-
Why Encryption Backdoors Are a Horrific Idea
- 2024/11/21
- 再生時間: 8 分
- ポッドキャスト
-
サマリー
あらすじ・解説
[glossary_exclude]They assume perfection, and we all know how that goes.[/glossary_exclude] by Leo A. Notenboom (Image: DALL-E 3) A phrase we've heard more and more often in recent years is encryption backdoor. The concept is simple: government agencies want to be able to monitor otherwise encrypted communications. The concept is flawed. [glossary_exclude]Encryption backdoors[/glossary_exclude][glossary_exclude]Encryption backdoors allow governments or other entities to access private communications, undermining privacy. These backdoors create vulnerabilities; they rely on the trustworthiness of those entities to use backdoor keys responsibly and prevent leaks. Criminals can still bypass such measures using traditional, non-backdoored encryption. Encryption backdoors risk your privacy without effectively improving anyone's security.[/glossary_exclude] Securing communications with encryption The fundamental concept of encrypted communications is that only the sender and the recipient can read a message exchanged between them. The sender encrypts it before sending, and only the recipient has the ability to decrypt it.1 One example I run into regularly is sending someone a password -- you don't want someone "in the middle" to be able to see it. An end-to-end encrypted messaging service is one solution. Governments don't like this at all. At its most basic, encryption prevents law enforcement from monitoring potentially illegal activities. At its most extreme, it prevents oppressive governments from monitoring what their citizens might be up to. As a result, from time to time we hear of proposed legislation to force service providers to provide a back door that would allow authorized entities such as governments and perhaps others to access otherwise inaccessible communications. How a backdoor might work Traditional encryption works in one of two ways. One method uses a common secret, like a password, which is used to both encrypt and decrypt data. The other method uses a key-pair: one key can decrypt data encrypted by the other, and vice versa. Without the appropriate password or key, encrypted data cannot be decrypted.2 What both these approaches have in common is math -- lots and lots of advanced, complex math. A backdoor adds more math. In addition to the password or key, some kind of "master key" would also be needed to decrypt the data. That master key would be shared only with trusted entities (like governments) with (hopefully) legitimate reasons to decrypt the data. A real-world physical example Consider the TSA-approved padlock. TSA's "back door" on a combination lock. (Image: askleo.com) This padlock might have a key or combination. If you have the key or know the combination, you can unlock it. In the United States, the TSA (Transportation Security Administration) has mandated that approved padlocks also have an additional key slot -- a key slot for which their agents have a master key. This master key is a back door allowing them to bypass your padlock’s mechanism completely and open it. This allows them to examine the contents of your luggage. You can use a non-compliant padlock, but the TSA has the right to break the lock. There's a reasonable argument that this contributes to public safety. However, even though it's likely illegal to possess, the master key has long been available to anyone who cares to get it. Travelers have been forced to sacrifice personal privacy for public security. Physical versus digital The major difference between our physical example and encryption is the bolt cutter. Luggage locks are easily broken. Even the most secure locking mechanisms can typically be thwarted with enough skill or force. That's not quite the same as digital encryption. An appropriately strong encryption algorithm can be practically impossible to break. Again, governments don't like this. They would very much like a way to break the lock,