By Seth James Nielson and Daron Barnes of Ironwood Experts.
Many Americans in the technology space are aware that their government is pushing to install “back doors” into cyber security. Apple, for example, makes their iPhone in such a way that even the company itself can’t decrypt the contents of a user’s phone. The government can subpoena Apple all they want, but Apple simply has no way of unlocking the protected data within. That doesn’t make law enforcement, and others, happy.
Just last month, Tim Cook went to the White House and had a heated exchange with the Attorney General about this very issue, then went on 60 minutes to discuss it again. This particular battle between security and privacy has been on-going since last year, when terrorist attacks in California prompted a renewed call, in some quarters, for back doors.
The crux of the government’s argument is that there must be “balance” between a person’s right to protect their data and the government’s responsibility to protect its citizens (e.g., through police investigations and so forth). To the U.S. Attorney General and the Director of the FBI, there should obviously be some way to get to the data.
It is unsurprising that many dislike the idea of government having backdoor access to their data for personal and political reasons. But to security experts, the problems go far beyond balancing rights and responsibilities. The core truth is this:
If you make a back door, the bad guys will find it.
There’s no way around it. In the fully interconnected, light-speed world of computer technologies, every hole is exploited. Security is already significantly weakened by the holes necessary to operate at all.
Much has been said on this topic, and I don’t have too much to add.
But there is another side to this that should be getting more press. Other governments are pushing for the same kinds of access to encryption, and the U.S. government opposes this. China, for example, has a new counter-terrorism law that requires companies operating within the country to provide technical support to the authorities–including decryption.
“President Barack Obama told China’s President Xi Jinping in March that the original draft of the law, which proposed demanding access to a company’s encryption keys, could jeopardize business relations with the U.S. and the technology industry, according to Reuters.”
The United States is worried, and with good reason, that Chinese Government access to encryption keys could threaten U.S. national security and interests. How so? American businesses already have a significant amount of industrial espionage conducted against them. Whether or not the government of China is complicit in such affairs, the existence of back doors gives other companies and factions the opportunity to exploit those back doors to extract data from U.S. businesses.
However, I think the United States government’s biggest concern is the integrity of their own systems. The government relies on the same computer security technologies as everyone else: encryption, secure devices, and so forth. If China has backdoor keys, any data or device used by U.S. defense or government officials is potentially open to unauthorized access, including Chinese spying. Who knows what would happen if a war broke out.
Nor am I pointing the finger at the Chinese government alone. The U.K. is considering similar laws. Every government wants to be able to access encrypted data.
What amuses me is that none of them want other governments to be able to access encrypted data.
As the saying goes, when you pick up a stick, you pick up both ends. If you insert a back door, bad guys can get it. If your government can unlock secrets, so can other governments. There’s just no decoupling from the interconnected digital world.