{"id":6652,"date":"2018-07-05T11:00:40","date_gmt":"2018-07-05T15:00:40","guid":{"rendered":"https:\/\/www.thesslstore.com\/blog\/?p=6652"},"modified":"2018-07-06T00:23:57","modified_gmt":"2018-07-06T04:23:57","slug":"encryption-backdoors-are-a-bad-idea-ieee-says","status":"publish","type":"post","link":"https:\/\/www.thesslstore.com\/blog\/encryption-backdoors-are-a-bad-idea-ieee-says\/","title":{"rendered":"Encryption Backdoors are a Bad Idea, IEEE Says"},"content":{"rendered":"<h2>Encryption can\u2019t be strong when there are backdoors, IEEE tells the world<\/h2>\n<p>If you have ever been into technical stuff, whether as an enthusiast, as a student or as a professional; you\u2019d know about IEEE (Institute of Electrical and Electronics Engineers). If you don&#8217;t, let me tell you that it&#8217;s the world&#8217;s largest professional association of technical professionals\u2014founded 55 years ago.<\/p>\n<p>Standards published on IEEE often go on and become national and international standards. In short, it&#8217;s one of the most influential organizations when it comes to research and development of technology, and that&#8217;s why you listen to it when it talks. This time around, IEEE has come out in favor of strong encryption\u2014backdoor-less encryption to be precise.<\/p>\n<p>Its support comes at the time when governments and politicians are making constant efforts to curb the use of strong encryption by suggesting exceptional access through backdoors or escrow arrangements.<span id=\"newline\"><\/span><\/p>\n<p>Here\u2019s what IEEE said in its <a href=\"http:\/\/globalpolicy.ieee.org\/wp-content\/uploads\/2018\/06\/IEEE18006.pdf\" target=\"_blank\" rel=\"nofollow noopener\">official statement<\/a>:<\/p>\n<blockquote><p><em>\u201cIEEE supports the use of unfettered strong encryption to protect confidentiality and integrity of data and communications. We oppose efforts by governments to restrict the use of strong encryption and\/or to mandate exceptional access mechanisms such as \u201cbackdoors\u201d or \u201ckey escrow schemes\u201d in order to facilitate government access to encrypted data. Governments have legitimate law enforcement and national security interests. IEEE believes that mandating the intentional creation of backdoors or escrow schemes \u2014 no matter how well-intentioned \u2014 does not serve those interests well and will lead to the creation of vulnerabilities that would result in unforeseen effects as well as some predictable negative consequences.\u201d<\/em><\/p><\/blockquote>\n<h2>There&#8217;s no backdoor in strong.<\/h2>\n<p>Almost every terrorist attack in recent times has been followed by a scathing attack on encrypted messaging services such as WhatsApp. This is seen pretty much everywhere\u2014whether it\u2019s the US, the UK or Australia. According to these encryption critics\u2014mostly politicians and head of law enforcement agencies\u2014encrypted messaging provides a hiding space for terrorists to communicate without revealing their identity. And that is why these leaders are asking for backdoors in encryption so that they can decrypt and see potentially dangerous messages.<\/p>\n<p>As good as this argument seems at first blush, it&#8217;s well off the mark once you start to dig into it. First, a backdoor policy can only be effective only if every country and company adopts it. There will be no point of such an escrow mechanism if only a few countries legalize it. Moreover, this is also assuming that backdoors work exactly as intended. They don&#8217;t.<\/p>\n<p>Let\u2019s say the government of country X introduces a law that mandates backdoors in encrypted messaging services. The entire world would know that backdoor exists\u2014including malicious entities such as cybercriminals and nation-state hacker groups. Will they stay idle, knowing that there\u2019s a key that could get them access to private conversations from millions of people? No way in hell, right?<\/p>\n<p>Now let\u2019s go back a year and try remembering the WannaCry ransomware attack. The attack infected around 200,000 computers\u2014including those of the UK\u2019s National Health Service. It&#8217;s said that attackers stole the backdoor from a group linked to the US government. This is precisely why we can&#8217;t have backdoors. Once the escrow key has been hacked, you can do absurd amounts of damage. It could result in direct financial losses; identity theft; intellectual property theft and theft of sensitive business information; damage to critical infrastructure; damage to national security; and reputational damage.<\/p>\n<p>Do we want to give such a grand opportunity to malicious actors?<\/p>\n<p>So even if we imagine for a moment that all the malicious actors such as cybercriminals and nation-state hackers have gone sober for whatever reason, do we really think that criminals and terrorists would continue using a backdoor-enabled messaging service knowing that law-enforcement agencies have their eyes on it? Surely not. Instead, they\u2019ll find some other secure way to communicate. One way or the other, they\u2019ll find their way.<\/p>\n<p>And even if everything goes as intended\u2014hackers are idle, all countries are on board, terrorists are stupid\u2014what\u2019s the guarantee that some psychopath in law enforcement doesn\u2019t misuse the \u201cmaster-key\u201d? There\u2019s always that possibility, isn\u2019t it?<\/p>\n<p>To sum it all up, backdoors are a terrible idea. Security experts have been telling us this for years, and this time it&#8217;s the world&#8217;s most significant association of technical professionals vouching for it. Hope our politicians and bureaucrats take a good note of it.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Encryption can\u2019t be strong when there are backdoors, IEEE tells the world If you have ever been into technical stuff, whether as an enthusiast, as a student or as a&#8230;<\/p>\n","protected":false},"author":10,"featured_media":6653,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[130],"tags":[7321,7723],"class_list":["post-6652","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-everything-encryption","tag-encryption-backdoors","tag-ieee","post-with-tags"],"views":10214,"jetpack_featured_media_url":"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/07\/bigstock-175890373.jpg","_links":{"self":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/6652","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/comments?post=6652"}],"version-history":[{"count":0,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/6652\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media\/6653"}],"wp:attachment":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media?parent=6652"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/categories?post=6652"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/tags?post=6652"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}