Security

The Dangers of Encryption Backdoors

By Sydney Butler / August 11, 2018

Imagine that you’ve built a security and privacy system that's airtight. So airtight, that if you were to lock yourself out, there’s no way you could actually get in. The security measures you put in place are just too good.

It sounds like a problem, but if you’re selling your security solutions to the public then surely they don’t want you to have the ability to break that security.

On the other hand, governments love practicing mass surveillance. It gives them a sense of control and limits the work of whistleblowers. Surveillance is often justified because of security issues. There is some truth to this, but a line has to be drawn somewhere. The truth is that world governments have become used to easily spying on their own citizens. Tapping analog communication channels such as copper telephone networks is relatively easy.

Unfortunately for Big Government, communication platforms like WhatsApp and Skype now use digital encryption. In the case of WhatsApp in particular, the application uses end-to-end encryption. This means that not even WhatsApp has any idea what’s being said.

The same goes for disk encryption. Usually, the company that provides the encryption software has no way to undo the encryption. Which sucks when you lose access to your own disk contents, but means you can trust the encryption.

So what’s a modern government to do, now that its toys have been taken away? The answer is to force the creation of a back door.

What’s a “Backdoor”?

A backdoor is just about what it sounds like. It’s a way to get into a secure system without having to provide authentication. Which would be the “front door” in this context.

The idea is that if those who create the backdoor ever need to get into the system, they can do so by using their secret method. The people who buy the secure system or technology have no idea that the backdoor is there.

Backdoors can take a variety of forms. That includes both hardware and software implementations. Let’s first discuss how exactly it is they get there in the first place.

How Do Backdoors Get Into Our Encryption?

Hacker Deep Web

Not all backdoors are put there on purpose. It’s possible that the developers of a program, algorithm or other software product accidentally creates one. For example, they might leave a default or universal password in place that still works. Some developer tools may not be removed before release. Once discovered by hackers, it can act as a backdoor.

Other back doors are put there on purpose. All back doors are of concern, but intentional backdoors present a particularly troublesome set of issues. There is only one real reason that private companies put backdoors into their encryption technology. It's because the government tells them too. The government will either offer a sweet deal or legally force the company to comply.

You might be asking yourself whether this matters or not. After all, you aren’t a terrorist or breaking the law. What’s to worry about? There are actually plenty of reasons. So buckle up!

The “Nothing to Hide” Argument and Our Right to Privacy

Which VPNs Keep You Anonymous in 2018

Whenever important privacy issues come up, someone will always raise the “nothing to hide” argument. As many much smarter people have pointed out, the right to privacy is about more than whether you have anything to hide. It has to do with what sort of control governments should have over us. Yes, if we had no right to privacy, we could be kept safe to a greater degree. However, it’s hard to argue that giving up our rights to privacy is good. Even for some additional security. This argument has been debunked to death. The bottom line is that intentional government backdoors deal a massive blow to our personal privacy rights. That’s a major reason to be opposed to them.

They Can Get Into the Wrong Hands

This should be pretty obvious once you think about it a bit, but if there’s a backdoor in the system, then it’s possible that someone else might discover it. When these backdoors get into the wrong hands, the potential damage is almost unimaginable.

It’s even more worrying when you consider that backdoors are generally designed to leave no trace. So for all, we know some existing backdoor is being used to gather information for damaging purposes, and we won’t know about it until it is too late.

It Can Hurt the Good Guys Too

Encryption is used by people who fight for freedom and just all over the world. People who resist evil governments or who act as whistleblowers when powerful institutions abuse they might thinking that there won’t be any consequences. If there are backdoors in the systems they use, it means you are also compromising the security of the very people who are fighting the ones ostensibly targeted by government surveillance.

After all, the various governments of the world are always looking for an edge over one another when it comes to spying. So it shouldn’t be a shock. One of the less-nice regimes might put serious time and effort into looking for exploits in the system sustaining a resistance.

The Bad Guys Know About Back Doors

One of the main reasons that backdoors are advocated is so that governments can catch terrorists and other criminals. The problem with this line of thinking is that these criminals are aware of the existence of back doors too. So they'll simply make use of systems like Tor or other Open Source encryption solutions. Which means that there's very little to be gained in exchange for such a serious weakening of our security tools. It's simply the illusion of safety.

Encryption is Everywhere

Putting a backdoor into an encryption system isn’t just going to give someone access to your photos and emails. The world is turning into a truly hyper-connected palace. The Internet of Things (IoT) means that everything from your fridge to your front door lock and home security cameras is connected to the internet. These devices are secured against intrusion by strong encryption. If someone had a backdoor into an IoT system, it means they could do all sorts of things besides creepily watching you through your own cameras.

The existence of a backdoor in encryption that becomes this widespread would be a total disaster.

Fighting Against Backdoors

Protesters Wearing Guy Fawkes Masks

It should be clear that the existence of backdoors in the encryption systems we use is a terrible thing. When it comes to private business, it represents a major risk which could lead to severe financial losses.

Is there anything that you can do to try and avoid the possibility of encryption backdoors? There aren't that many options, but some possibilities remain.

Open Source Encryption and Back Doors

One of the best ways to avoid the possibility of a backdoor being present in encryption is to avoid proprietary solutions. Open Source encryption solutions have the benefit of being completely transparent. Any suspicious parts of the code would be quickly caught by the community who oversee that particular code base.

In the long term, it might be a better strategy to stick to encryption systems that are transparent instead of relying on trust as the only thing that lies between use and a total breach of security and privacy.

Raise Awareness and Vote the Issues

When it comes to the government itself putting a backdoor in something the best weapon is advocacy and policy. Try to support politicians that are pro-privacy and help raise awareness of how governments interfere with privacy technologies that are supposed to keep our information safe.

Direct Defenses Against a Back Door

As an individual, there are a few things that you can do to mitigate the chances that a backdoor will be used against you. The second layer of encryption reduces the chances of having your data exposed significantly. That is, as long as your second layer isn't exactly the same encryption system.

For example, you might encrypt specific folders on your computer while also encrypting the entire drive. So if an attacker breaks the first layer of encryption using a backdoor, they will be confronted with a second layer of encryption which they are not prepared for.

The other important defense is to use Open Source encryption where possible. This makes it virtually impossible for backdoors.  The entire code is visible to the whole community.

Conclusion

As you can see, backdoors in our encryption systems can be highly dangerous. As long as the powers that be hold the false belief that backdoors provide some sort of safety net, then we are less safe as a whole. The only long lasting solution is to advocate and change mindsets. Lawmakers and law enforcement need to rethink their position. Until then, we'll have to proceed with caution when using proprietary encryption.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari