The NSA’s Split-Key Encryption Proposal is Not Serious

[Commentary] The US Government has been busy on the encryption front in both positive and negative ways. On the positive front, there is a major effort underway to move all government websites to HTTPS. But on the problematic and negative side of the ledger, we once again turn to the National Security Agency. NSA Director Michael Rogers has launched a new trial balloon to address what law enforcement and intelligence agencies are calling “Going Dark.” Admiral Rogers shared a proposal that would require tech companies to create a “golden key” that would allow access to encrypted data and communications. The new twist in Adm Rogers’ proposal was to cut this golden key into pieces so that no one entity -- the NSA or the company making the product -- could decrypt the data without all the pieces of the key.

It’s time to stake that trial balloon to the ground of technical reality. Sorry Adm Rogers, but requiring split-key encryption is not a serious proposal. The split key approach raises a host of concerns for business, privacy, and human rights. If the United States creates a split-key encryption mandate, autocratic countries are likely to follow suit and require access to encrypted services, a measure already being pursued in China despite US criticism. This mandate would also leave US companies -- that have already lost significant business abroad in recent years due to surveillance concerns -- labeled by foreign competitors as “NSA accessible.” American companies won’t be able to assure foreign or domestic customers that their data is secure if the NSA hacks into the company, as reportedly happened to Google and Yahoo. Adm Rogers should come back with a proposal the technical community hasn’t already identified as irresponsible, costly, and impractical. And for a good reminder on the value of strong encryption, perhaps he should give the Government CIO office a call.