Should We Build a Backdoor into Mobile Devices?

Beth Kindig
Feb 23, 2018 · 3 min read
Image for post
Image for post

Two years ago the San Bernardino shooting stirred a debate within the security community regarding warrant-proof encryption. The debate, known as “backdoor access,” refers to exceptional access to encrypted communications and data by law officials. In theory, the Department of Justice wants technologists to “hide a key under the door mat” for law officials to access when they have the proper warrants. However, many security professionals and technologists have resisted this request due to creating weaknesses that are irreversible and require falsified automatic updates which may introduce other vulnerabilities.

Perhaps the biggest conflict for technologists, as pointed out by Herbert Lin, the Senior Research Scholar of Cyber Policy and Security at Stanford, is that anything less than deploying the best security (that is technologically possible) could constitute a neglect of professional obligation and ethics. Last November at the Intertrust LINE event, I had the opportunity to interview Lin, who is on the front lines of this debate. The conflict, as he pointed out in his keynote, exists in whether you can technologically design a system allowing exceptional access that is also secure. The security community says this is not possible while law enforcement says it is possible.

Lin argues the parties are not talking about the same thing, as to talk about the same thing will require less-than-maximal security for users and less-than-desired capability for law enforcement (the proverbial grey area). In other words, maximal security is a technology issue, and adequate security is a policy issue — and it’s impossible to use a technical argument to solve policy.

Watch this 2 minute clip by Herbert Lin

“Should We Build a Backdoor Into Mobile Devices?”

In his keynote, Lin poses questions that all sides must eventually answer during this debate and inevitable compromise, including tech vendors and the privacy community.

Some of the questions he poses:

Questions for Law Enforcement:

  • Why has a technical proof of concept not been provided? You think it can exist. Then prove it.
  • How often and for what purposes are exceptional access capabilities expected to be used? If it begins for terrorism, when will it end?

Questions for Tech Vendors:

  • How would exceptional access stifle innovation? Why should information technology not be subject to regulation? Lin points out technology is often subject to regulatory measures such as seat belts in cars.

Questions for the Privacy Community:

  • How often are improper exceptional accesses expected to occur? The privacy community has the understanding there are to be zero improper uses, while one in 1 million or one in 10 million is more reasonable.

View the full keynote by Herbert Lin

Unresolved Issues Regarding Exceptional Access to Encrypted Data and Communications

Thanks for reading.

p.s. Don’t forget to clap if you enjoyed this article! :)

Image for post
Image for post

intertrust

Building Trust for a Connected World

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store