The real problem with encryption backdoors

protonmail-encryption-backdoor

For decades, law enforcement agencies have lobbied to force technology companies to weaken their own security protocols by adding an encryption backdoor. The FBI has even recently come up with a catchy brand for its anti-encryption campaign: “Going Dark.” Testifying before US Congress last year, FBI Director Christopher Wray called encryption “corrosive” and a challenge to “public safety and the rule of law.” A bill has also been introduced in Australian Parliament that would compel tech companies to give police access to encrypted data.

Far from disrupting criminals, these proposals endanger anyone who depends on encryption to stay safe online—that is, everyone. On the other hand, there is very little evidence (if any) that mass surveillance stops terrorism. In fact, those who perpetrated the most recent attacks in Paris and Belgium were already known to intelligence agencies. An encryption backdoor would not have stopped them, and it would not stop future attacks. However, an encryption backdoor would put millions of innocent people at risk of cyber attack.

What is an encryption backdoor?

An encryption backdoor is a deliberate weakness in encryption intended to let governments have easy access to encrypted data. There are a few kinds of encryption backdoors, but one simple method is called “key escrow.” Under a key escrow system, the government creates and distributes encryption keys to tech companies while retaining the decryption keys in escrow. This is why “key escrow” is also sometimes known as “key surrender,” because you are surrendering the privacy of your data.

This is essentially how any encryption backdoor would work: The government retains some form of master key that would allow it to unlock anyone’s personal data.

What kind of encryption are we talking about?

There are many forms of encryption available today. Most encryption is performed on servers around the world, and data encrypted in this way is designed to be easily decrypted. This also makes it much less secure. A stronger form of encryption is end-to-end encryption, which encrypts data even before it is sent to a server. The result of this is that only the sender and the intended recipient are able to decrypt the data. This is the form of encryption that secure communication systems like ProtonMail or Signal employ, and this is great for protecting your privacy and keeping your data secure.

When you use end-to-end encrypted services, only you and the other “end” of your conversation have the ability to read your messages. Neither the service provider nor the government nor anyone else can access your data, which is why some government agencies are keen to have backdoor access to end-to-end encrypted services.

Why encryption backdoors are dangerous and don’t work

Unfortunately, there is no such thing as a backdoor that only lets the good guys in. If there’s a “master key” that unlocks millions of accounts, every hacker on the planet will be after it. A compromised encryption backdoor could give cyber criminals access to your bank account, your personal messages and other sensitive information. Don’t think hackers can steal the master key? Think again. Both the CIA and the NSA were breached in 2017 by mysterious organizations that stole and published the spy agencies’ hacking tools. The same year, cyber criminals stole an NSA exploit and used it in a massive, worldwide ransomware attack. The fact is, if the government or anyone else controls a master key, eventually it will get out.

Hackers aren’t the only threat: Governments may also use encryption backdoors for harm. The US government has already revealed its willingness to spy on citizens without a warrant. If liberal democracies cannot be trusted, what about China, Russia, Saudi Arabia, or countless other authoritarian states? Encryption backdoors could be used by repressive regimes to help them persecute journalists, dissidents, religious minorities, the LGBT community, and anyone else they please.

Moreover, encryption backdoors do not prevent criminals from using encryption some other way. The software to use end-to-end encryption is already out there, and criminals will always have access to strong cryptography. Weakening encrypted services will only put ordinary citizens at risk while doing remarkably little to stop tech-savvy criminals.

It’s time to put the encryption backdoor debate to rest. Any system with a backdoor is fundamentally insecure. If everyday applications and hardware were forced to implement an encryption backdoor, it would jeopardize the basic security of millions of people. Backdoor advocates surely have good intentions—we all want to stop terrorists—but their approach is misguided and dangerous.

We must defend the universal right to security and privacy online. Security starts with education, and that’s why it is important for policymakers to have a basic understanding of encryption so that their decisions can be based on facts, not fear.

Best Regards,
The ProtonMail Team

Why does privacy matter? Watch the TED Talk by ProtonMail Founder and CEO Andy Yen to learn more about this issue.

You can get a free secure email account from ProtonMail here.

About the Author

Ben Wolford

Ben Wolford is a writer at Proton. A journalist for many years, Ben joined Proton to help lead the fight for data privacy.