Pinterest Stumbleupon Whatsapp
Advertisement

Several times a year, we face massive calls for a truly ridiculous notion: create government accessible encryption backdoors.

There is constant background support from lawmakers and TLA government agencies. The calls are strongest when a terrorist atrocity kills innocent people. But as I’m going to show you, encryption is vital to day to day life Don't Believe These 5 Myths About Encryption! Don't Believe These 5 Myths About Encryption! Encryption sounds complex, but is far more straightforward than most think. Nonetheless, you might feel a little too in-the-dark to make use of encryption, so let's bust some encryption myths! Read More , and to keeping the internet running how you like it and know it: open and free.

What Is Encryption?

At its simplest, encryption is the transformation How Does Encryption Work, and Is It Really Safe? How Does Encryption Work, and Is It Really Safe? Read More of intelligible text into a stream of gibberish. There are numerous ways to encrypt data. The transformative math is called an encryption algorithm, and should leave no hints about how the data was encrypted (this is easier said than done in today’s world).

Most of us use some form of encryption every day.

Did you WhatsApp your partner How To Enable WhatsApp's Security Encryption How To Enable WhatsApp's Security Encryption The so-called end-to-end encryption protocol promises that "only you and the person you're communicating with can read what is sent." No one, not even WhatsApp, has access to your content. Read More this morning? You sent a message using end-to-end encryption. How about your online banking portal? It likely uses an AES 256-bit key as minimum. Want another one? Every time you make an online electronic payment, encryption keeps that transaction secure.

In a nutshell, encryption keeps your private and personal data extremely secure from almost anyone that wants to see it.

Why Would They Break It?

One of encryptions strongest features is its universal application. Secure, tested encryption algorithms are just that: essentially unbreakable. Unbreakable to you and I, but also unbreakable to government agencies. Meaning anyone can protect their data, no matter who they are.

As such, unscrupulous individuals and organizations can conduct illicit business without government interference. Furthermore, intercepted data, before or after the fact, is useless.

Strong Encryption Is Important

There are several key arguments in favor of strong encryption, without government backdoors.

Citizens have the right to privacy. In fact, in the U.K., we have “the right to respect for your family and private life, your home, and your correspondence.” That’s Article 8 of the Human Rights Act 1998. In the U.S., the Fourth Amendment ensures “the right of the people . . . against unreasonable searches and seizures.” Encryption is an essential tool that protects those rights.

Additionally, encryption protects private communication The 3 Most Secure & Encrypted Email Providers Online The 3 Most Secure & Encrypted Email Providers Online Fed up with government surveillance? Concerned your emails might be read by third parties? If so, it's worth looking at an encrypted email solution to protect your messages. Read More for investigative journalists, protesters, dissidents, NGOs in repressive countries — even your lawyer, when dealing with an important or sensitive court case.

Finally, and perhaps most importantly of all, encryption is an extremely important security layer in the protection of vital infrastructure. All of our power stations, medical facilities, communication networks, government offices, and more, are networked. As we saw throughout the summer of 2017, U.S. infrastructure is a serious target for hackers.

Government Access Is Important

There are also several arguments against strong encryption.

These largely center around restricting public access to strong encryption algorithms that government agencies have no chance of breaking, predominantly used in popular communication platforms. This is because use of strong encryption undermines the efforts of those agencies in global surveillance Avoiding Internet Surveillance: The Complete Guide Avoiding Internet Surveillance: The Complete Guide Internet surveillance continues to be a hot topic so we've produced this comprehensive resource on why it's such a big deal, who's behind it, whether you can completely avoid it, and more. Read More , be that lawful or not (or in the delightful gray area).

Agencies understand the issue at hand. In reference to the San Bernardino iPhone (more on this in the next section), then-FBI Director James Comey explained that new encrypted technology “creates a serious tension between two values we all treasure: privacy and safety.”

