Rethinking stored document encryption: Part 0
Some years ago at the height of the crypto-wars the FBI argued that commercial implementations of PKI would need escrow. Opponents of Freeh's proposals argued against this notion at the time. It was several years after US government restrictions on export of strong cryptography were lifted that key escrow was accepted as a genuine requirement: Nobody wants to tell the CEO that the loss of their private key means that documents they stored on their hard drive are irrecoverable.
For some years I have been arguing that a similar situation applies to deployment of DRM techniques. It is obvious to me that if the CFO creates a highly confidential financial analysis in an Excell spreadsheet that the data should be stored in encrypted form throughout its life cycle. And applying the end-to-end doctrine to this approach leads us naturally to an architecture where the document file itself is encrypted.
And here we come to the impasse where people start leaping up and down and screaming their heads off about the MPAA and the RIAA as if the primary purpose of a security mechanism should be to thwart the advocates of the copyright industry rather than a potential attacker. And then we have people screaming that 'DRM cannot possibly work', that it 'has been proven not to work' and it becomes very difficult to have a rational debate.
Which is a pity because having considered the real needs of content level encryption (CLE), I think that there is another parallel to the key-escrow debate: The requirements that lead to the controversy have little or nothing to do with the requirements of enterprise security.
The particular step that gave rise to controversy in the key escrow debate was the point where the FBI received a copy of the key. The particular point which appears to raise controversy in the DRM debate is the employment of trusted hardware, in particular trusted hardware that limits the control of the owner.
This is an important debate and Zittran makes a compelling argument in 'The Future of the Internet' that deserves serious attention. But there is absolutely no reason that security need be incompatible with 'generativity'.
The fact is that most enterprise confidentiality requirements can be solved without recourse to secure hardware at all. The only case in which secure hardware is essential is if we cannot trust either the user of the machine or the machine itself.
So over the course of this week I am going to be posting an alternative view of content level encryption, one that is narrowly tailored to the most urgent enterprise security needs and involves the absolute bare minimum of new infrastructure.
