The Problem With Encryption Backdoors

by | Feb 5, 2020 | Cybersecurity | 5 comments

Get posts like this one in your inbox by signing up for our newsletter.

There has been a debate going on for quite a while as to whether or not companies should implement backdoors into their encryption. While there are many valid points from both sides, backdoors would cause more problems than they solve.

What Are Encryption Backdoors?

Simply put, encryption backdoors are a way to break encryption without knowing the password. A good analogy is to think of encryption like a lock to your door. Only people with the key, such as you and a trusted neighbor, can unlock the door. Sure, you could just break down the door, but that would require a significant amount of effort. The equivalent of that for encryption is a brute force attack, which just tries all possible keys. A backdoor in encryption would be similar to designing the lock with a method to open the lock without your key. Similar to encryption, the exploit must be built into the lock in order to be exploited later.

That Sounds Terrible!

My argument is that it is, but it’s important to know the other side of the debate as well. One of the more influential proponents for backdoors is the US government. Their argument is that encryption as it currently stands prevents the government from accessing crucial data in investigations. Many people use messaging apps that implement something called end-to-end encryption. This encryption basically only allows the sender and recipient to decrypt the message, and no one else can. While it keeps our data secure from hackers, it also keeps the government out from messages between terrorists, for example. In those cases, if there was a backdoor, the government could simply decrypt the messages themselves, or ask the company behind the app to do so. The latter approach can, and is, already used for non-end-to-end encrypted data, such as certain iCloud data:

In meetings with the agency, FBI officials told Apple that the plan [to implement end-to-end encryption] would harm its investigations. The FBI and other law enforcement bodies regularly ask Apple to decrypt iCloud data, and in the first half of 2019, they requested access to thousands of accounts. Apple says it complies with 90 percent of such requests.

The Verge

How Encryption Backdoors Can Be Implemented

There are many ways out there to implement encryption backdoors, some of which are better than others. For the sake of this post, I’ll just mention two: one which is the easiest to implement, and the other which was actually attempted by the US government.

Skeleton Keys

One of the easier ways to implement an encryption backdoor is to just encrypt everything twice; once with the user’s key, and the other with a skeleton key. The skeleton key can be built into the app using it, or requested from elsewhere each time something is encrypted. Whenever a need arises to decrypt something, the company simply uses their skeleton key to access the data in question.

The biggest problem with this implementation is also its strength. Although companies can easily use the skeleton key, anyone else also can. The security of the encryption now relies on how well the company can keep their key secret. As soon as they key is leaked or discovered, it’s game over; the encryption become worthless. This approach has the potential to jeopardize everyone’s data with just a single leak.

Key Escrow

A step above a skeleton key is having a different skeleton key for each user. A step above that would be to have a different skeleton key for each piece of data sent. Both of these approaches would solve the issue of a universal skeleton key; the leak of a single key doesn’t compromise everything ever encrypted throughout the life of the key. At worst, the leak of a single key compromises a single user. Or, if a new key was generated for each piece of data, only a single piece of data could be compromised.

Securely sending keys to a third party is already possible with current technologies. All that needs to be done is establish a TLS session (similar to HTTPS), then send the keys over that session. Ideally, the server storing the keys would itself be encrypted as well. Of course, this also means that if a vulnerability is found in TLS, all of the keys can be recovered.

Key escrow was already attempted by the US government in the form of the short-lived Clipper chip back in 1993. Basically, the chip allowed for calls to be encrypted with a key also held by the government. Should the government want to listen in to a call, they simply need to obtain the encryption key from themselves. Fortunately, there was a major backlash that stopped widespread use of the chip. Multiple vulnerabilities were also discovered with the chip, and it was discontinued three years later.

Backdoors Affect Everyone

The most important thing to understand about encryption backdoor is that they effect everyone. Even through backdoors are usually only targeted at catching those who have done something wrong, it still applies to everyone. Therefore, the big question is whether or not the benefit of catching and prosecuting some people is worth the decrease in security to everyone else. And, to me, the answer is a big no.

Imagine that in your house, there were two doors: one for you, and one for the government. You have the key to your door, and the government has the key to theirs. If they obtain a search warrant, the government can search your house without you immediately knowing. And so could anyone who figures out the key to the government’s door. Or someone who breaks down the government’s door. Regardless of if you follow the law to the letter or not, you now have two doors to watch 24/7. Is the increased attack vector worth it?

You Don’t Know When Someone Uses The Other Door

With the two doors analogy, you’ll probably know if someone used the government’s door. But, things are different with encryption. For example, when you use a messaging app that uses end-to-end encryption, your messages may still be stored on their servers in encrypted form. As things currently on, that doesn’t matter because only you and the recipient of the message have the keys to decrypt it. However, if there was a backdoor, and the someone uses that backdoor, you’d have no way of knowing. Accountability is extremely important in these cases; without it, what’s stopping the government from extending warrants to those who speak out against it, and not just criminals? I’m not saying the government is inherently evil, but if no one knows who they’re keeping track of, things could get pretty bad very fast.

Yes, the government can already request data from companies and tell them not to let you know, but you can limit the information companies know about you. If encryption backdoors become a requirement according to the law, there’s nothing you can do. Besides, people who don’t want the government to know what they’re doing can just build their own services that don’t comply with the law. In which case, it only affects those who follow the law in the first place, negating the main benefit of backdoors.

Newsletter

Sign up here to be one of the first to know when we publish a post, as well as other exclusive blog updates.