Earlier this year, TSA master keys were leaked and ordinary folks were supposedly able to 3D print these keys and open any luggage with a TSA lock. Despite the huge uproar, I personally feel that it is not that big of a deal because
- Valuables go in hand carry, clothes go in luggage. Few people would go through the trouble of stealing a luggage for clothes that may not even fit.
- Luggages are seldom left unattended in public. Likely response when encountering unattended luggage is to call the authorities. No one would cart home a luggage that could possibly contain a bomb.
Given that the US has over 5000 major airports, a leak was bound to happen. It is impossible to entrust the master key to thousands of staffs at so many locations and expect to maintain security. The US government is pushing for a similar Golden Key to be built into encryption products. The key would have to be distributed to law enforcement authorities, e.g. sheriffs, police departments, FBI, CIA, NSA, of which I am quite there are more than 5000 offices in total.
This is a bad idea because the private key can be copied easily. Dump the memory while the program is running, identify the location where the key is stored and copy it out. Unlike the TSA key which has to be physically removed to be duplicated, the original private key remains so conducting an inventory check at the end of every working day would not help. The private key would allow law enforcement authorities access to information of great value, e.g. credit card numbers, internet banking passwords and personal information so there is greater incentive for both internal as well as external parties to get their hands on it.
The government's stance is that terrorists today use encryption to secure their communications, and thus a master key would thwart these attacks and allow law enforcement to arrest the terrorists before the attacks takes place. However, in line with Kerckhoff's principle, almost all modern ciphers systems are public knowledge. Hence, it is possible for terrorist to simply write their own software which uses these already public algorithms and avoid using the backdoor-ed software.
Even if the backdoor-ed systems are used, catching these terrorists require a second big assumption, the ability to decrypt large volumes of encrypted communication using the master key and flagging out suspicious conversations. This task is difficult because a terror attack has a one in a few millions odds of happening. Filtering out all conversations with bomb
will result in many false positives (gamers talking about bombing their opponents), while setting the filter too strict might result in that one single important conversation bypassing the filter as a false negative. Lastly, decrypting large volumes of communications is a computationally intensive process, it has to be done in reasonable time to prevent the attack. Decrypting it only after the attack doesn't help a bit. Given the many challenges, the Golden Key doesn't seem to be a wise choice.