Encryption backdoors. Do we need them or not?

0
  1. Introduction

“A backdoor in software or a computer system is generally an undocumented portal that allows an administrator to enter the system to troubleshoot or do upkeep. But it also refers to a secret portal that hackers and intelligence agencies use to gain illicit access.”[1]

Given the definition above, it is possible to affirm that though a lot of people surprisingly do not know it yet, there are operating systems that automatically include encryption techniques and methods which prevent the possibility to access certain data unless the computer’s administrator/owner does so.

This enhances the level of cybersecurity, reaching the highest possible level where end-to end encryption plays vehemently its role.[2]

You might think this is great and you are probably right: from a user’s perspective this assures the highest possible security for his data.

So there is no problem at all until an authority needs to access those data for whatever reason (generally, criminal issues regarding national/international security).

The problem is not whether that authority has the legal power to request the access to those data rather if they are physically able to succeed in retrieving them.

Imagine the example of a District Attorney having suspicion on you that you are hiding something illegal in a post office box.

He will issue an order to open that box and the police will obey, even with shears if necessary.

That cannot happen with some phones or computers, the system simply will not permit the access. Apparently, no way to override it. They are designed by developers in a way that even the creators are not able to crack them.

Some systems will even auto destroy themselves after a certain number of failed attempts.

The recent development of advanced biometrics features (mainly fingerprints detectors and face recognition software) added another layer of protection to systems which were already considered uncrackable.

A backdoor[3], as the name suggests, represents the possibility to build a secondary access to the system that would be possible to use in special cases as the one the example mentioned before.

At the moment none of the systems with end-to-end encryption officially offer a backdoor. That would undermine the value of the encryption itself.[4]

Further problems would be deciding who should be able to hold such power, to have the keys of the backdoors and in which cases this entity should be able to crack the system.

  1. Main cases regarding the lack of backdoors in O.S.

In recent years, there has been an increasing number of legal cases regarding the need to access encrypted data.

2.1 Telegram Messenger Inc. v. Russian Federal Security Service – 2018

On July 1st, 2018, the Yaroyava law came into effect in the Russian Federation, obliging telecom operators to keep all voice and messaging traffic of their customers for half a year, and their internet traffic for 30 days.[5]

Moscow claimed that in accordance with the law, Telegram is required to store encryption keys from all user correspondence and provide them to Russia’s Federal Security Service, the FSB, upon request.

Telegram insists that this requirement is technically impracticable, since keys of opt-in secret chats are stored on users’ devices and are not in Telegram’s possession.

Pavel Durov, Telegram’s co-founder, said that the FSB’s demands violated the constitutional rights of Russian citizens to the privacy of correspondence.

The legal fight began before the entrance into force of the law.

In 2017 Telegram was accused of non-collaborating with the authorities by not having the possibility of retrieving the messages of six people accused of terrorism.

The outcome of this legal fight resulted in the ban[6] (partial or total) of the Telegram application in Russia for all operating systems.

Telegram keeps on fighting to re-obtain access to the public while they experience a boom of downloads and uses of the application from people in Russia through foreign VPNs.

2.3 The immoral side of not having a backdoor – 2016

Leonardo Fabbretti is an architect living in central Italy who adopted an Ethiopian young man in 2007.

Sadly, his son Dama later died of cancer in 2016.

Mr Fabbretti found the teen’s iPhone 6 in his room and tried to access the smartphone’s data to retrieve pics and messages as save them as memories.

Unfortunately, the iPhone required a code to permit access.

“Don’t deny me the memories of my son,” architect Leonardo Fabbretti wrote in a letter to Apple’s CEO Tim Cook.

“Dama wanted me to have access, he even added my fingerprint ID to the iPhone […] Unfortunately, it doesn’t work if the phone is turned off and on again.”

Apple expressed grief and support for Fabbretti’s problem but it also said that a backdoor in iOS (iPhone’s operating system) does not exists and that there is nothing more they can do expect from providing access to Dama’s iCloud data, which might not be the same as the ones inside the iPhone 6.

Fabbretti said that Cellebrite, the mobile forensics firm which claims it can crack Apple devices, had offered to try to open Dama’s phone free of charge.

