Backdoor to encryption: data privacy against public safety?
Much as the backdoor of a house, a backdoor to encryption is a way to get into one’s private zone. Encryption already became an irreplaceable part of almost every service or device we use in our lives online. It keeps our data confidential and secure, be it from hackers or government snoops. It is good for us, but it’s a calamity for the FBI and the police. Law enforcement agencies unstoppably force tech companies to add flaws and reveal users’ records. While they potentially help solve cybercrimes, they endanger anyone who trusts encryption to stay private. Thus, what is a backdoor, and why should we be worried about it?
What is an encryption backdoor?
A backdoor is a deliberate flaw in encryption. It serves access to private encryption keys, suggesting that the authorities would retain them. The intent is to let them have an option for decrypting users’ data whenever necessary.
Every day, often without even realizing it, we use some form of encryption. We visit sites that use HTTPS security. We use mobile banking apps that encrypt our transactions. We communicate through end-to-end encrypted messaging apps. Encryption gives us more power, control, and a sense of confidence in our privacy.
One of the methods of building a backdoor to encryption is “key escrow.” Here, the authority prepares and distributes encryption keys to companies while preserving the decryption keys in escrow. Ironically, the system has a nickname of “key surrender” as companies do surrender users’ data privacy this way.
Why encryption backdoor is dangerous
Backdoor to encryption is a real dilemma in the current era of technology. Law authorities argue that it’s crucial to decrypt user data when solving criminal cases. The FBI has even come up with a catchy brand for its anti-encryption campaign: “Going Dark”. Their viewpoint is that they would exploit flaws only when they suspect malicious activity.
While the public safety claims sound like a legitimate interest, there are strong counter-arguments against such access feasibility. Unfortunately, it’s impossible to build a backdoor that would only let the “good guys” in. There are no guarantees that malicious hackers would never get their hands on them. If there’s a key that unlocks millions of accounts, every cybercriminal on the planet will go after it. They could access your financial details, personal documents, and other sensitive information through a compromised vulnerability. With such devastating consequences, the risk is too high.
The proof that encryption backdoor can lead to hacking is somewhat ironic. Recently, it happened to the federal government itself. According to a Reuters report, the National Security Agency (NSA) discovered that hackers subsequently compromised their security system. Allegedly, NSA has secretly placed encryption workarounds in tech companies’ products to ease foreign surveillance. Therefore, the federal government understands the downsides of encryption backdoors. However, even after experiencing the aftermath of such hacking, they continue to demand them.
The debate continues
A hot debate about backdoor to encryption has been going on for decades. In one camp are the governments and law enforcement agencies demanding it in the name of public safety. On the other side, encryption experts and privacy advocates vigorously defend the need to maintain strict security practices. Many experts think that no one can safely limit encryption. Therefore, the existence of a truly secure “key escrow” system remains doubtful. Still, the discussion isn’t dead, and it likely won’t go away anytime soon.
Former chef and the head of Atlas VPN blog team. He's an experienced cybersecurity expert with a background of technical content writing.