Encryption backdoors can help law enforcement catch criminals. But they can also make illegal endeavors easier for those carrying them out.
There's lots of talk of mandating a backdoor to encrypted services so that law enforcement can use them under warrants. The need is real and there are some reasonable compromises that can keep all our data safe and still help catch bad guys.
But a backdoor for the good guys is potentially a backdoor for the bad guys too. Here are five reasons a backdoor in encryption is a bad idea:
1. Strong encryption protects dissidents and democracy advocates in repressive regimes as well. Putting in backdoors limits their options and weakens their protections.
2. The backdoor goes beyond the phone. IoT devices are becoming more and more frequent, meaning any device with a connection could have a backdoor. If someone gets the keys or figures out how the backdoor works, they could get inside lights, door locks and more.
3. Dual key systems are inherently less secure. Having one key that you the user are the only with access to is the only way to make sure that you are the only weak point. Having dual keys stored in a government agency gives attackers more targets for social engineering and other attacks.
SEE: Ethical Password Hacking and Security (TechRepublic Academy)
4. Criminals can choose not to use the services with backdoors. Open source encryption tools are available that nobody controls, and large enough organizations can create their own. So you're weakening security for law abiding citizens more than criminals.
5. You can't make math illegal. The solution to our last point is to make any encryption without a backdoor against the law. Except that encryption is generally just multiplying two prime numbers. It would be hard to make that against the law.
Now there is more tech companies could do to assist law enforcement. Creative solutions being proposed include pushing updates that do things like say, surreptitiously turn on logging in an app like WhatsApp-- for a suspect who is the target of a court approved warrant.
That may or may not be the right answer of course but that's where productive discussion can be had. The kind of things that lessen a criminal's security without breaking encryption for everyone.
- Apple's FBI standoff: Why it's a lot bigger than breaking into one device
- Report: The top 5 cybersecurity threats of 2017
- Keep smartphones backdoor free, urges cybersecurity expert Susan Landau
- This adware created a backdoor into 250 million PCs, say researchers (ZDNet)
- New backdoor laws for encrypted apps? Europe eyes options but expects a fight (ZDNet)