Encryption Backdoors – a Very Bad Idea
Encrypting our data and devices keeps our information safe. It keeps thieves out of our banking information, protects our personal health info from prying eyes, prevents fraud, lets us have candid private conversations, and helps keep the surveillance state at bay.
But far too often law enforcement and governments view encryption as a hindrance, and call for backdoors to encryption so they can circumvent encryption when they want access.
Security experts are adamant that backdoors to encryption would cause far more harm than good. It’s like a team of people with sledgehammers trying to kill a fly in a china shop. You might catch the odd fly, but the collateral damage would be enormous.
It would be naïve to think that backdoors would not find their way into nefarious hands and be used for improper purposes. It is also naïve to think that laws requiring backdoors would stop the availability of encryption tools and their use by those trying to hide their communications.
Those wanting backdoors often frame it in terms suggesting that anyone who opposes backdoors is supporting criminal behavior. As security expert Bruce Schneier puts it: “Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four.“
While those are real issues, backdoors to encryption is not the answer.
The Australian government recently passed an anti-encryption law that has been described as “deeply flawed” by a coalition of tech companies. An Australian cloud provider says that the law is deeply impacting them, because its customers are pulling their data out of Australia, and international companies that operate in Australia don’t want to keep data there.
The Citizen Lab says any Canadian steps to undermine encryption would jeopardize “basic rights and freedoms, cybersecurity, economic development, and foreign policy goals”.
Government officials from the US, UK, and Australia recently sent an open letter to Facebook asking them to delay plans for end-to-end encryption. The Electronic Frontier Foundation referred to this as “an all-out attack on encryption” that “is a staggering attempt to undermine the security and privacy of communications tools used by billions of people.” Over 100 civil society groups signed an EFF open letter to Facebook encouraging it to ignore the government letter and continue to increase security.
The President of CIRA, the organization that manages the Canadian .ca domain, wrote an opinion in Macleans saying encryption backdoors would be the same as:
Imagine you wake up one morning and discover that the federal government is requiring everyone to keep their back doors unlocked. First responders need access your house in an emergency, they say, and locked doors are a significant barrier to urgent care. For the good of the nation, public health concerns outweigh the risk to your privacy and security.
We need to push back against calls for encryption backdoors.
IMHO, it is perfectly reasonable for a court to require me to hand over their keys to a particular encrypted thing, but not for everything I own, or in the case of a company, for every thing their customers own.
Court orders are not prefect: I have some files at work that look like encrypted data, but in fact are random numbers, so I wouldn’t like to be held in contempt until I decrypted them (;-))
Still, it’s far better than having to trust some third party to have both my data and the encryption to for it,