Difference between revisions of "Encryption backdoor for law enforcement"
(→A backdoor ruins a company) |
|||
| Line 1: | Line 1: | ||
'''Encryption backdoor for law enforcement''' is the belief that all forms of encryption should made with a [[backdoor]] for law enforcement so they can easily defeat the encryption. The justification is that it would help catch criminals who are currently using encryption to shield themselves law enforcement. | '''Encryption backdoor for law enforcement''' is the belief that all forms of encryption should made with a [[backdoor]] for law enforcement so they can easily defeat the encryption. The justification is that it would help catch criminals who are currently using encryption to shield themselves law enforcement. | ||
| − | Many different arguments are made to support this position, but each form is based upon a single belief: the duty of law enforcement to protect the law is more important than the right people have to protect themselves. | + | Many different arguments are made to support this position, but each form is based upon a single belief: the duty of law enforcement to protect the law is more important than the right people have to protect themselves. Below I try to address the various issues around this topic. |
| − | == | + | ==Issues== |
| − | === | + | ===Why do people use encryption in the first place?=== |
| − | + | There is a common saying used by people who want to take away the privacy of others, "you don't have to worry if you have nothing to hide." These people often see the use of encryption as an indication someone is doing something illegal. The reality is, encryption is a tool, and like any tool, it can be used for good or evil, but the vast majority of people who use encryption employ it for good, protecting their financial information and their private lives. | |
| − | + | Any person who wants to protect their assets should be using encryption on all their financial transactions so criminals can't rob them. Parents who have a baby monitor should encrypt the video stream so creeps can't watch them. Anyone who keeps a private diary or journal should encrypt them so blackmailers can't read them. Any couples who take explicit photos of each other should encrypt them so perverts can't look at them. Any government that wants to keep their state secrets out of the hands of their enemies should encrypt them. There are thousands of legitimate uses for strong encryption, and how they will be affected by backdoors should be considered. | |
| − | + | ===Does law enforcement need an encryption backdoor to catch criminals?=== | |
| + | Advocates of this belief often prey on everyone's base fears and argue that sex traffickers and child pornographers are running criminal empires and the police are powerless to stop them because they encrypt all their transactions. | ||
| − | === | + | These stories are widely blown out of proportion. Even the most sophisticated of encrypted contraband marketplaces like [[Wikipedia:Silk Road (marketplace)|Silk Road]] and [[Wikipedia:Sheep Marketplace|Sheep Marketplace]] are shut down shortly after becoming popular, and their owners and many people who used them are discovered and brought to justice. These arrests almost always occur without law enforcement breaking encryption, but rather by tracing money, phone calls, network traffic, and various other conventional investigative means. |
| − | This | + | |
| + | ===Backdoors intrinsically weaken security=== | ||
| + | Which is more secure, a room with one door or an otherwise identical room with two doors? Obviously, the room with only one door is more secure because it has fewer points of entry that need to be protected. This is a fundamental aspect of security that can't be rectified. Anyone who claims that encryption can be kept just as strong even after adding a backdoor is either lying or doesn't understand basic security theory. | ||
| + | |||
| + | Adding a backdoor to encryption makes everyone more more vulnerable, especially if it's publicly declared. If everyone knows the backdoor exists, they will try even harder to find it, and when they do, everything becomes compromised. Though inadvertently, backdoors probably increase the amount of crime by making it so much easier for criminals to get access to sensitive information and use it to rob, defraud, and blackmail innocent people. | ||
| − | + | In fact, the US government already tried this in the past with disastrous results. Through the NSA, the [[Wikipedia:Clipper chip|Clipper chip]] was created which contained a private form of encryption with a backdoor that could be accessed by the NSA. The US government tried to force phone manufacturers to use it, but most balked at their demands, which was a wise decision because cryptographers quickly discovered flaws in the chip and were able to hack it. Everyone who owned a phone with the flawed government chips became vulnerable. | |
| − | + | Those who demand a backdoor are essentially arguing that weakened encryption must be viewed as an acceptable loss in order to protect people from crime. | |
| − | |||
| − | Those who | ||
| − | + | ===Backdoors ruin trust=== | |
| + | Consumers lose trust in products with backdoors for two reasons. The first is they understand that backdoors can be used by bad agents just as easily as good agents. Second, they realize that the companies who make those products are willing to compromise the individual's security to make things easier for the company. | ||
| − | |||
