Skip to main content
banner image
venafi logo

Encryption Backdoor Proposal Not in the CLEAR

Encryption Backdoor Proposal Not in the CLEAR

government encryption backdoors
May 24, 2018 | Emil Hanscom

Encryption backdoors are in the news again, but this time it’s not a government official calling for their use. Last month, notable engineer Ray Ozzie announced a new method for unlocking encrypted devices. Dubbed CLEAR, Ozzie believes his proposal would assist law enforcement officials and without hindering privacy.

Ozzie outlined CLEAR to Wired. According to the article, it works by using the following steps:

Step 1
Obtain warrant for locked, encrypted phone that is evidence in a criminal investigation.

Step 2
Access special screen that generates a QR code containing an encrypted PIN.

Step 3
Send picture of QR code to the phone’s manufacturer, which confirms the warrant is legal.

Step 4
Manufacturer transmits decrypted PIN to investigators, who use it to unlock the phone.”

Despite Ozzie’s insistence that privacy would not be significantly impacted by CLEAR, security experts have expressed reservations over his proposal.

“Ray Ozzie is a distinguished software architect, helping build Lotus Notes decades ago and brought Microsoft to the cloud with Azure,” says Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. “However, security researchers and cryptographers are in near universal agreement that giving law enforcement a backdoor as suggested by Ozzie’s Clear proposal—even if it’s gated by a third party like Apple or Google—is not a reasonable option.”

Cyber security professionals are justifiably apprehensive about encryption backdoors. And historically, proposals like CLEAR only add fuel to this anxiety.

“A recent survey at RSA Conference 2018 revealed that 84% of cybersecurity security professionals are more concerned about backdoors than last year,” continued Kevin. “Ozzie’s proposal provides attackers with the opportunity to gain full control over a device by targeting the entity that has the unlocking keys. This creates of a new point of attack that is of extremely high value to attackers. Nation states and well-funded cyber criminal syndicates will devote significant time and resources to get access to these unlocking keys, to say nothing of the extremely high likelihood of government abuse.”

In the meantime, the idea of a “secure” encryption backdoor will only continue to gain momentum because government officials don’t understand how cryptography works. However, on a positive note, the CLEAR proposal has encouraged security professionals to voice their uneasiness with this latest attempt to undermine encryption.

“While Ozzie’s proposal could create unintended consequences in a machine-controlled world, it does open dialogue on how to secure the future,” concludes Kevin. “Security that is based on openness has proven time and time again to be a superior option.”

What do you think about Ozzie’s CLEAR proposal?

Related posts

Like this blog? We think you will love this.
Featured Blog

EARN IT Act Is Back and So Is Debate Over End-To-End Encryption

The Eliminating Abusive and Rampant Neglect of Interactive T

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Emil Hanscom
Emil Hanscom

Emil is the Public Relations Manager at Venafi. Passionate about educating the global marketplace about infosec and machine-identity issues, they have consistently grown Venafi's global news coverage year over year.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more