Should Government Force Companies to Provide "Backdoors" to Encryption?

1 Like

I love the phrase - available to sophisticated user.

In today’s world the “sophisticated” user is one who can use google and install an app.

And they see the world as phones and companies can “unlock” the phone on a court order to access data. IoT devices are growing and the ability for them to use the mobile network. They will not have a “unlock” method unless the person programming them were to add it in. All they could do is view communications and “unlock” the sim card if the mobile chip set did that. If the IoT device wanted to encrypt every comms without a back door then tough luck for the ABCs.

It is becoming a world where the ordinary citizen is told we can view everything you do, but the crims can easily hide their tracks if they wish. <-- one form of oppression

It also amazes me how the ABCs can bold face say they are losing surveillance ability, when each decade sees them with 10x the ability of the previous decade. Only 40 years ago they had little to no ability to access private “data” or communications. They had to physically intercept a letter and open it, or go to the telephone exchange to tap a line. Or get a warrant to access paper records, if they were kept in a known place. And physically listen in on private conversations, or physically trail a person. Now in many places they can do nearly all that from their desk.

Yet these ABCs still point to the old USSR as an example of oppressive surveillance. Guess the ABCs don’t make people disappear. Oh wait…

1 Like

“SHOULD” is a swear word in my book.

5 Likes

This is actually very bizarre if you ask me. If they really are trying to put back doors the dumbest thing you can do is tip off all the bad guys by announcing you want to put back doors.

And no company is going to agree to put a back door. Also no security expert will agree to put a back door either because there is no way you can securely do it.

So the answer is HELL NO. If there has to be a back door let them do it classified so they can’t use it for every little criminal offense. If it’s classified then they’ll have to use it sparingly, for terrorism or for instances where it’s to literally save the world.

Corporations do not have and should not have the agenda to help law enforcement to enforce the law. A security corporation which makes it’s reputation on privacy cannot survive if it sides with law enforcement over security. A security developer also cannot side with law enforcement over security.

Cryptography done right means access control should be completely at the discretion of the user. Privacy done right, even if programmable, should be programmable by the user. If the user wants to allow a third party to access, or a group, or to have some algorithm which selects what to do in the case that something happens to them, then it should be entirely programmable by the user.

This means the user owns their data. The responsible user probably would release their data to save the world, but it should be left up to the user. Additionally when you put back doors in for “law enforcement” and the laws are different in every country, which laws have priority?

Law enforcement will bring up edge cases which have extremely low probabilities of happening to generate fear. Look at the actual statistics, the actual risk profiles, the probabilities, to see which crimes are most likely to happen, and let your security decisions be based on that and not on law enforcement political narratives which aren’t backed up by any statistics.

They will say terrorists use encryption, and spies use encryption, and this is all true. At the same time if they announce in advance that they want to put a backdoor in some company then all the people they are trying to watch will simply avoid that company.

They will say pedophiles use encryption, but if you look at statistics the amount of pedophiles in the world is not very many people, and often the people who are doing it are serial rapists, and even in that case the encryption itself isn’t really the source of the harm, the actual abuse of children is the source of it.

There might be situations where encryption is abused, I don’t deny it could happen. But their tactic of trying to promote backdoors in encryption at the corporate level simply isn’t going to be effective and they haven’t made a case for why we need these kinds of backdoors.

20 years from now are the law enforcement going to be saying they need to scan everyone’s brain or put a chip in everyone’s head in order to prevent crime?

3 Likes

Anyway to sum it up, HELL NO to the backdoor in companies software. If they want a backdoor they have sophisticated intelligence agencies like GCHQ and NSA which may already have multiple backdoors anyway.

My mind is willing to change when the risk of terrorism becomes high enough to change it. At this time you’re more likely to be struck by lightening, or die in a car accident, so perhaps we should focus on self driving cars.

In a risk based approach to security we do a risk assessment. Until they release a risk assessment showing that other forms of law enforcement are now ineffective and that all these dangers they talk about are quantified risks, it’s just politics being played.

2 Likes

The most abused form of secrecy is, without a question, whispering. All sorts of vile and heinous things have been perpetrated involving the use of whispers. Terrorists and child pornographers are especially prone to pass secrets by whispering. It is a vile technology and must be banned . . . For the Children!!

4 Likes

In Australia you are more likely to be killed by a shark than terrorists. Damn those terrorist sharks.

Oh and that is killed by a shark in Simpson desert.

More people die from eating ice cream than terrorism in Australia.

Yet the AU States agreed to extend terrorism laws here, just last week.

Will not be long before we have the government here drafting worse laws than the recent UK attempts to break encryption

1 Like

That is irrationality supported by political propaganda rather than statistics.

If it’s to be considered real then the numbers would match the rhetoric. When the numbers don’t match the rhetoric it’s not real.

“The sky is falling!”
“Oh really, any proof?”
“Law enforcement, priests, politicians, they all say it’s falling!”
“Oh really? Where is the evidence?”
“We have to do something, we have to outlaw the sun so it doesn’t melt us all!”
“Outlaw the sun? But still you haven’t proved the sky is falling.”

When the statisticians and data scientists say we need to do something that is when we need to do it. All decisions involving security need to be data driven unless it’s a situation where there isn’t enough time or enough data, but it’s not that situation here.

The politicians tried to ban cryptocurrency saying it was being used by terrorists even though their own risk data collected just months earlier said terrorists aren’t widely using cryptocurrency. If the data were to say terrorists were using cryptocurrency and it were becoming a trend then my opinions update with the data but that isn’t where the data points.

1 Like

Don’t forget insects! In the UK you are as likely to die from an insect sting (and believe me, we only have puny insects here).

1 Like

Ah yes those terrorist insects. We have ross-river-fever, some cases of malaria, carried by mossies. Some die of bee stings.

But those terrorist sharks in the Simpson Desert killing more than any human terrorists in Australia. What is the world coming too. Ahhhhhhhhhhhhhh (Hint: the desert has no water & no sharks)

Seriously there has been zero deaths from real terrorists in Australia. The UK had worse decades ago with the IRA etc. But the greater surveillance laws (incl breaking encryption) did not really start until the cold war ended. There was no longer a “surveillance standard” that the west had to be opposite to. The old USSR would have loved to be able to do 1/10 of what the west does now.

1 Like