Backdoors & Encryption

Encryption is all that stands between our devices, data, and communications being private, or being public. Many governments, including the United States, have been making pushes to force the manufacturers of devices and information systems to build backdoors in their encryption. We have seen this play out publicly between the FBI and Apple regarding unlocking the encrypted iPhone of one of the San Bernardino shooters. There are several implications for legally requiring such backdoors, all of them grim. To begin with, there is the matter of privacy, should government agencies be able to break into our phones without our express permission, or a warrant? Some argue the contents of our phones are equivalent to the contents of our minds which means they would be protected by the 5th Amendment here in the United States, specifically protection from self-incrimination. This argument is best left to the lawyers and judges, the concerns I and many others have, I believe, supersedes this.

A backdoor is a backdoor. You have likely heard hackers in media mention that they are looking for or have found a “backdoor.” If it is the good guys saying it “Yay!” if it’s the bad guys saying it “Oh no!” This is the crux of the issue with building backdoors into otherwise secure devices and information systems. Backdoors do not only open for the good guys; they can be opened by the bad guys too. We do not force safe manufacturers to build weak points into safes specifically so good guys can open a bad guys safe, because then bad guys would also be able to open the safes of good guys, and then what good is a safe?

You know the answer, it is a worthless paperweight if it cannot protect your valuables. Safes can still be broken into though, and unfortunately that is also true of encryption. Given the motivation, expertise, tools, and most importantly time, there are encryption protocols that can be cracked which is why new ones are always being developed. New technologies could also render current encryption protocols useless - Quantum Computing should confuse, fascinate, excite, and terrify you all at once.

Good encryption is still a deterrent to malicious actors, who might pick an easier target when they run into something that has been properly encrypted. In many cases it is a lot easier to get a hold of the encryption key or password than it would be to commit the resources and time to breaking encryption. Social engineering is still the most useful tool in a hacker’s arsenal for this reason.

Now maybe you have nothing to hide and corporations already have all your data so who cares, right? Journalists for one will care greatly; they often need to keep their sources identity secret from the hostile foreign governments they are reporting on. If a journalist’s devices are confiscated, or able to be checked through easily on their way out of an oppressive country like Saudi Arabia, China, or Russia. Not only might the journalist’s sources be in danger, the journalist might be in danger too.

Organizations use encryption to protect their intellectual property. We are all aware of China’s actions regarding the theft of intellectual property. Just imagine they knew all the secrets they want the answers to are no longer hiding behind difficult to crack encryption but a hidden backdoor. What kind of resources do you think would be spent to find this backdoor? The NSA itself was hacked and let loose a smattering of Windows zero-day vulnerabilities in 2016. Should we really trust government agencies to be responsible with security?

We rightfully want to be able to get into the devices of terrorists and criminals once them and their devices have been discovered. But do we really want to compromise the security and privacy of law abiding citizens? Criminals and terrorists will find or create their own un-crackable devices, leaving the rest of us more exposed than they. The benefit to requiring backdoors in encryption is not clear, what is very evident are the dangers involved.

-Peter T. Belies