Tuesday, 5 January 2016

Father Christmas and the encryption backdoors

Image: Pixabay
So it’s the twelfth day of Christmas (that would be drummers drumming), the decorations are down and it’s back to work and school. Just about time for one last Christmas analogy before we pack it all up for another year (unless you live in a Spanish-speaking country in which case Los Reyes are still to come).

I live in a house without a chimney, or at least not a real one – it was built eight years ago with a fake one. This has led to more than one discussion with my children about how Santa Claus was going to find his way into our house to fill those stockings.

My response, of course, was that whenever any lock was made, a special key was produced and sent exclusively to Santa, so that he can get in the door. Or, since that leads to a rather large bunch of keys, perhaps instead he should have a single master-key which can get into any door.

Except that raises the question: what if Santa lost the master-key? Or had it stolen? These things happen. Or what if some clever thief saw the master-key and worked out how to reproduce it?

And so to encryption. Because this is exactly what various national governments, including the UK government through the Investigatory Powers Bill and the National Security Agency in the USA, are seeking. They realise that more and more people live in houses without chimneys (easy entrances) but they still want to get in to those houses to deliver lovely presents in stockings - erm, intercept their data and read their private communications. Hence the plans to introduce backdoors into encryption systems and/or weaken them.

Image: Huffington Post
Because nothing says 'the reason for the season' like reading people's Christmas messages. Or, potentially their messages to would-be terrorists and the like (which is the current justification for the encryption workarounds).

Now, nobody wants terrorists to be able to communicate freely. But there are many problems with the planned schemes: Western governments generally already have the required powers, they will endanger the security of other users, and they open the possibility for repressive regimes to use the same techniques (and the same justification) to read their citizens' communications. So in the process of stopping their communications, who else will have their communications tampered with?

Many people more eloquent than me have written on the subject. Among them is Adam Fish who writes:
We will make no progress by blaming the technology – whatever technology of the day that may be – instead of addressing the root causes of the antagonism that drives people to use it.
But ultimately to me the biggest single problem is the way that backdoors compromise the security of ordinary internet communications - the equivalent of what if Santa loses his master key, or has it copied. Even those of us who have nothing to hide from our governments should worry about attempts to tamper with online encryption.

No comments:

Post a Comment