Are backdoors into your devices inevitable?
If the government has its way, they areBy Cal Jeffrey 11 comments
Currently, we all enjoy a relatively secure experience when using our devices thanks to encryption. While nothing transmitted via radio waves or over the internet can ever be 100 percent protected, for now, device manufacturers do their best to secure our phones and other connected hardware and patch holes when they are found.
So when CNBC reports, "FBI Director James Comey said Wednesday the bureau is renewing its focus on the challenges posed by the growing use of encryption," as if it is some scourge on humanity, it gets me worried.
The article was referring to a statement that Comey made at Boston College's cybersecurity conference. The FBI head indicated that nearly half of the devices that the bureau has seized and has a legal warrant to search are inaccessible due to encryption. This statement, of course, was a prelude to reintroducing the whole "the FBI needs to have a backdoor into your devices" conversation from last year.
In case you have forgotten, last year the FBI was putting pressure on Apple to help it break into San Bernardino terrorist Syed Farook's iPhone because the bureau's experts could not crack it. However, CNET reported that according to CEO Tim Cook, the FBI was not just asking Apple to break into the device. It was asking the company to create a variant of iOS that had a backdoor allowing access to the data on the iPhone.
The bureau even went so far as to try to force Apple to comply using the nearly 230-year-old All Writs Act of 1789. However, Cupertino fought tooth and nail. The FBI eventually cracked the phone without Apple, so it gave up the fight.
Now here we are again with the FBI insinuating that it needs to have a way to get into our encrypted devices, and once again in the guise of only chasing the bad guys.
According to HardOCP, even Senator Orrin Hatch weighed in suggesting that "backdoors could be inserted into these devices without compromising our privacy as users."
Senator Hatch, being a career politician since 1976 and having never even served on any type of security committee, can be forgiven for his ignorance on the matter, and should not take offense when the cybersecurity community slams him on his uninformed opinion. However, the FBI knows full well that once a way into a device is created that there is virtually no way to keep that device secure from entities other than the FBI.
So when Director Comey says, "We need to stop bumper-stickering each other. This isn't the FBI versus Apple. We need to build trust between the government and private sector," he is intentionally misdirecting the point.
The issue is not the public's mistrust of the government, although it has every right to given the illegal data collection that has already been proven to occur. The problem is that no backdoor, no matter how secretive, can remain locked once created. It would be incredibly naive to believe that a key to encrypted devices or a backdoor would stay solely in the hands of the FBI. If it were not leaked, it would be discovered.
DarkReading points out several problems with creating backdoors into encryption, one being, the "bad guys" can simply switch to a different encryption method. There are a wide variety of methods already in the public domain.
Additionally, law-abiding citizens will be vulnerable to hackers who will eventually breach these access points.
As an example, "In 2004, 100 senior members of the Greek government (including the Prime Minister) were illegally wiretapped by hackers who breached a mandated backdoor built into the telephone network."
The FBI can sugar coat it all it wants, and the government can continue to insist that it will keep us safe. However, we still have to realize that once there is an opening into our devices, those devices can no longer be trusted to hold things like passwords, banking information, schedules, and other private data. In an environment where the crook can almost guarantee anonymity, a backdoor is just asking for trouble.
The armchair cybersecurity specialists in the U.S. Senate have no weight in this argument. The FBI or any other alphabet agency's testimony holds little water as well, as they have a vested interest in the matter. Who should be trusted on this issue are the security experts and most say, "Don't do it."
What do you think? Let us know in the comments.
Comey photo by AP, Hatch photo by Bloomberg