Analysis: Allowing ‘back doors’ into encryption technology will compromise cyber security

(Cyberwar.news) An new analysis of what will likely happen if federal intelligence law enforcement agencies get their way and are permitted to have “backdoor” access into encrypted electronic devices and email technology concludes that in the end, devices will be less secure and cybersecurity won’t be any better.

“I’m going to say this as plainly as possible, since the message doesn’t seem to be getting through: If we compromise the security of our computing devices in a misbegotten attempt to stem criminal behavior or terrorism—as some in law enforcement and government suggest we do—then, we deserve what will follow,” Christopher Mims wrote this week in The Wall Street Journal.

He goes onto note that it might seem tempting to believe that if only the tech-media companies like Apple, Google and Microsoft would put backdoors in their encrypted data that only law enforcement or the federal government are aware of that would preserve cybersecurity while making it easier to fight crime and root out terrorism.

But, Mims warns, the encrypted data contain all sorts of personal information such as our banking transactions, text and instant messages and so forth. Also, “history has shown,” he writes, “that once backdoors are created, they can be and are discovered by bad actors.”

Continuing, Mims notes:

We already live in a world in which our defenses are breached regularly. The Chinese government plausibly could compile a dossier on the web-browsing habits of every U.S. citizen. Our networks are often compromised. State actors are outgunning besieged corporate IT departments, leading to an estimated half a trillion dollars in damages annually, according to Computer World magazine. And, individuals are having their private data compromised at escalating rates, the Washington Post wrote last year.

The fact is, he says, there is no such thing as adequate encryption once a backdoor has been installed, because someone who isn’t supposed to know it’s there will almost always find it and exploit it.

What’s frustrating is that when considering cyber-policy, few consider this reality, according to Columbia University Professor of Computer Science Steven Bellovin. That’s why the tech-media companies are encrypting data on devices they produce that don’t have backdoors even they could use.

That said, Uncle Sam’s concerns about terrorism – voiced often by FBI Director James Comey, who has said that ISIS members might use encrypted messaging to “go dark” and be beyond the reach of federal law enforcement and intelligence – are very real and understandable, especially in today’s world. And for that reason alone it’s easy to accept that a backdoor into messaging apps like WhatsApp or email like Unseen.is as appealing and a sensible decision.

 

 

“But here’s the problem with that logic: you can’t ban math. Which is to say, encryption is a well understood technology,” Mims writes. “Sophisticated attackers will always move to whatever encrypted communications channels are available to them, and there will always be many such channels.”

In another seemingly sensible example, another that Comey cites, deals with cases where phones contain evidence of a crime or “clues that could lead to the location of someone who has been kidnapped or victimized,” Mim says.

Well, the good thing is there is a solution to both of those concerns – one that doesn’t involve compromising cybersecurity of devices and technology (security that also prevents many other crimes, by the way). It’s called “lawful hacking,” says Mims, and it is a concept outlined in a paper by four influential academic experts on cryptography and security.

The notion of lawful hacking “is an acknowledgment of the fact that our personal and mobile computers are in fact quite insecure,” writes Mims.

“Lawful hacking says there are vulnerabilities in the system, and it is better to exploit those than to build in other weaknesses,” notes Bellovin, an author of the paper.

The FBI, via its National Domestic Communications Assistance Center, already possesses the technology and computer forensics to exploit vulnerabilities in computers and mobile devices, in order to access their content. Local law enforcement – most of it, anyway – may not, state police labs could build similar technology or even create a regional, multi-state agency to handle it.

For now, the tech-media giants are resisting federal law enforcement and Obama administration pressure to build backdoors into their technology, and that, according to the experts anyway, is the right move. For Americans that is a huge Fourth Amendment win; for criminals who have ill intent, it sounds like the technology is already there to catch today’s cyber criminals and hackers.

See also:

The Wall Street Journal

Cyberwar.news is part of the USA Features Media network of sites. For advertising opportunities, click here.