The private testing has started!

Blog What is an encryption backdoor

Law enforcement agencies have been lobbying to force technology companies to weaken their security protocols by adding encrypted backdoors. Backdoors endanger anyone who relies on encryption to ensure online security, as they put millions of innocent people at risk of cyberattacks.

A key in a cloud

Law enforcement agencies have been lobbying to force technology companies to weaken their security protocols by adding encrypted backdoors, such as the dispute between Apple and the FBI. Also, the Australian Parliament introduced a bill that would force technology companies to allow police access to encrypted data.

In fact, the governments of the United States, the United Kingdom, Canada, Australia and New Zealand (also known as the Five Eyes Alliance) have a clear plan to force their country's technology providers to legally access users' encrypted communications through technology. Today, the crypto war continues in the United States.

However, these methods cannot disrupt criminals rather endanger anyone who relies on encryption to ensure online security. There is little evidence that mass surveillance can stop terrorism. For example, before the terrorists who launched the attacks in Paris and Belgium, are the intelligence agencies knew what would happen.

Encrypted backdoors didn't prevent victims, nor will they prevent future attacks. It only can put millions of innocent people at risk of cyberattacks. BlueLeaks is another example to illustrate this problem. Therefore, any encryption backdoor does more harm than good.

The definition of encryption backdoor

The encryption backdoor is a common key, which is a deliberate weakness in encryption. This key is designed to allow governments to access encrypted data easily.

How does the encryption backdoor work?

There are several encryption backdoors, but a simple method is called "key escrow". Under the key escrow system, the government creates encryption keys and distributes them to technology companies while keeping the decryption keys in escrow. This is why "key escrow" is sometimes called "key handing over" because you are handing over your data privacy. This is basically how any encryption backdoor works: the government keeps some form of master key that enables it to unlock anyone's data.

Why does the government need an encrypted backdoor?

The original intention of politicians was to protect people, especially from threats from criminals and terrorists. But in fact, the encryption backdoor will become a loophole in end-to-end encryption. Because of this loophole, dissidents will not be able to communicate online without facing arrest. Journalists will not be able to communicate securely with whistleblowers, human rights activists and many NGOs. Many NGOs cannot work in authoritarian countries. Lawyers and doctors will not be able to communicate confidentially with their clients. In fact, you would not be able to have a private conversation with anyone online.

Why is the encryption backdoor a loophole?

It is impossible to build an encrypted backdoor that only "good people" can access. If the FBI can decrypt your email or access your computer's hard drive, so can criminals, terrorists, and other governments. For example, in 2009, Chinese hackers hacked into the Google database through a backdoor that only provided access to the U.S. government. In order to comply with the government's search warrant for user data, Google created a backdoor access system in its Gmail account.

Why the encryption backdoor will have a devastating effect on the Internet?

If a company implements a backdoor, they will need to access the user's private key in order to be able to decrypt the data as required. They store all users' private keys in a highly secure vault that only highly trusted employees can access. Whenever a law enforcement agency issues a search warrant for one of the keys, the employee will open the vault, retrieve the required key, and transmit it to the law enforcement agency. A large technology company receives thousands of requests from thousands of different law enforcement agencies every day.

In addition, if a technology company creates such a vault to store all private keys, it will become a target for hackers. Imagine if a "master key" can unlock millions of accounts, then every hacker on the planet will hunt it down. It means a compromised encryption backdoor may allow cybercriminals to access your bank account, personal information, and other sensitive information.

BlueLeaks is a worst-case example. In 2017, both the CIA and NSA were invaded by mysterious organizations that stole and released the hacking tools of spy agencies. In the same year, criminals used the vulnerabilities to launch large-scale global ransomware attacks. The fact is that if a government or anyone controls the master key, it will eventually be leaked. These incidents have proven what it means if sensitive data is not adequately protected.

As data breaches around the world become more and more complex, it is clear that this vault cannot be protected from deliberate attacks, which is why the private key must be kept locally on the user and must never be stored on a central server.

The encryption backdoor does not prevent criminals from using encryption in other ways. Software that uses end-to-end encryption already exists, and criminals will always have access to strong encryption technology. Encryption backdoor only can weak encryption services and put ordinary citizens at risk. But it will be powerless to stop tech-savvy criminals.

Cryptography experts disagree with backdoors

Bruce Schneier, Matthew Green and other cryptography experts believe that if the government is allowed to access encrypted data through the backdoor, it will be equivalent to forcing insecurity.

Exceptional access would force Internet system developers to reverse forward secrecy design practices that seek to minimize the impact on user privacy when systems are breached. The complexity of today's Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws. Beyond these and other technical vulnerabilities, the prospect of globally deployed exceptional access systems raises difficult problems about how such an environment would be governed and how to ensure that such systems would respect human rights and the rule of law.

Conclusion

Encryption backdoors do more harm than good to the public. Any system or software with a backdoor is not safe. If everyday applications and hardware are forced to implement encrypted backdoors, the basic security of millions of people will be endangered. Backdoor advocates certainly have good intentions, but their methods are misleading and dangerous. Policymakers need to have a basic understanding of encryption so that their decision making can base on facts.

Ready to join Liverado? Start your free 14-day trial today.