Fabbretti added that if Apple failed to help him retrieve the photographs from the phone, he urged it instead to make a charitable donation in Ethiopia or set up a grant for researchers looking into the issues surrounding privacy.

“I find it unfair that 4 digits are keeping me away from my son’s memories.”[7]

2.2. Apple Inc. v. FBI. – 2015

Probably the case that opened Pandora’s box.

When a terrorist was shot down by the police after embracing his rifle in San Bernardino, California after killing 14 people and seriously harming 24 more, the FBI found an iPhone 5c next to his body. The mobile was protected by the security code so nobody could access the data.[8]

Like in Fabbretti’s case, Apple gave full support in retrieving iCloud’s information connected to the terrorist’s account but refused to even think of working on a backdoor system to crack that iPhone saying that it was impossible by design and also that the core business of Apple is making secure and privacy certified products. Creating a backdoor would result in a business disaster for the company as a big percentage of clients buys their products because of that.

The FBI filed formal complaints until the trial became extremely central in US news, arriving in front of a public hearing at the Senate.

Once again, the FBI later dropped all accusations claiming that they had found a way (probably with Cellebrite) to unlock that iPhone and that no important information was found but we do not know for sure whether this happened or not. What is sure is that the Cupertino company, along with all the other tech giants, is constantly under fire on this issue. Governmental bodies keep on asking for backdoor systems to be implemented by law into tech products.[9]

  1. Interests at stake

Different fundamental interests play a vital role in the issue of backdoors.

3.1 Right to privacy of correspondence

Almost every modern Constitution (including the Italian[10] and Russian[11] and also an interpretation from the Supreme Court of the Fourth Amendment[12]) provides a protection for correspondence making it secret and inviolable except for certain cases specifically provided by the law. Obviously public authorities try to persuade judges with this perspective trying to obtain orders against the companies which holds data.

3.2 Freedom of speech

Some people have argued that a restriction of the privacy methods used to keep correspondence and (more in general) data secret would go against the freedom of speech right. More in detail, these people claim that if the system could be overrun at any moment by public authorities, the chances that we will pay more attention at what we write will be much higher and some events based on secrecy such as the Arab Spring would have been impossible.

3.3. Economic interests

As mentioned before, companies providing high-level security systems are not willing to change their business model based on the reliability of the privacy mechanisms they are able to offer.

This could even result in the company’s total disruption, in some cases.

3.4 Public security

 Nobody, whether public or private entity, is in favour of providing criminals the instruments to plan, communicate and store data regarding serious criminal offences such as terrorist attacks, child pornography, revenge porn or drug dealing.

The benefits of creating a backdoor in all systems from this point of view would be immense.

  1. Conclusion

In conclusion will it be appropriate to create and keep a secondary entrance to our systems?

The debate is not over yet.

It seems to be impossible to find a fair balance between privacy and freedom of speech in a secure environment and the need of reading and listening to someone’s data when public security is under the spotlight.

Most people would reasonably argue that they have nothing to hide and that having a backdoor would only bring benefits in fighting criminals.

The question is: Would they still be so sure even if they were giving spare keys of their houses to the government?

You might discover that this comparison is not as unrealistic as you think.

[1] Hacker Lexicon: What Is a Backdoor?

[2] “What Is End-to-End Encryption? Another Bull’s-Eye on Big Tech”

[3] What’s with all these Backdoors in Encryption?

[4] Tim Cook: A Backdoor Into the iPhone Would Be The “Software Equivalent Of Cancer.”

[5] What Is Telegram, and Why Are Iran and Russia Trying to Ban It?

[6] Russia to ban Telegram messenger over encryption dispute

[7] Father Writes to Apple Ceo Tim Cook To Ask Company To Unlock Dead Son’s iPhone

[8] Everything We Know About The San Bernardino Terror Attack Investigation So Far

[9] US wants Facebook to backdoor WhatsApp and halt encryption plans

[10] Constitution of the Italian Republic, art. 15

[11] Constitution of the Russian Federation, art. 23.2

[12] Ex parte Jackson, 96 U.S. 727, 733 (1877)

Share this article!

Share.

About Author

Leave A Reply