In the past, companies have suffered huge financial losses when backdoors were discovered in their products. The backdoors are added in secret, but the secrets always get out, and, when they do, users demand refunds and refuse to buy from the companies ever again. Communication companies like [https://en.wikipedia.org/wiki/D-Link#Vulnerabilities D-Link], [https://www.theregister.co.uk/2013/10/28/tenda_bricksup_router_backdoor Tenda and Medialink], and [https://en.wikipedia.org/wiki/Criticism_of_Huawei Huawei] have all sold communication hardware with backdoors, and, when they were discovered, each saw massive financial losses and pledged to eliminate the backdoors. | In the past, companies have suffered huge financial losses when backdoors were discovered in their products. The backdoors are added in secret, but the secrets always get out, and, when they do, users demand refunds and refuse to buy from the companies ever again. Communication companies like [https://en.wikipedia.org/wiki/D-Link#Vulnerabilities D-Link], [https://www.theregister.co.uk/2013/10/28/tenda_bricksup_router_backdoor Tenda and Medialink], and [https://en.wikipedia.org/wiki/Criticism_of_Huawei Huawei] have all sold communication hardware with backdoors, and, when they were discovered, each saw massive financial losses and pledged to eliminate the backdoors. | ||
| − | + | ===Can law enforcement be trusted not to abuse the backdoor?=== | |
| + | Every so often a whistleblower reveals another abuse of power by law enforcement. At the federal level, dozens of [Global surveillance disclosures (2013–present)|mass surveillance programs] have been instituted by governments often against their own citizens, but many more occur at state and municipality levels. These frequently result in police officers abusing their power to spy on, blackmail, and rape innocent people. Adding a backdoor to encryption would make things even easier for them to abuse their power. | ||
| + | |||
| + | ===Strong encryption already exists everywhere=== | ||
| + | Strong encryption that is free of backdoors already exists. Moreover, detailed instructions for its use is freely available in books and online, you can even download free open source software which uses it, and newer even stronger encryption will be thought up in the future. At this point, the only way to force weakened backdoor encryption would be to criminalize the entire concept of non-compliant encryption. Of course, since no other nation would comply with such a backward law, information, source code, and programs will remain freely available everywhere else in the world. | ||
| − | + | Consider how this would affect the concept of safes. People can build their own safe, find plans for building a safe, and many people have already bought safes. If a government wanted to force safes to have a backdoor for law enforcement, it would require companies and owners to destroy every safe in existence, repurchase inferior safes, never buy a non-compliant superior safe from all the countries who still sell them, and never build a safe from existing materials. | |
| − | + | ||
| + | ===No vault is above the law=== | ||
| + | An argument often made by proponents of this belief compares encrypted data to a vault or personal safe. With probable cause, law enforcement can get a warrant to search any vault. Therefore, if a person has encrypted data, and law enforcement is issued a warrant, they should be allowed to search the data. | ||
| − | + | This argument fails for encryption for the same reason it fails for vaults. If the owner of the vault refuses to open the vault for them, law enforcement is hindered. They can punish the owner in an attempt to compel them to open it, but if the owner has lost they key, it won't do them any good. The only recourse is trying to break into the vault. Likewise with encryption, the owner of the encrypted file can refuse to decrypt it claiming they forgot the password, at which point, law enforcement must spend the time and money necessary to crack the encryption. | |
==Links== | ==Links== | ||
| + | * [https://en.wikipedia.org/wiki/Backdoor_(computing) en.wikipedia.org/wiki/Backdoor_(computing)] - Wikipedia - Backdoor. | ||
[[Category: Cryptography]] | [[Category: Cryptography]] | ||
[[Category: Law Enforcement]] | [[Category: Law Enforcement]] | ||
Revision as of 17:28, 11 December 2019
Encryption backdoor for law enforcement is the belief that all forms of encryption should made with a backdoor for law enforcement so they can easily defeat the encryption. The justification is that it would help catch criminals who are currently using encryption to shield themselves law enforcement.
Many different arguments are made to support this position, but each form is based upon a single belief: the duty of law enforcement to protect the law is more important than the right people have to protect themselves. Below I try to address the various issues around this topic.
Contents
- 1 Issues
- 1.1 Why do people use encryption in the first place?
- 1.2 Does law enforcement need an encryption backdoor to catch criminals?
- 1.3 Backdoors intrinsically weaken security
- 1.4 Backdoors ruin trust
- 1.5 Can law enforcement be trusted not to abuse the backdoor?
- 1.6 Strong encryption already exists everywhere
- 1.7 No vault is above the law
- 2 Links
Issues
Why do people use encryption in the first place?
There is a common saying used by people who want to take away the privacy of others, "you don't have to worry if you have nothing to hide." These people often see the use of encryption as an indication someone is doing something illegal. The reality is, encryption is a tool, and like any tool, it can be used for good or evil, but the vast majority of people who use encryption employ it for good, protecting their financial information and their private lives.
