The new year will see more heated activity by US presidential candidates, with the inaugural Primary elections looming in Iowa and New Hampshire. Picking up on the clarion call of law enforcement that the sky is falling (again,) and encryption is a terrorist tool, politicians of both parties have joined the chorus favoring backdoors for encrypted messages.
A prescient piece in The Economist pushes back on this notion, and warns that creating backdoors is a two-edged sword. It is revealing that China, that bastion of free speech and freedom of expression (can I remove my tongue from my cheek now?) has passed a law compelling companies to create backdoors that allow government encroachment. Isn’t this argument enough against constructing backdoor access? It should be, but instead, law enforcement in the US and its allies covet such ingress.
Spies and the politicians turn a deaf ear to the argument that what is good for the goose is good for the gander. Weakening encryption by building backdoors opens a Pandora’s Box of possibilities because if the good guys can get in, the bad guys sure as heck will, too. In the process, therefore, the Internet will be less safe for everyone. The article goes on to highlight the experience of Juniper, a maker of hardware and software,
“Juniper disclosed in December that a back door, dating to 2012, let anyone with knowledge of it read traffic encrypted by its VPN software. Apparently, some agency- believed to be the Chinese or British piggy-backed on a backdoor created by the NSA. To this day, it is unclear who installed Juniper’s back door or used it and for what purpose.”
Industry experts are therefore wary about cutting the spy agencies any slack, and refute those agencies arguments that backdoors can be kept secret and are sufficiently complex that their unauthorized use is unlikely. Law enforcement’s record of keeping secrets and storing them safely is not stellar by any means, and doesn’t bode well for the future prospects regarding encryption. One need only revisit the Office of Personnel Management hack, purportedly by the Chinese, in which the data of some 20 million people were compromised, to understand the reason the tech industry lacks confidence in the agencies.
Until now those involved in the debate who favor backdoors invariably focus on terrorists using flaws in encryption to sow mayhem. But in the big scheme of things, while terrorism is an important consideration, the fact is often lost that there is much bigger potential harm to befall society if the tech industry was ever to lose the trust of the public. Weakening encryption is surely likely to do this, and the economic fallout would be cataclysmic – maybe a trillion dollars or more, all in. Then, of course, there are the banking and online payment industries which rely on strong encryption to function properly. Where would we be, if we could not execute transactions safely on line?
The Economist article suggests that the emphasis on encryption replete with backdoors is misplaced. Many attacks, most recently in Paris, succeeded not because of encryption, but because agencies lacked the cohesion to exchange information. Before we go rushing pall-mall to weaken this backbone of technology, intelligence infrastructure and cooperation among nations need to be overhauled to ensure our safety. In the meantime, snooping with Stingrays and hacking into phone lines may be grunt work, and not glamorous, but it is the safer play by far.