Silicon Valley Outsourcing Encryption Keys to Customers

The Associated Press
The Associated Press

With the FBI and NSA demanding that tech companies surrender encryption back doors to access customer data, Silicon Valley start-ups and established companies are giving customers exclusive possession of encryption keys to access their data.

Tech companies have been managing end-to-end encryption to protect against malicious intruders. Common security solutions include partnerships with Microsoft Azure Key Vault, Amazon Cloud HSM, and KMIP-compatible on-premises HSM, such as SafeNet.

But after the FBI’s bare-knuckles battle to compel Apple to break its iPhone encryption to access the San Bernardino terrorist data, companies have become gunshy about being coerced or subpoenaed by the government for their role as managers of their customer’s data.

Larry Gadea, CEO of Envoy, acknowledged in a TechCrunch interview that one of his biggest fears in a 30-person start-up is finding himself in the cross-hairs of law enforcement demanding that he give the agency access to all his customers’ encrypted data. To avoid that dilemma, Envoy has gone completely paperless and is tasking its engineers with assigning customers the encryption key to their data and all interactions with Envoy: “We have to keep as little as possible so that even if the government or some other entity wanted access to it, we’d be able to say that we don’t have it.”

Even to the most cynical of tech professionals was stunned by revelations from former U.S. intelligence consultant and current fugitive Edward Snowden regarding the clandestine domestic National Security Agency “Prism Program” and the level of cooperation by major tech firms, such as Apple, Microsoft, Yahoo!, Google, Facebook and YouTube.

Breitbart News reported that despite the scandal, “President Obama is secretly working to trash President Ronald Reagan’s restrictions on the number of federal agencies that can spy on Americans and others.” At a secret Feb 25 meeting of the United States National Security Council on Feb 25, Obama approved a 21-page memo relaxing a “Cold War Reagan-era directive called Executive Order 12333 that restricted the number of government agencies that can access, without court order or Presidential approval, the contents of phone calls, emails and data the U.S. National Security Agency vacuums up from around the world.”

The Obama memo allows numerous non-national-security agencies to share bulk data from satellites; foreign communications crossing U.S. network switches; messages acquired overseas; and data from American allies, according to the New York Times.

Sources warned that the Obama Administration initiative was a government hunting license to access raw data in private messages without search warrants. The breadth of access is not restricted to foreigners’ phone calls and emails, but also includes communications to, from, or about Americans “incidentally” swept-up by the NSA snooping.

Snowden was quick to describe “incidental” as a code word for “metadata.” Although Webster’s Dictionary defines metadata as “data that provides information about other data,” the NSA defines “structural metadata” as all of the data content.

For large Silicon Valley tech companies, aggregating huge amount of customer data was once seen as an initiative to drive long-term value for the company’s stock. But the FBI’s legal fight with Apple caused a sea change in attitudes. Some Wall Street analysts are now suggesting that holding too much data is a liability, rather than an asset. “Engineers are not inherently anti-government, but they are becoming radicalized, because they believe that the FBI, in particular, and the U.S. government, more broadly, wants to outlaw encryption,” said prominent venture capitalist Marc Andreessen.

Andreessen is especially concerned with legislation proposed by Sens. Richard Burr (R-NC) and Dianne Feinstein (D-CA) that would compel tech companies to build technical methods to share customers’ encrypted data, at a court’s request.

Former National Security Agency general counsel Stewart Baker, in a recent panel discussion, commented, “This is a Silicon Valley delusion that the government wants to outlaw encryption.” He added, “I grant that there is a radicalized subculture of engineers that is very prone to that delusion, but it is a delusion.”

But Tom Gillis of Bracket Computing that has embarked on an encryption project to let customers to hold the “keys” so, “I can’t get subpoenaed the way Apple did.”


Please let us know if you're having issues with commenting.