Are backdoors into your devices inevitable?

[Cal Jeffrey]

Currently, we all enjoy a relatively secure experience when using our devices thanks to encryption. While nothing transmitted via radio waves or over the internet can ever be 100 percent protected, for now, device manufacturers do their best to secure our phones and other connected hardware and patch holes when they are found.

So when CNBC reports, “FBI Director James Comey said Wednesday the bureau is renewing its focus on the challenges posed by the growing use of encryption,” as if it is some scourge on humanity, it gets me worried.

The article was referring to a statement that Comey made at Boston College's cybersecurity conference. The FBI head indicated that nearly half of the devices that the bureau has seized and has a legal warrant to search are inaccessible due to encryption. This statement, of course, was a prelude to reintroducing the whole “the FBI needs to have a backdoor into your devices” conversation from last year.

In case you have forgotten, last year the FBI was putting pressure on Apple to help it break into San Bernardino terrorist Syed Farook’s iPhone because the bureau's experts could not crack it. However, CNET reported that according to CEO Tim Cook, the FBI was not just asking Apple to break into the device. It was asking the company to create a variant of iOS that had a backdoor allowing access to the data on the iPhone.

The bureau even went so far as to try to force Apple to comply using the nearly 230-year-old All Writs Act of 1789. However, Cupertino fought tooth and nail. The FBI eventually cracked the phone without Apple, so it gave up the fight.

Now here we are again with the FBI insinuating that it needs to have a way to get into our encrypted devices, and once again in the guise of only chasing the bad guys.

According to HardOCP, even Senator Orrin Hatch weighed in suggesting that “backdoors could be inserted into these devices without compromising our privacy as users.”

Senator Hatch, being a career politician since 1976 and having never even served on any type of security committee, can be forgiven for his ignorance on the matter, and should not take offense when the cybersecurity community slams him on his uninformed opinion. However, the FBI knows full well that once a way into a device is created that there is virtually no way to keep that device secure from entities other than the FBI.

So when Director Comey says, “We need to stop bumper-stickering each other. This isn't the FBI versus Apple. We need to build trust between the government and private sector,” he is intentionally misdirecting the point.

The issue is not the public's mistrust of the government, although it has every right to given the illegal data collection that has already been proven to occur. The problem is that no backdoor, no matter how secretive, can remain locked once created. It would be incredibly naive to believe that a key to encrypted devices or a backdoor would stay solely in the hands of the FBI. If it were not leaked, it would be discovered.

DarkReading points out several problems with creating backdoors into encryption, one being, the “bad guys” can simply switch to a different encryption method. There are a wide variety of methods already in the public domain.

Additionally, law-abiding citizens will be vulnerable to hackers who will eventually breach these access points.

As an example, “In 2004, 100 senior members of the Greek government (including the Prime Minister) were illegally wiretapped by hackers who breached a mandated backdoor built into the telephone network.”

The FBI can sugar coat it all it wants, and the government can continue to insist that it will keep us safe. However, we still have to realize that once there is an opening into our devices, those devices can no longer be trusted to hold things like passwords, banking information, schedules, and other private data. In an environment where the crook can almost guarantee anonymity, a backdoor is just asking for trouble.

The armchair cybersecurity specialists in the U.S. Senate have no weight in this argument. The FBI or any other alphabet agency’s testimony holds little water as well, as they have a vested interest in the matter. Who should be trusted on this issue are the security experts and most say, “Don’t do it.”

What do you think? Let us know in the comments.

Comey photo by AP, Hatch photo by Bloomberg

Permalink to story.

https://www.techspot.com/news/69228-backdoors-devices-inevitable.html

 

[Evernessince]

Both Encryption and backdoors are like Ying and Yang, one cannot exist without the other. It's as simple as this: The good manufactures will protect their user's privacy while the others will sell out.

We can laugh at Apple for their outrageous prices but at the very least they are willing to fight governments to prevent breaking device security.

