Encryption Backdoors are a Bad Idea, IEEE Says
Encryption can’t be strong when there are backdoors, IEEE tells the world
If you have ever been into technical stuff, whether as an enthusiast, as a student or as a professional; you’d know about IEEE (Institute of Electrical and Electronics Engineers). If you don’t, let me tell you that it’s the world’s largest professional association of technical professionals—founded 55 years ago.
Standards published on IEEE often go on and become national and international standards. In short, it’s one of the most influential organizations when it comes to research and development of technology, and that’s why you listen to it when it talks. This time around, IEEE has come out in favor of strong encryption—backdoor-less encryption to be precise.
Its support comes at the time when governments and politicians are making constant efforts to curb the use of strong encryption by suggesting exceptional access through backdoors or escrow arrangements.
Here’s what IEEE said in its official statement:
“IEEE supports the use of unfettered strong encryption to protect confidentiality and integrity of data and communications. We oppose efforts by governments to restrict the use of strong encryption and/or to mandate exceptional access mechanisms such as “backdoors” or “key escrow schemes” in order to facilitate government access to encrypted data. Governments have legitimate law enforcement and national security interests. IEEE believes that mandating the intentional creation of backdoors or escrow schemes — no matter how well-intentioned — does not serve those interests well and will lead to the creation of vulnerabilities that would result in unforeseen effects as well as some predictable negative consequences.”
There’s no backdoor in strong.
Almost every terrorist attack in recent times has been followed by a scathing attack on encrypted messaging services such as WhatsApp. This is seen pretty much everywhere—whether it’s the US, the UK or Australia. According to these encryption critics—mostly politicians and head of law enforcement agencies—encrypted messaging provides a hiding space for terrorists to communicate without revealing their identity. And that is why these leaders are asking for backdoors in encryption so that they can decrypt and see potentially dangerous messages.
As good as this argument seems at first blush, it’s well off the mark once you start to dig into it. First, a backdoor policy can only be effective only if every country and company adopts it. There will be no point of such an escrow mechanism if only a few countries legalize it. Moreover, this is also assuming that backdoors work exactly as intended. They don’t.
Let’s say the government of country X introduces a law that mandates backdoors in encrypted messaging services. The entire world would know that backdoor exists—including malicious entities such as cybercriminals and nation-state hacker groups. Will they stay idle, knowing that there’s a key that could get them access to private conversations from millions of people? No way in hell, right?
Now let’s go back a year and try remembering the WannaCry ransomware attack. The attack infected around 200,000 computers—including those of the UK’s National Health Service. It’s said that attackers stole the backdoor from a group linked to the US government. This is precisely why we can’t have backdoors. Once the escrow key has been hacked, you can do absurd amounts of damage. It could result in direct financial losses; identity theft; intellectual property theft and theft of sensitive business information; damage to critical infrastructure; damage to national security; and reputational damage.
Do we want to give such a grand opportunity to malicious actors?
So even if we imagine for a moment that all the malicious actors such as cybercriminals and nation-state hackers have gone sober for whatever reason, do we really think that criminals and terrorists would continue using a backdoor-enabled messaging service knowing that law-enforcement agencies have their eyes on it? Surely not. Instead, they’ll find some other secure way to communicate. One way or the other, they’ll find their way.
And even if everything goes as intended—hackers are idle, all countries are on board, terrorists are stupid—what’s the guarantee that some psychopath in law enforcement doesn’t misuse the “master-key”? There’s always that possibility, isn’t it?
To sum it all up, backdoors are a terrible idea. Security experts have been telling us this for years, and this time it’s the world’s most significant association of technical professionals vouching for it. Hope our politicians and bureaucrats take a good note of it.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownA Call To Let’s Encrypt: Stop Issuing “PayPal” Certificates
in Industry Lowdown