encryption

Analogy: A Backdoor to Encryption

by

There is a lot of discussion around device security and using encryption for data storage and transmission. Security and privacy are good things. However, recent investigations into homicides and terrorist activities have led law enforcement officials to seek assistance to break encryption on alleged perpetrator’s smartphones. Specifically, US federal government officials have pressured Apple, Inc., to assist in breaking encryption on iPhones owned by alleged domestic terrorists.

I think a lot of people jump to a quick conclusion that breaking encryption in these instances is a good thing. Further, they feel implementing a government backdoor to easily bypass encryption is probably a good idea, too.

Unfortunately, these people are wrong.

Here’s an analogy:

Let’s say you have a door lock on your house with a 4-digit code to unlock it. Now, let’s say there is one code that only law enforcement can use to gain access to your home. You are not given that secret code, of course. It’s only for law enforcement officials. Even if you fully trust them, how comfortable are you with this scenario?

Once criminals know this code exists, how long would it take for them to learn that code? Answer: Not long. And then your home is vulnerable, and you have no way to update your lock to prevent criminals from entering your home whenever they wish.

So, we can increase your security by going from a 4-digit code to a 16-digit code (this is analogous to implementing stronger encryption). Now, it is much more difficult to guess your home’s door lock code. Meanwhile, law enforcement still has a single 16-digit code that can gain entry into your home.

How long before criminals would learn this more complex code? Answer: Again, not long.

So before you conclude that a backdoor to encryption is a fine solution for trusted law enforcement, think about this analogy.

If we find backdoors acceptable, then it defeats the entire purpose for encryption and security. And if that is acceptable, then we should abolish encryption and be comfortable with the lack of privacy.

I’m not being facetious. We can exist without the privacy and security afforded by encryption. But let’s not live with the illusion of privacy and security when it isn’t authentic.

[Photo by Sebastian Scholz (Nuki) on Unsplash]

Your Privacy Versus The Government

by

Data SecurityWith the proliferation of mobile devices around the world, data security on these devices is getting truly serious attention. Apple, Google, Microsoft, and others are automatically encrypting data on these devices. This encryption is getting so strong that it has intelligence and law enforcement agencies very concerned. They’re worried they won’t be able to get into these devices during investigations.

What Is Encryption?

I won’t be getting too technical, but here is the concept: The data on your mobile phone gets randomly scrambled based on a complex key. That key allows your phone’s operating system (Android, iOS, Windows Mobile) to descramble and use the data. If you legitimately access the phone with a passcode or biometric check (like fingerprint reader), then you can access data on the phone. If you don’t have the passcode, your truly locked out. Even if you disassemble the phone and remove the storage element, all you’ll be able to see is jumbled, meaningless numbers, letters, and symbols. Without the encryption key, it could take a supercomputer thousands of years to discover the key that decrypts the data.

Governments Want a Back Door

Law enforcement and intelligence agencies want a special key to a “back door” to access data on phones. Sounds reasonable, but there are ramifications. If there’s a known back door, then malicious hackers have a target. These people will find it. That’s what they do. Also there’s the obvious government intrusion potential.

It’s Not A Good Idea

For the greater good, a government back door just can’t be a good idea. While it would make investigations much easier, the potential for abuse and exploitation is just too great. It’s not whether abuse will occur but when. When pressed, I think most investigators will admit that other tactics will discover the evidence they need. And there’s always the possibility a suspect can be convinced to surrender a passcode to access a mobile device’s data.

If a universal back door exists and is exploited, it puts a huge number of people at extreme risk for identity theft and more. A virtual skeleton key to access any device is so profoundly dangerous to the well being of so many people, it’s ludicrous to even consider.

Anyone who argues otherwise is shortsighted or untrustworthy.

Learn more: Daily Dot9to5mac