Any person who wants to protect their assets should be using encryption on all their financial transactions so criminals can't rob them. Parents who have a baby monitor should encrypt the video stream so creeps can't watch them. Anyone who keeps a private diary or journal should encrypt them so blackmailers can't read them. Any couples who take explicit photos of each other should encrypt them so perverts can't look at them. Any government that wants to keep their state secrets out of the hands of their enemies should encrypt them. There are thousands of legitimate uses for strong encryption, and how they will be affected by backdoors should be considered.
Does law enforcement need an encryption backdoor to catch criminals?
Advocates of this belief often prey on everyone's base fears and argue that sex traffickers and child pornographers are running criminal empires and the police are powerless to stop them because they encrypt all their transactions.
These stories are widely blown out of proportion. Even the most sophisticated of encrypted contraband marketplaces like Silk Road and Sheep Marketplace are shut down shortly after becoming popular, and their owners and many people who used them are discovered and brought to justice. These arrests almost always occur without law enforcement breaking encryption, but rather by tracing money, phone calls, network traffic, and various other conventional investigative means.
Backdoors intrinsically weaken security
Which is more secure, a room with one door or an otherwise identical room with two doors? Obviously, the room with only one door is more secure because it has fewer points of entry that need to be protected. This is a fundamental aspect of security that can't be rectified. Anyone who claims that encryption can be kept just as strong even after adding a backdoor is either lying or doesn't understand basic security theory.
Adding a backdoor to encryption makes everyone more more vulnerable, especially if it's publicly declared. If everyone knows the backdoor exists, they will try even harder to find it, and when they do, everything becomes compromised. Though inadvertently, backdoors probably increase the amount of crime by making it so much easier for criminals to get access to sensitive information and use it to rob, defraud, and blackmail innocent people.
In fact, the US government already tried this in the past with disastrous results. Through the NSA, the Clipper chip was created which contained a private form of encryption with a backdoor that could be accessed by the NSA. The US government tried to force phone manufacturers to use it, but most balked at their demands, which was a wise decision because cryptographers quickly discovered flaws in the chip and were able to hack it. Everyone who owned a phone with the flawed government chips became vulnerable.
Those who demand a backdoor are essentially arguing that weakened encryption must be viewed as an acceptable loss in order to protect people from crime.
Backdoors ruin trust
Consumers lose trust in products with backdoors for two reasons. The first is they understand that backdoors can be used by bad agents just as easily as good agents. Second, they realize that the companies who make those products are willing to compromise the individual's security to make things easier for the company.
In the past, companies have suffered huge financial losses when backdoors were discovered in their products. The backdoors are added in secret, but the secrets always get out, and, when they do, users demand refunds and refuse to buy from the companies ever again. Communication companies like D-Link, Tenda and Medialink, and Huawei have all sold communication hardware with backdoors, and, when they were discovered, each saw massive financial losses and pledged to eliminate the backdoors.
Can law enforcement be trusted not to abuse the backdoor?
Every so often a whistleblower reveals another abuse of power by law enforcement. At the federal level, dozens of [Global surveillance disclosures (2013–present)|mass surveillance programs] have been instituted by governments often against their own citizens, but many more occur at state and municipality levels. These frequently result in police officers abusing their power to spy on, blackmail, and rape innocent people. Adding a backdoor to encryption would make things even easier for them to abuse their power.
Strong encryption already exists everywhere
Strong encryption that is free of backdoors already exists. Moreover, detailed instructions for its use is freely available in books and online, you can even download free open source software which uses it, and newer even stronger encryption will be thought up in the future. At this point, the only way to force weakened backdoor encryption would be to criminalize the entire concept of non-compliant encryption. Of course, since no other nation would comply with such a backward law, information, source code, and programs will remain freely available everywhere else in the world.
Consider how this would affect the concept of safes. People can build their own safe, find plans for building a safe, and many people have already bought safes. If a government wanted to force safes to have a backdoor for law enforcement, it would require companies and owners to destroy every safe in existence, repurchase inferior safes, never buy a non-compliant superior safe from all the countries who still sell them, and never build a safe from existing materials.
No vault is above the law
An argument often made by proponents of this belief compares encrypted data to a vault or personal safe. With probable cause, law enforcement can get a warrant to search any vault. Therefore, if a person has encrypted data, and law enforcement is issued a warrant, they should be allowed to search the data.
This argument fails for encryption for the same reason it fails for vaults. If the owner of the vault refuses to open the vault for them, law enforcement is hindered. They can punish the owner in an attempt to compel them to open it, but if the owner has lost they key, it won't do them any good. The only recourse is trying to break into the vault. Likewise with encryption, the owner of the encrypted file can refuse to decrypt it claiming they forgot the password, at which point, law enforcement must spend the time and money necessary to crack the encryption.
Links
- en.wikipedia.org/wiki/Backdoor_(computing) - Wikipedia - Backdoor.
