There is a lot of discussion around device security and using encryption for data storage and transmission. Security and privacy are good things. However, recent investigations into homicides and terrorist activities have led law enforcement officials to seek assistance to break encryption on alleged perpetrator’s smartphones. Specifically, US federal government officials have pressured Apple, Inc., to assist in breaking encryption on iPhones owned by alleged domestic terrorists.
I think a lot of people jump to a quick conclusion that breaking encryption in these instances is a good thing. Further, they feel implementing a government backdoor to easily bypass encryption is probably a good idea, too.
Unfortunately, these people are wrong.
Here’s an analogy:
Let’s say you have a door lock on your house with a 4-digit code to unlock it. Now, let’s say there is one code that only law enforcement can use to gain access to your home. You are not given that secret code, of course. It’s only for law enforcement officials. Even if you fully trust them, how comfortable are you with this scenario?
Once criminals know this code exists, how long would it take for them to learn that code? Answer: Not long. And then your home is vulnerable, and you have no way to update your lock to prevent criminals from entering your home whenever they wish.
So, we can increase your security by going from a 4-digit code to a 16-digit code (this is analogous to implementing stronger encryption). Now, it is much more difficult to guess your home’s door lock code. Meanwhile, law enforcement still has a single 16-digit code that can gain entry into your home.
How long before criminals would learn this more complex code? Answer: Again, not long.
So before you conclude that a backdoor to encryption is a fine solution for trusted law enforcement, think about this analogy.
If we find backdoors acceptable, then it defeats the entire purpose for encryption and security. And if that is acceptable, then we should abolish encryption and be comfortable with the lack of privacy.
I’m not being facetious. We can exist without the privacy and security afforded by encryption. But let’s not live with the illusion of privacy and security when it isn’t authentic.