptional access would bring on “grave” security risks that outweigh the benefits.

Experts told the Post that there can be no way to make a key that only law enforcement may have access to while retaining the security of encryption in all other cases. The Post responded by insisting that such a key was needed, much in the same way that a ten year old child asks for a unicorn after being told that no such creature exists.