privacy implications of using a backdoor

I was on the frontline at PGP Corp. back in 1996 in the first crypto war to protect digital privacy and security.

PGP, as some may remember, was the maker of the Pretty Good Privacy email encryption program. At that time, the U.S. Government tried to severely limit PGP’s technology by classifying it as a weapon of mass destruction and making it illegal to export.

This is true.

Privacy Meets Free Speech

PGP’s cryptographic technology was so powerful that the U.S. government tried to prosecute its founder, Phil Zimmerman, under the Arms Export Control Act.

The argument: it’s illegal to make the technology available abroad because it could aid foreigners unfriendly to the U.S.

Eventually the government ended its investigation into the export of PGP. At the company, we published the Pretty Good Privacy source code as a book, a crafty move that made it clear that it was protected as free speech under the U.S. Constitution. (Zimmermann himself was the subject of a three-year criminal investigation before charges were dropped.)

FBI vs. Apple

Despite its seeming resolution this week, FBI versus Apple is the prime battleground in the second crypto war.

As we all know by now, the government demanded that Apple negate its own security protections by writing software that would effectively open a backdoor to many devices Apple has already sold. The FBI argued that it needed access in order to inspect whatever data resides on the iPhone 5c of Syed Rizwan Farook, the lunatic behind the horrific San Bernardino terror attack.

The Justice Department later managed to unlock the phone without Apple’s help, and promptly withdrew legal action.

But this case is about more than one phone. And, in reality, it is far from over. Apple is working hard to make its devices even more secure — to the point where even the most powerful government in the world cannot gain access. That could inevitably lead to more courtroom battles down the road.

A Step Backward for Security

If the FBI is ultimately able to force Apple to write new software that tears down its security, it would be a huge step backward in the fight to finally make strong crypto a reality. Future legal demands by law enforcement that Apple make technology to defeat its flagship security would mean having no truly secure smartphone.

What’s the big deal, many wonder. Why doesn’t Apple just make a small backdoor?

But that’s the problem with backdoors: they’re all susceptible to attack by hackers, who can use any backdoor they detect as part of an exploit.

It’s virtually impossible to make a “small” backdoor. You’d have just as much luck building a time machine or colonizing Jupiter. Maybe the latter will be possible sometime in the future, but with today’s known technology, we just can’t nerd harder and come up with a way to safely do this.

A Security Conundrum

Basically, it boils down to this: you can’t have strong crypto that’s weak.

Everyone thinks there must be a reasonable compromise here, some middle ground, but there is not. You either have strong crypto or you don’t. When the FBI asks Apple to create a backdoor — which it will inevitably do again — it is asking Apple to destroy any landmark security it offers to iPhone owners.

Worse, if the U.S. government has access to a backdoor, it won’t be long before other governments figure out a way to get access as well. And they won’t wait for a warrant to slip inside.

It’s a near certainty that foreign actors would quickly exploit the backdoor for their own nefarious purposes. I won’t name names but I will say that any backdoor would open the way for targeting of political and human rights campaigners in nations around the world, many of whom depend on strong crypto to do their work — and stay alive.

Economic Implications of Poor Security

On the economic front, a backdoor would expose the intellectual property and private data of U.S. companies. My company, Vindicia, is a good example.

Our subscription billing service holds 180 million credit card accounts. So what if I’m traveling abroad and a foreign government decides to confiscate my phone?

With the power to unlock it, it would gain access to trade secrets about our products and how they work, as well as certain security information that I possess about how we secure those 180 million cards.

What if some rogue state gained access to Elon Musk’s phone? What impact would that have on the space race? The possibilities are endless — and truly frightening.

Yes, I’m sure the FBI is thrilled to see what’s on the iPhone of Syed Farook, assuming there is anything. But what happens if, next time, some brutal dictator uses an Apple backdoor to spy on his enemies and it brings the death of thousands. There is critical information on phones everywhere. And if the bad guys get it, a lot of people will pay a price.

Loss of Freedoms, Rights

Law enforcement agencies say they need a backdoor to access our devices because it’s in the public interest to know what the bad guys are planning and who they’re planning it with. So what’s wrong with that?

For starters, it violates the intent of the Fourth Amendment, which prohibits unreasonable searches and seizures of our “persons, houses, papers and effects,” and requires any warrant to be judicially sanctioned and supported by probable cause.

It also ignores that lots of the data on your phone is not valid to be searched for or seized as it falls under exceptions like the spousal testimonial privilege or the medical professional privilege, to say nothing of the attorney-client privilege.

The reality is that the bad guys can conceal their conversations and conspiracies fairly easily. It’s average citizens who are most at risk when backdoors are put in place, the people who don’t spend their waking hours devising defenses against surveillance.

The fact that the FBI is backing off its case against Apple is certainly a positive development.

But the war is far from over. Rest assured, the FBI will continue to press its case that the only way to make us more secure is to make our devices less secure.

But it just doesn’t add up. I — and most others —p refer to live in a world where private conversations remain private. I believe we’ll get there. But we won’t get there without a fight.

Title image Use the back door from CJS*64 "Man with a camera"