 

[Uncle Al]

The bottom line is that the FBI, like so many other government agencies, wants to automatically side-step the law and ultimately violate the individuals right to privacy until such time as a proper warrant has been issued. Initially created to help gather intelligence on foreign agents, it has now become so abused for so long that it is considered to be the normal course of business .... and THAT is where our rights are being perverted and ignored. Any judge worth his salt should recognize this and decline the warrant or when brought to trial, throw out all collected evidence and make the government agencies do their jobs in accordance to the law.

 

[Cal Jeffrey]

The bottom line is that the FBI, like so many other government agencies, wants to automatically side-step the law and ultimately violate the individuals right to privacy until such time as a proper warrant has been issued.

And that is not to mention how many time the FBI or other law enforcement agencies have first violated 4th Amendment rights and then used something in that violation as probable cause to have a warrant issued. It is one thing when an officer breaks into a suspect's house. That is limited and small in scope. But with data collection and unrestricted access to whatever they want, the magnitude of the abuse potential is mind-boggling.

But even giving then the benefit of the doubt that they will not abuse such power (which IMO is giving them a lot more credit than they deserve), there is still the fact that users would have big gaping holes in their security that could not be legally patched. It's absurd that this issue is even deemed worthy of argument by officials.

 

[DelJo63]

• The problem is that no backdoor, no matter how secretive, can remain locked once created.

That's a fundamental true. Remember the line "I could tell you, but then I would have to kill you"? That's the ONLY means to keep a secrete :sigh:

 

[spydercanopus]

Quantum will break any encryption, if it hasn't already. They will go through the front door the first time, every time.

 

[seefizzle]

If we build a backdoor for the US government, then we'd have to build a backdoor for Russia, Turkey, Iran, Saudi Arabia, and every other corrupt government across the globe. How many human beings in how many countries would have access to these backdoors before these backdoors get into the hands of non governmental agents? Hackers have infiltrated and stolen top secret CIA hacking tools, what makes you think they won't get their hands on the iPhone backdoor tools?

These law enforcement agencies are demanding unfettered access to user's devices in the name of security. The irony of this is just how awful an idea this is from a security standpoint. Maybe that's what we need though. Maybe we need a few senators to have their phones dumped onto the innernets.

 

[Marcus Malik]

The key (so to speak) fact is that the government already has ways to get access to devices (exploiting the inevitable bugs, swooping in to seize the device when the user has it unlocked, planting spyware or hidden cameras to ferret out the password, etc). The government whines that these method are not good enough because they require significant effort to access devices one at a time, which forces them to limit their snooping and pick out targets one at a time. Too bad -- their snooping is SUPPOSED to be limited and directed at individual suspects.

 

[amstech]

As I have stated countless times I firmly believe that nothing is safe if its online, even with encryption. Smartphones (even Apple) are highly vulnerable.

 

[psycros]

The key (so to speak) fact is that the government already has ways to get access to devices (exploiting the inevitable bugs, swooping in to seize the device when the user has it unlocked, planting spyware or hidden cameras to ferret out the password, etc). The government whines that these method are not good enough because they require significant effort to access devices one at a time, which forces them to limit their snooping and pick out targets one at a time. Too bad -- their snooping is SUPPOSED to be limited and directed at individual suspects.

You know what's REALLY ironic? Its the liberals who've brought this out-of-control surveillance upon us. They love the security state as long as they can fool themselves into thinking its only targeting their political enemies. They also claim to want "equality". Well, now they've got it - were all equally spied upon.

 

[Impudicus]

Any backdoor is an inevitable security exploit.

 

[seefizzle]

You know what's REALLY ironic? Its the liberals who've brought this out-of-control surveillance upon us. They love the security state as long as they can fool themselves into thinking its only targeting their political enemies. They also claim to want "equality". Well, now they've got it - were all equally spied upon.

This is the dumbest bullshit I've read in a while. When you get diarrhea, do you blame it on the liberals? I feel like you probably think that everything that's wrong with anything has to do with some liberals somewhere.