weakening encryption Encryption Backdoors Can Backfire

[SURbit]

Encryption Backdoors Can Backfire

The new year will see more heated activity by US presidential candidates, with the inaugural Primary elections

looming in Iowa and New Hampshire.

Picking up on the clarion call of law enforcement that the sky is falling (again,) and encryption is a terrorist tool,

politicians of both parties have joined the chorus favoring backdoors for encrypted messages.

 

A prescient piece in The Economist pushes back on this notion, and warns that creating backdoors is a two-edged

sword. 

It is revealing that China, that bastion of free speech and freedom of expression

(can I remove my tongue from my cheek now?) has passed a law compelling companies to create backdoors that

allow government encroachment.

Isn’t this argument enough against constructing backdoor access? It should be, but instead, law enforcement in the

US and its allies covet such ingress.

 

 

Spies and the politicians turn a deaf ear to the argument that what is good for the goose is good for the gander.

Weakening encryption by building backdoors opens a Pandora’s Box of possibilities because if the good guys

can get in, the bad guys sure as heck will, too. In the process, therefore, the Internet will be less safe for everyone.

The article goes on to highlight the experience of Juniper, a maker of hardware and software,

“Juniper disclosed in December that a back door, dating to 2012, let anyone with knowledge of it read traffic

encrypted by its VPN software. Apparently, some agency- believed to be the Chinese or British piggy-backed on

a backdoor created by the NSA. To this day, it is unclear who installed Juniper’s back door or used it and for

what purpose.”

 

Industry experts are therefore wary about cutting the spy agencies any slack, and refute those agencies arguments

that backdoors can be kept secret and are sufficiently complex that their unauthorized use is unlikely.

Law enforcement’s record of keeping secrets and storing them safely is not stellar by any means, and doesn’t

bode well for the future prospects regarding encryption.

One need only revisit the Office of Personnel Management hack, purportedly by the Chinese, in which the data

of some 20 million people were compromised, to understand the reason the tech industry lacks confidence in

the agencies.

 

Until now those involved in the debate who favor backdoors invariably focus on terrorists using flaws in encryption

to sow mayhem. But in the big scheme of things, while terrorism is an important consideration, the fact is often lost

that there is much bigger potential harm to befall society if the tech industry was ever to lose the trust of the public.

Weakening encryption is surely likely to do this, and the economic fallout would be cataclysmic – maybe a trillion

dollars or more, all in.

Then, of course, there are the banking and online payment industries which rely on strong encryption to function

properly. Where would we be, if we could not execute transactions safely on line?

 

The Economist article suggests that the emphasis on encryption replete with backdoors is misplaced.

Many attacks, most recently in Paris, succeeded not because of encryption, but because agencies lacked the

cohesion to exchange information. Before we go rushing pall-mall to weaken this backbone of technology,

intelligence infrastructure and cooperation among nations need to be overhauled to ensure our safety.

In the meantime, snooping with Stingrays and hacking into phone lines may be grunt work, and not glamorous,

but it is the safer play by far.

 

https://www.bestvpn.com/blog/36020/encryption-backdoors-can-backfire/

 

When back doors Backfire

 

Some spy agencies favour “back doors” in encryption software, but who will use them?

 

WITHOUT encryption, internet traffic might as well be written on postcards.

So governments, bankers and retailers encipher their messages, as do terrorists and criminals.

 

For spy agencies, cracking methods of encryption is therefore a priority.

Using computational brute force is costly and slow, because making codes is far easier than breaking them.

One alternative is to force companies to help the authorities crack their customers’ encryption, the thrust of a

new law just passed in China and a power that Western spy agencies also covet.

Another option is to open “back doors”: flaws in software or hardware which make it possible to guess or steal

the encryption keys. Such back doors can be the result of programming mistakes, built by design

(with the co-operation of the encryption provider) or created through unauthorised tinkering with

software—or some combination of the three.

 

The problem with back doors is that, though they make life easier for spooks, they also make the internet less

secure for everyone else.

Recent revelations involving Juniper, an American maker of networking hardware and software, vividly demonstrate how.

Juniper disclosed in December that a back door, dating to 2012, let anyone with knowledge of it read traffic

encrypted by its “virtual private network” software, which is used by companies and government agencies worldwide

to connect different offices via the public internet.

It is unclear who is responsible, but the flaw may have arisen when one intelligence agency installed a back door which

was then secretly modified by another.

The back door involved a faulty random-number generator in an encryption standard championed by America’s

National Security Agency (NSA); other clues point to Chinese or British intelligence agencies.

 

Decrypting messages that involve one or more intelligence targets is clearly within a spy agency’s remit.

And there are good reasons why governments should be able to snoop, in the interests of national security and

within legal limits.

The danger is that back doors introduced for snooping may also end up being used for nefarious ends by rogue spooks,

enemy governments, or malefactors who wish to spy on the law-abiding.

It is unclear who installed Juniper’s back door or used it and to what end.

 

Intelligence agencies argue that back doors can be kept secret and are sufficiently complex that their unauthorized

use is unlikely.

But an outsider may stumble across a weakness or steal details of it. America, in particular, has a lamentable record

when it comes to storing secrets safely.

In the summer it became known that the Office of Personnel Management, which stores the sensitive personal data

of more than 20m federal employees and others, had been breached—allegedly by the Chinese.

Some call that the biggest disaster in American intelligence history.

It is rivalled only by the data taken by Edward Snowden, a former NSA contractor now living in Moscow.

(The authorities responsible for airport security also let slip the details of master keys that can open most commercially

available luggage—a form of physical back door.)

 

Push back against back doors

 

Calls for the mandatory inclusion of back doors should therefore be resisted.

Their potential use by criminals weakens overall internet security, on which billions of people rely for banking and

payments.

Their existence also undermines confidence in technology companies and makes it hard for Western governments

to criticise authoritarian regimes for interfering with the internet. And their imposition would be futile in any case:

high-powered encryption software, with no back doors, is available free online to anyone who wants it.

 

Rather than weakening everyone’s encryption by exploiting back doors, spies should use other means.

The attacks in Paris in November succeeded not because terrorists used computer wizardry, but because

information about their activities was not shared. When necessary, the NSA and other agencies can usually

worm their way into suspects’ computers or phones.

That is harder and slower than using a universal back door—but it is safer for everyone else.

 

http://www.economist.com/news/leaders/21684783-some-spy-agencies-favour-back-doors-encryption-software-who-will-use-them-when-back?fsrc=scn/tw/te/pe/ed/whenbackdoorsbackfire

[straycat19]

There is no security anymore in anything.  10 bump keys can open 95% of the door locks in America.  Anybody can buy a slim jim set that will open most car doors in seconds. And the list goes on and on.

[CODYQX4]

33 minutes ago, straycat19 said:

There is no security anymore in anything.  10 bump keys can open 95% of the door locks in America.  Anybody can buy a slim jim set that will open most car doors in seconds. And the list goes on and on.

This is why it would be nice to be able to build your home security system. I've seen some courts have metal doors that slide inside the door wall, encased by concrete wall. You couldn't just kick those in, because you'd have to hit it hard enough to either bend steel like a piece of toast, or shatter concrete walls a foot thick.

 

Build one of those yourself with a unique lock, custom software, and make the metal so thick it would take military grade weaponry to break down. At that point you'd find it easier to tear a whole wall down than go through the door.

 

There's always a plasma cutter and a lot of time.