Security

Top 5: Risks of encryption backdoors

Encryption backdoors can help law enforcement catch criminals. But they can also make illegal endeavors easier for those carrying them out.

There's lots of talk of mandating a backdoor to encrypted services so that law enforcement can use them under warrants. The need is real and there are some reasonable compromises that can keep all our data safe and still help catch bad guys.

But a backdoor for the good guys is potentially a backdoor for the bad guys too. Here are five reasons a backdoor in encryption is a bad idea:

1. Strong encryption protects dissidents and democracy advocates in repressive regimes as well. Putting in backdoors limits their options and weakens their protections.

2. The backdoor goes beyond the phone. IoT devices are becoming more and more frequent, meaning any device with a connection could have a backdoor. If someone gets the keys or figures out how the backdoor works, they could get inside lights, door locks and more.

3. Dual key systems are inherently less secure. Having one key that you the user are the only with access to is the only way to make sure that you are the only weak point. Having dual keys stored in a government agency gives attackers more targets for social engineering and other attacks.

SEE: Ethical Password Hacking and Security (TechRepublic Academy)

4. Criminals can choose not to use the services with backdoors. Open source encryption tools are available that nobody controls, and large enough organizations can create their own. So you're weakening security for law abiding citizens more than criminals.

5. You can't make math illegal. The solution to our last point is to make any encryption without a backdoor against the law. Except that encryption is generally just multiplying two prime numbers. It would be hard to make that against the law.

Now there is more tech companies could do to assist law enforcement. Creative solutions being proposed include pushing updates that do things like say, surreptitiously turn on logging in an app like WhatsApp— for a suspect who is the target of a court approved warrant.

That may or may not be the right answer of course but that's where productive discussion can be had. The kind of things that lessen a criminal's security without breaking encryption for everyone.

Also see:

About Tom Merritt

Tom is an award-winning independent tech podcaster and host of regular tech news and information shows. Tom hosts Sword and Laser, a science fiction and fantasy podcast, and book club with Veronica Belmont. He also hosts Daily Tech News Show, coverin...

Editor's Picks

Free Newsletters, In your Inbox