
Why Security Backdoors are Bad (2016) - CM30
https://medium.com/@CM30/why-security-backdoors-are-bad-common-sense-version-d7776cb58781
======
DarkKomunalec
I've said it before and I'll say it again: too much focus is being put on how
backdoors can be abused, and too little on why mandating them is a terrible
idea in general.

If we decide we don't have the right to conceal our digital correspondence
from the government, what else should we not be allowed to conceal? The
conversations you have in your car? In your home? Besides the right to
privacy, what other rights make fighting terrorism harder? Freedom of
association and movement? Freedom of speech, which is regularly used for
recruitment?

Finally, if they really want someone's data, in a covert way, they're already
able to plant hardware keyloggers, or spy on someone as they enter a password,
etc. But it all requires manpower. What backdoors would let them do is monitor
encrypted communications covertly and in _bulk_. To build up a database of all
your chats and forum posts, and mine it for any anti-current-politics
sentiment.

~~~
sbov
Building on this line of thought, I never completely understood the
description of crypto as a safe to the public. To me, it's more about
mandating how I decide to communicate: requiring I speak a language the FBI
can understand, that I always speak loudly and clearly enough such that their
recording devices can accurately capture what I'm saying, that I always write
my letters in a language they can understand, etc.

Crypto isn't a safe, it's the ability to talk in a language only two people
understand. Unlike a safe, they have access to the data. They just can't
understand it.

~~~
schoen
Eben Moglen made this point during the first crypto wars, in 1999:
[http://moglen.law.columbia.edu/publications/yu-
encrypt.html](http://moglen.law.columbia.edu/publications/yu-encrypt.html)
("The right to speak PGP is the right to speak Navajo")

------
natch
A stab at a shorter version. Feel free to steal, improve, and then take
credit. Takes his best point and then adds some examples of why it is scary:

If device makers and online services are required to set aside a master key
for the government, how would we be protected from abuse if the government was
ever to become corrupt?

If pervs at the Department of Homeland Security wanted to rifle through
pictures of our children, they could. With enough government corruption, if
the local sheriff, or the US President, or anyone in between, wanted to read
the most private thoughts shared with us by our loved ones, they could...
keeping in mind that even if we have nothing to hide, our loved ones might
like their privacy.

The more corrupt the government, the more ways they would dream up to abuse
the power of this kind of mandatory master key.

In the case of the US, thankfully our government is headed by people with the
highest ethical standards... oh, wait, it isn't!

Besides privacy invasion by rogue government employees, the other problem is
the fact that such keys can, and likely will, leak out to bad people who will
use them to get into our bank accounts and take our money. Even the US NSA
cannot protect its most dangerous hacking tools from being released on the
internet. It won't be able to protect this master key capability either.

Requiring a master key for the government would be a very misguided and
dangerous policy.

~~~
3131s
Given how much Democrats and Republicans detest each other's candidates, you'd
think it would have sunken in by now that relinquishing basic rights and
allowing the government to create powerful apparatuses prone to abuse is never
a good idea, no matter how much you trust the current people in power. Even if
you loved Bush, next up you get a closet-Muslim itching to take your guns away
(/s), and even if you loved Obama, now you get a narcissist with fascist
tendencies behind the reigns (/s?).

~~~
lmickh
Ask not what your country can do for you. Ask what your country can do for
them.

Why worry about precedence? When I'm in power I'll just change the rules!

------
syberspace
> Imagine your government made it mandatory to leave keys in a certain place
> so police could enter a property in a hurry.