Prime Examples and Why It Never Works

One of the prime examples of backdoor encryption access came in 2016. After the San Bernardino domestic terrorism incident, the FBI understandably wanted to search the iPhone of the deceased attacker. Unfortunately, it was encrypted.

The FBI reached out to Apple (publically, after private enquiries failed), and asked them to create a one-off backdoor through their encryption. Apple declined. The FBI took them to court, where a judge issued a court order compelling them to create a “master key” of sorts. Apple still declined, and fought back in court.

Their argument? Even if the FBI strongly asserts it is one time only, and that it wouldn’t set a precedent (it very clearly would), there was no way of knowing that it wouldn’t be used again.

The FBI eventually found a way through the iPhone encryption via an Israeli security company and an unreleased zero-day backdoor. And after all that, there was nothing of note on the iPhone.

Six Months On

Roll forwards six months, and Microsoft gives us one of the biggest prime examples of why golden backdoors should never exist.

Microsoft accidentally leaked the master key to the Secure Boot system What You Need to Know about Windows 10 Secure Boot Keys What You Need to Know about Windows 10 Secure Boot Keys Secure Boot should prevent tablet and PC owners from installing their own OS choice on a Windows 10 device -- but thanks to the accidental leak of the "golden keys", Secure boot is dead. Read More . Secure Boot “helps to make sure that your PC boots only using firmware that is trusted by the manufacturer.”

The leak didn’t really compromise device security. But it meant those with OEM locked devices could install a second operating system, until Microsoft issued a patch.

The major problem with this wasn’t the leaking of the key, per se. It was more the technical admission that, as Keybase co-creator Chris Coyne explains, “Honest, good people are endangered by any backdoor that bypasses their own passwords.”

Is It Even Practical?

The above Chris Coyne quote actually came from his response to The Washington Post making a rallying call for “compromise” on encryption. It was a terrible call then, and it still is now.

Unfortunately, the companies that attempt to protect your privacy from prying eyes, from hackers, scammers, and more, are always the ones demonized “because terrorism.” As Tom Scott correctly observes, “building an encryption backdoor isn’t impossible, but building a reasonable one is.”

While the government might require weaker encryption, they cannot, in any way, guarantee that the world will be safe once they have done that. The ability of our elected decision makers to grasp the technology is questionable, too.

When U.K. Home Secretary Amber Rudd uttered her infamous call out to people “who understand the necessary hashtags,” eyes were disturbingly opened. You can watch the video:

But it wasn’t just that blunder. Rudd also calmly explains that “Real people often prefer ease of use and a multitude of features to perfect, unbreakable security. Who uses WhatsApp because it is end-to-end encrypted, rather than because it is an incredibly user-friendly and cheap way of staying in touch with friends and family?” The vast assumption is that no one really cares about their privacy, so why should this government both protecting it?

There Is No Compromise

If we haven’t convinced you so far, I’ve got some final points to summarize why compelling companies to offer encryption backdoors is a terrible idea.

1. Security Makes the Internet Work

Decades have been spent securing the internet 20 Year Old Bug Breaks Internet Encryption: How To Tell if Your Browser is Affected 20 Year Old Bug Breaks Internet Encryption: How To Tell if Your Browser is Affected Are you vulnerable to the "LogJam" bug, a new vulnerability occurs that in the TSL protocol? Potentially used by malicious users to force your browser to use weaker encryption, it can havedevastating results. Read More against all manner of attacks. At the same time, that security keeps our personal information private (there are of course exceptions, like Facebook). The difference between splurging openly on social media and having your private data intercepted and analyzed is massive.

If we allow governments to bully their way into backdoors, suddenly your online shopping, your banking portal, your messaging services — essentially, your entire digital life — will be vastly more susceptible to hacking, identity theft, fraud, and more.

2. Terrorists Still Communicate, Still Terrorize

Terrorists won’t stop because the government can read their messages. They’ll just find another way to operate. Better yet, they’ll just create their own encrypted applications and messaging apps. And they’ll make sure to use different frameworks from those known to be compromised.

