Encryption backdoors will make us all more vulnerable

A backdoor mandate will render computer systems, networks and devices totally insecure, making all of us more vulnerable to the whims of criminals and terrorists.

The author has written 29 technical books and is Managing Partner of Ascent Solutions, which provides marketing services to tech sector companies 

In the aftermath of the Paris attacks, one of the memes being perpetuated by “security professionals” is that the terrorists used encrypted communications, enabling them to plan and coordinate their activities without raising suspicion among the intelligence community.

Now there is a knee-jerk reaction among politicians in Washington to force encryption providers to build “backdoors” into their software that would allow government agencies to easily decode communications in their effort to identify potential terrorists. They say this is essential to keeping us all safe and that we must stop crying about the loss of personal privacy.

Left unsaid in all this clueless scare-mongering is that once a backdoor is built into encryption software anyone can enter, not just intelligence agencies.

A backdoor would make it easier for hackers everywhere to wreak even more havoc on financial, healthcare and retail sectors. They can use the backdoor to breach government, military and law enforcement agencies. They can tinker with our utility grid and shut down critical parts of our communications infrastructure, including vast chunks of the Internet.

Skilled hackers worldwide have already demonstrated that they can do all this and more, so imagine what they and dedicated terrorist organizations can do once our government mandates that all encryption providers equip their software with a backdoor. It is just a matter of finding the backdoor they know is already there and employing brute force methods to gain entry. The power of today’s computer networks makes this a sure thing.

Perhaps the most asinine aspect of this discussion about backdoors is that the terrorists already use the strongest encryption and they are not about to “upgrade” it with a broken version that includes a backdoor.

If the tech sector is forced to equip their products with backdoors, how does this solve anything?  Terrorists and criminals can turn to alternative methods to hide their communications, as they have already done with social gaming networks.  Another alternative is steganography, which encrypts messages that can be hidden within images of puppies, kittens and bunnies posted in plain sight on the Internet - all innocuous enough to avoid the scrutiny of law enforcement agencies. 

If you think the world is a bit too chaotic, you haven’t seen anything yet. Under a backdoor mandate, computer systems, networks and devices will be rendered totally insecure, making all of us more vulnerable to the whims of criminals and terrorists.

There is ample reason for Americans to value their privacy. They do not like the idea of risking their bank accounts, credit cards and retirement funds to cyber-looters.  They do not want their identities stolen, and then putting their lives on hiatus while they painstakingly sort it all out.  They do not want to become bombarded with yet more scams, or become targets of new social engineering schemes that trick them out of their money.

The strong encryption currently employed in backend systems and on networks everywhere goes a long way to keeping criminals and terrorists out of our daily lives. A caution to our representatives in Congress:  Know what the heck you are doing before deciding that backdoors will solve our national security problems. You may be opening the proverbial Pandora’s Box – unleashing more chaos on the American public than you can possibly imagine.

Contact Muller at nmuller@ascent-llc.com

Join the CSO newsletter!

Error: Please check your email address.

More about

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by By Nathan Muller

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts