Why Backdoor Encryption is a Terrible Idea?

What is Backdoor Encryption

Does the term “backdoor encryption” bring a feeling of extra security or fear into your mind?

Perhaps you are 100% pro-government (doesn’t have to be “this” government) and think they have every right to snoop into your private data, but if you are like most and are concerned about your privacy, you’ll probably flinch at any attempt to undermine it like this.

Well, there is probably no worse way to do this than by using a backdoor to encryption. In this article, we will explain just what that is, why the government is so keen on introducing another way to spy on its citizens and why it’s a fundamentally bad idea.

What is Backdoor Encryption?

Almost every device, system, or software that we use today uses some kind of encryption.

This can be symmetric or asymmetric encryption (like CTemplar uses for its email encryption) and generally involves encrypting the data into ciphertext using an encryption key and then decrypting it using either the same key (symmetric) or using a pair of keys, one to encrypt (public) and one to decrypt (private).

That’s the gist of it, but what you really need to know about encryption is that it secures your private data from prying eyes.

Who are these “prying eyes”?

They can be anyone, including cybercriminals, identity thieves, your boss, a jealous ex, a creepy stalker, your current other and, of course, the government. You name it.

This last one is arguably the most dangerous because it holds the most power of all. One of the things the government can do (and the others can’t) is order a manufacturer to create a government backdoor encryption that would allow them easy access to their devices whenever they need it.

That means easy access to your sensitive and private data.

And, the government is constantly pressing tech companies into this.

One of the most infamous examples of this was when the FBI forced Apple into cracking an iPhone belonging to a dead terrorist back in 2015. Apple refused to do this as it would inevitably open a series of security vulnerabilities for other users of that type of iPhone, which then criminals could exploit, so they scheduled a hearing.

In response, Apple’s CEO Tim Cook said:

“The United States has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand. This moment calls for public discussion and we want our customers and people around the country to understand what is at stake.”

“Luckily for FBI, they hired a 3rd party company that managed to find a security flaw and bypass Apple’s encryption, so the case was dropped (they didn’t need Apple’s permission any longer).

That was the end of that story pretty much, but not the end of government pushing for backdoor encryption.

Fast-forward to 2020 and a group of U.S. senators, led by Senate Judiciary Chairman Lindsey Graham and Senators Tom Cotton and Marsha Blackburn introduced a bill in June that severely diminishes the lawful use of encryption in com services with the intent to give the law enforcement agencies easier access to devices.

The bill, called “The Lawful Access to Encrypted Data Act” would in essence obligate tech companies to provide assistance to law enforcement in accessing their encrypted devices and services when presented with a court warrant.

Additionally, the Attorney General would also be given the power to direct companies to report on their ability to comply with the request, as well as how long it would take them to do so.

As you can imagine, just like in the Apple vs. FBI case, tech companies were once again adamantly against any government backdoor encryption idea.

Jason Oxman, President and CEO at the Information Technology Industry Council (ITI), which includes Apple, Facebook and several other companies replied:

“Encryption is critical to protecting privacy and security and these government access mandates would critically weaken online safety. Government decrees to weaken encryption will compromise consumers’ security and trust and could expose their medical, work and personal information to foreign governments or criminal actors.”

The Government’s Argument for Backdoor Encryption (and Why We Believe it Doesn’t Stand)

The government’s main argument for backdoor encryption is that it is only asking for it in order for law enforcement agencies to catch criminals easier.

The FBI said:

“End-to-end encryption and other forms of warrant-proof encryption create, in effect, lawless space that criminals, terrorists and other bad actors can exploit.”

Without it, the FBI says, it “cannot obtain the electronic evidence necessary to investigate and prosecute threats to public and national safety”.

That argument on the surface makes sense. We want the law enforcement agencies to be as equipped as possible to deal with bad actors and an encryption backdoor would give them that power.

Unfortunately, it would also give them the power to crack open devices used by dissidents, journalists, whistleblowers and private citizens.

Let’s even for a moment suspend the belief that the government would do that and that they would only use a backdoor to encryption in a “lawful” way. The problem doesn’t end there.

Once a government backdoor encryption is created you’ve basically introduced a security vulnerability into a system.

What happens now is that those same bad actors, including authoritarian governments, cybercriminal groups and the rest, can use that same backdoor to access your sensitive data.

Don’t think it’s possible? That absolutely nothing could go wrong?

Well, consider this. Back in 2016, hackers were able to find a way to exploit NSA backdoor encryption on Windows machines called “DoublePulsar”.

And it’s not only that any encryption backdoor would weaken user security. It would also be devastating for businesses as consumers, especially outside the U.S. would be much warier of buying tech from American companies if they know they could be spied upon.

We firmly believe that there are no benefits of backdoor encryption, especially in the long run. It’s impossible to create a backdoor that would only let the “good guys” in, while preventing “bad guys” from entering.

That’s just wishful and naive thinking.