Terrorist groups aren’t scratching around in the dirt. Some are highly financed, highly organized technologically capable groups. For instance, in 2015, a number of respected technology news outlets reported that ISIS had developed a private message app, Alrawi. ISIS were alleged to have developed the app after they were forced from encrypted messaging tool, Telegram WhatsApp vs. Telegram: Which Is the Better Messaging App? WhatsApp vs. Telegram: Which Is the Better Messaging App? In the battle for the best messaging app on Android, who takes the cake: WhatsApp or Telegram? Read More . It emerged as a false story: ISIS and other groups still use Telegram and other encrypted messaging tools.

But even if we did break encryption, we only have to look at recent atrocities where terrorists only used unencrypted burner phones to actually stay under the government radar.

3. It’s Impossible to Implement

How would the government go about implementing such a drastic change in security? A total ban on encryption? Of course not. As Edward Snowden revealed What Is PRISM? Everything You Need to Know What Is PRISM? Everything You Need to Know The National Security Agency in the US has access to whatever data you're storing with US service providers like Google Microsoft, Yahoo, and Facebook. They're also likely monitoring most of the traffic flowing across the... Read More , some organizations have given major intelligence agencies access to their data. All you do there is stop using the service, or limit the amount of information you put on there.

But they cannot stop individual users encrypting their private data offline. And if some services were allowed to encrypt, and others not, how would they decide?

4. Many of Us Actually Like Our Civil Liberties…

…even if that means a tiny fraction of individuals can use encrypted messaging and data to do bad stuff. The trope is, if we give in, the terrorists win. Well, they do. Why should a government official be allowed access to all of our communications, by default, just because we dare to talk to one another?

The people that want to break encryption want to “protect” us now — but what about later? How will those broken security features actually serve us if a real totalitarian leader turns on society in 10, 20, or 50 years’ time? Can you really guarantee, and trust, your government to do the right thing and use prospective backdoors for “good?”

Encryption, Forever

There are numerous excellent reasons why encryption should remain as is. But don’t let strong arguments fool you. Governments are well known to implement ideas that are damaging to its people. Or encroach dangerously into the private lives of citizens. Or just trample roughshod all over civil and personal liberties.

Just remember one thing: even if they don’t break encryption, or ban encryption, just think about the harm that will be done even as they try.

What’s your take on encryption backdoors? Does the government need to access all private messaging? Or should their already huge surveillance programs take care of business? Let us know your thoughts below!

Image Credit: stokkete/Depositphotos

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. dragonmouth
    October 6, 2017 at 6:40 pm

    Privacy is like being pregnant. There is no more "somewhat-private" then there is "somewhat-pregnant". Either you are or you are not.

    "government accessible encryption backdoors."
    How does the government plan to protect those backdoors from just about anybody gaining access to them?! Like investigative journalists.

    "in the U.K., we have “the right to respect for your family and private life, your home, and your correspondence.”"
    Didn't the UK recently pass a law colloquially called the "Snooper's Charter" or some such? :-)
    US government rides roughshod over any Constitutional guarantees by claiming "national security", "terrorism" and "protecting our children".

    " encryption protects private communication for investigative journalists"
    Investigative journalists are the ones who we need to to protect our secrets from by using unbreakable encryption.

  2. Chuck K.
    October 6, 2017 at 4:18 pm

    Why We Should Never USE Technology would be a better title? lol I'm not addicted to it, can you say the same? er...while holding the damn cell phone in your hand 24/7? Gonna get cell phone hand and want disability? Food stamps? And the addiction...Be sent to Alaska for a year with NO technology to break you of that addiction? lol Yes, sarcastic, but I get online for about an hour a day. Cell phone? Nope, don't have one. Why you ask? Because it's addictive and I don't do addictive crap. lol