Isn't that literally what the TSA lock on luggage is? Granted, I wouldn't
regard a suitcase made of bunch of plastic or fabric as very secure against
any form of attack, but why do all these arguments against backdoors never
mention this? And with the TSA master keys leaked a couple of years ago all it
needs is one malicious airport worker to open your bags and sniff your
panties, erm, steal your laptop.

~~~
atqtion
_> Isn't that literally what the TSA lock on luggage is?... And with the TSA
master keys leaked a couple of years ago all it needs is one malicious airport
worker to open your bags and sniff your panties, erm, steal your laptop._

Good point.

 _> but why do all these arguments against backdoors never mention this?_

However, I don't think arguments against back doors _should_ mention TSA
luggage locks! It's a bad prior.

You don't want people in the "airport" mindset when you're trying to convince
them not to allow the government to snoop.

People who enter airports (or especially customs) basically give up all of
their rights to privacy. And most Americans are apparently OK with this.
Begrudgingly, perhaps, but ultimately most people accept it and go on with
their life.

So, "think about airports" is a really terrible persuasive setting.

Instead, you want people thinking about their bedroom. About their car. About
their child's playroom. About the settings where they live 99% of their life.
Because _that 's_ the setting that government back doors in consumer
electronics expose. And that's the setting where people get most uncomfortable
about carte blanc government access.

------
pthreads
Someone tell El Presidente that with a backdoor others will be able to read
his tax returns and bingo he will veto any such bill!

Also, 'security backdoor' is an oxymoron. There is no such thing. It is either
secure or has a backdoor.

------
pricechild
> Imagine your government made it mandatory to leave keys in a certain place
> so police could enter a property in a hurry.

I'm sure this actually happened somewhere in the US... it might just have been
proposed but I distinctly remember reading about mailbox-like containers at
the bottom of drives locked with a master key. Does anyone else?

Edit: More than once apparently, "lockbox" was the term I was missing when
googling earlier: [http://wcfcourier.com/news/local/update-cedar-falls-city-
cou...](http://wcfcourier.com/news/local/update-cedar-falls-city-council-oks-
controversial-lock-box-
ordinance/article_64b970a2-9624-11e0-93e5-001cc4c002e0.html)
[http://archive.northjersey.com/community-
news/2.4225/rescuer...](http://archive.northjersey.com/community-
news/2.4225/rescuers-don-t-need-to-break-in-1.1414551?page=all)

~~~
teddyh
_I_ remember reading about those; allegedly, those are used by estate agents
when showing houses for sale. Apparently those boxes are often really easy to
break into.

~~~
cratermoon
Current state of the art in real estate lockboxes includes wireless technology
so the devices can communicate usage. They are in the IoT space of
vulnerabilities.

------
oldgun
Damn, it's 2017 and we're still arguing on why leaving a gaping hole in your
house is dangerous.

~~~
boie0025
I remember thinking a long while ago that the whole "clipper chip" thing was
going to be the end of this debate. I'm completely astonished by how this just
continues to play out, over and over.

~~~
wu-ikkyu
It doesn't seem so astonishing when you recognize the inordinate leverage the
oligarchy has in controlling the government and framing the "public debate".

~~~
linkregister
Yawn.

"The oligarchy" who you never identify would include the owners and
shareholders of businesses who would suffer catastrophic business losses in
the event an encryption-defeating law were passed.

Various billionaires are adversarial with respect to the laws they support and
the media narratives their companies push (e.g. Washington Post vs Fox News).
They don't act in concert.

~~~
wu-ikkyu
oligarchy != billionaires club

~~~
linkregister
Who are the oligarchy?

~~~
wu-ikkyu
Those who are above the rule of law

~~~
linkregister
This is a tautology and not an answer to my question. It means that you don't
actually know how to define your belief system.

~~~
wu-ikkyu
Or perhaps you just don't like my definition and its implications so much so
that you're unable to consider it. Is there no one who is above the rule of
law in your opinion?

------
fivestar
Also, don't think about this tech just in the first world, but in the most
corrupt, Third World hellhole where human rights are routinely violated and
ask yourself why would we sentence brave people to even more misery and
suffering?

------
mchannon
Average Joe looked at your post, enjoyed the colorful icon at the top for a
brief moment, and then his eyes glazed over.

If you really want to resonate with him, publish this in comic book form. I'm
serious.

------
CM30
Or in other words, an article I wrote a while back explaining (to complete
idiots) why a security backdoor is a bad idea in general. Why no, you can't
'have an encryption hole just for police/authorities to use'.

Perhaps a few politicians may even reconsider their attitudes towards
encryption and security in general.

Eh, probably not.

~~~
corpMaverick
Politians should be the first to worry about privacy.

    
    
      1 - They are not guaranteed to always be in power.
    
      2 - They will be the first to be targeted. 
    
      3 - They have the most to lose.
    

I just don't understand why they don't care about it.

~~~
3131s
And we should worry about our politician's security too. What if they are
blackmailed while in power? That creates a terrible national security
situation.

This line of argument would hopefully resonate with the constituencies of the
politicians pushing hardest for these backdoors (although it's a fairly
bipartisan effort).

~~~
pbhjpbhj
With backdoors, which I'm not advocating for incidentally, the TLAs know
they're being​ blackmailed and can intervene. Without that access politicians
can still be blackmailed but it's harder for the TLAs to know about it.

~~~
3131s
Is that necessarily true? With a scheme like key escrow, is there a sure-fire
way to detect a hacker as opposed to an authorized user accessing data? At the
very least it seems that if the NSA itself or some other agency were hacked
(again) then this problem would still exist. The NSA has notably lacked this
type of audit trail in their systems before, hence their inability to track
Snowden.

------
w8rbt
To prevent backdoor abuse, you could have a shared key controlled by various
parties.

A scheme such as Shamir's Secret Sharing - "An algorithm in cryptography
created by Adi Shamir. It is a form of secret sharing, where a secret is
divided into parts, giving each participant its own unique part, where some of
the parts or all of them are needed in order to reconstruct the secret."

Source -
[https://en.wikipedia.org/wiki/Shamir's_Secret_Sharing](https://en.wikipedia.org/wiki/Shamir's_Secret_Sharing)

~~~
gbrown
Mathematically, you're correct. Unfortunately, real world systems have bugs,
and even multiple parties can be compromised. Back doors are a bad idea.

~~~
kefka
But that's explicitly not a backdoor. That's straight forward, "If permission
is granted from 2 opposing parties, crypt can be reversed". And that would
have to be added to the crypt on cyphertext creation.

And the Bitcoin protocol has a similar thing, with escrow key permissions.
Again, intended behavior, not some "super sekret backdoor".

~~~
AnimalMuppet
If I'm the encrypter, and I don't want the two parties to read it, _that 's a
backdoor_.

~~~
kefka
That's being rather obtuse. I can easily parse that the contents are encrypted
to X keys. I'm thinking of something obvious like GPG here.

I would accept the idea of a backdoor IFF the program encrypting hid the fact
that it also encrypted to an escrow unawares to you, along with keeping that a
secret.

~~~
AnimalMuppet
No, I'm not being obtuse. I understand what you're saying; I believe that I
understand why you think it's reasonable; and I totally reject the claim that
it is not a backdoor. I don't care how many keys there are, and I don't care
what the underlying technology is. If a group of people, no matter how many
(other than the sender and receiver) can choose, by a designed feature of the
encryption, to decrypt the communication, _that 's a backdoor, by definition_.

And I assert that, no matter how carefully designed, a backdoor is _always_ a
bad idea.

Having two parties that have to agree is a mitigating feature. It makes it
less bad. It doesn't make it good, though.

------
bronzeage
The "it will be found and abused" argument is wrong on so many levels. Let's
start with the facts: \- All modern software in fact has a public well known
backdoor. \- That backdoor is called the private key for software updates. \-
Despite being well known feature, no criminals have abused it so far, and we
consider it completely safe. \- The argument of "it can't be done" is actually
null and void. It was already done and even implemented. \- Why do you trust
those companies more than your government. I don't see how a corrupted cop is
more likely than a corrupted developer. Being a developer obviously makes your
point of view biased. \- Where the government can be limited by whatever laws
you choose to implement, those companies and their security practices are
entirely up to them. \- It's not a question of whether it's possible, it's a
question of whether it should be done, and if so how. \- Open source is not
much more trustable. End of the day most of the sane people do not recompile
every binary, and with CVEs and security patches coming all the time you still
need someone to provide the updated binaries.

~~~
bronzeage
P.S. If you really are overly paranoid about the government, you should've
assumed the NSA actually have all those private keys, but they reserve it for
the most critical cases and only select few know it. You would also assume the
russians / china have access to that because you're overly paranoid and
everything can be breached, and they don't care about these companies being
american.

------
faragon
One thing is an easter egg for enabling debug stuff in order to help
diagnosis, and another, a super user backdoor, which in my opinion, should be
legislated: i.e. in case it exists, it should be disabled by default, or
having a big warning (labeled in the box, with a removable stick, or
whatever), so you can choose before the purchase.

------
metaphorm
average joes probably aren't reading things on an obscure medium blog getting
linked on hacker news. this community has read, in depth, the similar writings
by Schneier and the rest.

~~~
frickinLasers
But those who read this here might share it with five average joes, perhaps
one of which might really get upset about the situation and call their
congresscritter. If this argument is presented in several different formats
and enough average joes hear about it and get upset enough to act on it, then
maybe--just maybe--we can fight this bill off, again. And perhaps, over time,
public awareness will grow enough that Jim Comey eventually stops making
flawed arguments and begins working with the system instead of trying to game
it.

~~~
metaphorm
I think it's naive to believe that the FBI (or any other intelligence or law
enforcement agency) will ever be willing to see their own power checked. The
way to check the power of those agencies is by having Congress pass
exceptionally strong laws that explicitly forbid them from abusing their
power.

------
sosodaft
I shortened it from a three minute read to a one-second one: Someone will find
it.

~~~
AnimalMuppet
And publish it. And then _everyone_ will have it.

